az network vpn-connection

  • Reference

Manage VPN connections.

For more information on site-to-site connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli. For more information on Vnet-to-Vnet connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli.

Commands

Name Description Type Status
az network vpn-connection create

Create a VPN connection.

 Core GA
az network vpn-connection delete

Delete a VPN connection.

 Core GA
az network vpn-connection list

List all VPN connections.

 Core GA
az network vpn-connection shared-key

Manage VPN shared keys.

 Core GA
az network vpn-connection shared-key reset

Reset a VPN connection shared key.

 Core GA
az network vpn-connection shared-key show

Retrieve a VPN connection shared key.

 Core GA
az network vpn-connection shared-key update

Update a VPN connection shared key.

 Core GA
az network vpn-connection show

Get the details of a VPN connection.

 Core GA
az network vpn-connection update

Update a VPN connection.

 Core GA
az network vpn-connection wait

Place the CLI in a waiting state until a condition is met.

 Core GA

az network vpn-connection create

Edit

Create a VPN connection.

The VPN Gateway and Local Network Gateway must be provisioned before creating the connection between them.

az network vpn-connection create --name
                                 --resource-group
                                 --vnet-gateway1
                                 [--authorization-key]
                                 [--enable-bgp]
                                 [--express-route-circuit2]
                                 [--local-gateway2]
                                 [--location]
                                 [--routing-weight]
                                 [--shared-key]
                                 [--tags]
                                 [--validate]
                                 [--vnet-gateway2]

Examples

Create a site-to-site connection between an Azure virtual network and an on-premises local network gateway.

az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123

Create a VPN connection with --ingress-nat-rule.

az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123 --ingress-nat-rule /subscriptions/000/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/gwx/natRules/nat

Create a VPN connection. (autogenerated)

az network vpn-connection create --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway --vnet-gateway2 /subscriptions/{subscriptionID}/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/VNet1GW

Create a VPN connection. (autogenerated)

az network vpn-connection create --local-gateway2 MyLocalGateway --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway

Required Parameters

--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-gateway1

Name or ID of the source virtual network gateway.

Optional Parameters

--authorization-key

The authorization key for the VPN connection.

--enable-bgp

Enable BGP for this VPN connection.

default value: False
--express-route-circuit2

Name or ID of the destination ExpressRoute to connect to using an 'ExpressRoute' connection.

--local-gateway2

Name or ID of the destination local network gateway to connect to using an 'IPSec' connection.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--routing-weight

Connection routing weight.

default value: 10
--shared-key

Shared IPSec key.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--validate

Display and validate the ARM template but do not create any resources.

default value: False
--vnet-gateway2

Name or ID of the destination virtual network gateway to connect to using a 'Vnet2Vnet' connection.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-connection delete

Edit

Delete a VPN connection.

az network vpn-connection delete [--ids]
                                 [--name]
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--resource-group]
                                 [--subscription]

Examples

Delete a VPN connection.

az network vpn-connection delete -g MyResourceGroup -n MyConnection

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-connection list

Edit

List all VPN connections.

az network vpn-connection list --resource-group

Examples

List all VPN connections in a resource group.

az network vpn-connection list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-connection show

Edit

Get the details of a VPN connection.

az network vpn-connection show [--ids]
                               [--name]
                               [--resource-group]
                               [--subscription]

Examples

View the details of a VPN connection.

az network vpn-connection show -g MyResourceGroup -n MyConnection

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-connection update

Edit

Update a VPN connection.

az network vpn-connection update [--add]
                                 [--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--ids]
                                 [--name]
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--remove]
                                 [--resource-group]
                                 [--routing-weight]
                                 [--set]
                                 [--shared-key]
                                 [--subscription]
                                 [--tags]

Examples

Add BGP to an existing connection.

az network vpn-connection update -g MyResourceGroup -n MyConnection --enable-bgp True

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enable-bgp

Enable BGP (Border Gateway Protocol).

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--routing-weight

Connection routing weight.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--shared-key

Shared IPSec key.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-connection wait

Edit

Place the CLI in a waiting state until a condition is met.

az network vpn-connection wait [--created]
                               [--custom]
                               [--deleted]
                               [--exists]
                               [--ids]
                               [--interval]
                               [--name]
                               [--resource-group]
                               [--subscription]
                               [--timeout]
                               [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False
--exists

Wait until the resource exists.

default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30
--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.