cli is not working to create an active-active configuration and add a p2s with third ip

[V4A001]

Type of issue

Code doesn't work

Feedback

It is clear how to create an active-standby and an active-active. However, an active-active with p2s is not documented, but also does not work. What is expected:

1. documentation on how to create an active-active vpn gateway with p2s connection

2. documentation on how to create an active-active vpn gateway and then with an update add the p2s connection

3. with 3 public ip addresses does not work

4. with update does not work as it states a 3rd is required.

This works:

az network vnet-gateway create \ --resource-group $resourceGroupName \ --name $vpnGatewayName \ --public-ip-address $publicIpName1 $publicIpName2 \ --vnet $infravnet \ --gateway-type Vpn \ --vpn-type RouteBased \ --sku $gatewaySku \ --no-wait

Then trying to update to add p2s not:
az network vnet-gateway update \ --resource-group $resourceGroupName \ --address-prefix $vpnClientAddressPool \ --name $vpnGatewayName \ --client-protocol OpenVPN \ --aad-tenant "https://login.microsoftonline.com/${tenantId}" \ --aad-audience "c632b3df-fb67-4d84-bdcf-b95ad541b5c8" \ --aad-issuer "https://sts.windows.net/${tenantId}/"
Adding a third public id does not have a command either.

Must 1. be a combination of those 2?

Documentation with working example is appreciated.

Page URL

https://learn.microsoft.com/en-us/cli/azure/network/vnet-gateway?view=azure-cli-latest

Content source URL

https://github.com/MicrosoftDocs/azure-docs-cli/blob/main/latest/docs-ref-autogen/network/vnet-gateway.yml

Author

@dbradish-microsoft

Document Id

0c402156-30a9-6963-c8d1-64455536c541

[ManoharLakkoju-MSFT]

@V4A001
Thanks for your feedback! We will investigate and update as appropriate.

[dbradish-microsoft]

@V4A001, have you taken a look at the az network vnet article list? Use CTRL + F to drop to az network vnet.

[V4A001]

Yes, I and Copilot did. Once created there is nothing to add the p2s setup to it.

Creating it from scratch with p2s did not work.

I manually added the p2s..but for new rollout would be nice to roll out with just azure cli.

[dbradish-microsoft]

Hello @V4A001, I've heard back from the project managers for az network vnet and "we have no instructions for P2S CLI presently". They have reviewed this GitHub issue and will continue to discuss / investigate. In the interim, I can point you to article: Configure VPN gateway for P2S certificate authentication: Azure portal - Azure VPN Gateway | Microsoft Learn

[V4A001]

Thank you. Maybe add this to the documentation so that we will not try to find and use it. A pity it cannot be done with azure cli. I would image the cli is a generic stack which is generated before the GUI is using it like a MVC pattern.