Added Get/New/Remove functions for Policy Based VPN
This commit is contained in:
William Lam
@@ -2089,20 +2089,32 @@ Function Get-NSXTRouteBasedVPN {
|
||||
|
||||
if($requests.StatusCode -eq 200) {
|
||||
$groups = ($requests.Content | ConvertFrom-Json).results
|
||||
|
||||
if ($PSBoundParameters.ContainsKey("Name")){
|
||||
$groups = $groups | where {$_.display_name -eq $Name}
|
||||
}
|
||||
|
||||
$results = @()
|
||||
foreach ($group in $groups) {
|
||||
$tmp = [pscustomobject] @{
|
||||
Name = $group.display_name;
|
||||
ID = $group.id;
|
||||
Path = $group.path;
|
||||
RoutingConfigPath = $group.l3vpn_session.routing_config_path;
|
||||
if($group.l3vpn_session.resource_type -eq "RouteBasedL3VpnSession") {
|
||||
$tmp = [pscustomobject] @{
|
||||
Name = $group.display_name;
|
||||
ID = $group.id;
|
||||
Path = $group.path;
|
||||
Routing_Config_Path = $group.l3vpn_session.routing_config_path;
|
||||
Local_IP = $group.local_address;
|
||||
Remote_Public_IP = $group.remote_public_address;
|
||||
Tunnel_IP_Address = $group.l3vpn_session.tunnel_subnets.ip_addresses
|
||||
IKE_Version = $group.ike_version;
|
||||
IKE_Encryption = $group.ike_encryption_algorithms;
|
||||
IKE_Digest = $group.ike_digest_algorithms;
|
||||
Tunnel_Encryption = $group.tunnel_encryption_algorithms;
|
||||
Tunnel_Digest = $group.tunnel_digest_algorithms;
|
||||
DH_Group = $group.dh_groups;
|
||||
Created_by = $group._create_user;
|
||||
Last_Modified_by = $group._last_modified_user;
|
||||
}
|
||||
$results+=$tmp
|
||||
}
|
||||
$results+=$tmp
|
||||
}
|
||||
$results
|
||||
}
|
||||
@@ -2194,4 +2206,273 @@ Function Remove-NSXTRouteBasedVPN {
|
||||
Write-Host "Successfully removed NSX-T BGP Neighbor"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Function New-NSXTPolicyBasedVPN {
|
||||
<#
|
||||
.NOTES
|
||||
===========================================================================
|
||||
Created by: William Lam
|
||||
Date: 05/09/2019
|
||||
Organization: VMware
|
||||
Blog: http://www.virtuallyghetto.com
|
||||
Twitter: @lamw
|
||||
===========================================================================
|
||||
|
||||
.SYNOPSIS
|
||||
Creates a new NSX-T Policy Based VPN
|
||||
.DESCRIPTION
|
||||
This cmdlet creates a new NSX-T Policy Based VPN
|
||||
.EXAMPLE
|
||||
New-NSXTPolicyBasedVPN -Name Policy1 `
|
||||
-LocalIP 18.194.102.229 `
|
||||
-RemotePublicIP 3.122.124.16 `
|
||||
-RemotePrivateIP 169.254.90.1 `
|
||||
-SequenceNumber 0 `
|
||||
-SourceIPs @("192.168.4.0/24", "192.168.5.0/24") `
|
||||
-DestinationIPs @("172.204.10.0/24", "172.204.20.0/24") `
|
||||
-TunnelEncryption AES_256 `
|
||||
-TunnelDigestEncryption SHA2_256 `
|
||||
-IKEEncryption AES_256 `
|
||||
-IKEDigestEncryption SHA2_256 `
|
||||
-DHGroup GROUP14 `
|
||||
-IKEVersion IKE_V1 `
|
||||
-PresharedPassword VMware123. `
|
||||
-Troubleshoot
|
||||
#>
|
||||
param(
|
||||
[Parameter(Mandatory=$true)][String]$Name,
|
||||
[Parameter(Mandatory=$true)][String]$LocalIP,
|
||||
[Parameter(Mandatory=$true)][String]$RemotePublicIP,
|
||||
[Parameter(Mandatory=$true)][String]$RemotePrivateIP,
|
||||
[Parameter(Mandatory=$True)]$SequenceNumber,
|
||||
[Parameter(Mandatory=$true)][String[]]$SourceIPs,
|
||||
[Parameter(Mandatory=$true)][String[]]$DestinationIPs,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("AES_128","AES_256","AES_GCM_128","AES_GCM_192","AES_GCM_256")]$TunnelEncryption,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("SHA1","SHA2_256")]$TunnelDigestEncryption,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("AES_128","AES_256","AES_GCM_128","AES_GCM_192","AES_GCM_256")]$IKEEncryption,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("SHA1","SHA2_256")]$IKEDigestEncryption,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("GROUP2","GROUP5","GROUP14","GROUP15","GROUP16")]$DHGroup,
|
||||
[Parameter(Mandatory=$true)][String][ValidateSet("IKE_V1","IKE_V2","IKE_FLEX")]$IKEVersion,
|
||||
[Parameter(Mandatory=$true)][String]$PresharedPassword,
|
||||
[Switch]$Troubleshoot
|
||||
)
|
||||
|
||||
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
|
||||
|
||||
$generatedId = (New-Guid).Guid
|
||||
|
||||
$sources = @()
|
||||
foreach ($source in $SourceIPs) {
|
||||
$tmp = @{ subnet = $source}
|
||||
$sources+=$tmp
|
||||
}
|
||||
|
||||
$destinations = @()
|
||||
foreach ($destination in $DestinationIPs) {
|
||||
$tmp = @{ subnet = $destination}
|
||||
$destinations+=$tmp
|
||||
}
|
||||
|
||||
$payload = @{
|
||||
display_name = $Name;
|
||||
enabled = $true;
|
||||
local_address = $LocalIP;
|
||||
remote_private_address = $RemotePrivateIP;
|
||||
remote_public_address = $RemotePublicIP;
|
||||
passphrases = @("$PresharedPassword");
|
||||
tunnel_digest_algorithms = @("$TunnelDigestEncryption");
|
||||
tunnel_encryption_algorithms = @("$TunnelEncryption");
|
||||
ike_digest_algorithms = @("$IKEDigestEncryption");
|
||||
ike_encryption_algorithms = @("$IKEEncryption");
|
||||
enable_perfect_forward_secrecy = $true;
|
||||
dh_groups = @("$DHGroup");
|
||||
ike_version = $IKEVersion;
|
||||
|
||||
l3vpn_session = @{
|
||||
resource_type = "PolicyBasedL3VpnSession";
|
||||
rules = @(
|
||||
@{
|
||||
id = $generatedId;
|
||||
display_name = $generatedId;
|
||||
sequence_number = $SequenceNumber;
|
||||
sources = @($sources)
|
||||
destinations = @($destinations)
|
||||
}
|
||||
)
|
||||
}
|
||||
}
|
||||
$body = $payload | ConvertTo-Json -Depth 5
|
||||
|
||||
$method = "put"
|
||||
$policyBasedVPNURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-0s/vmc/locale-services/default/l3vpns/$Name"
|
||||
|
||||
if($Troubleshoot) {
|
||||
Write-Host -ForegroundColor cyan "`n[DEBUG] - $METHOD`n$policyBasedVPNURL`n"
|
||||
}
|
||||
|
||||
try {
|
||||
if($PSVersionTable.PSEdition -eq "Core") {
|
||||
$requests = Invoke-WebRequest -Uri $policyBasedVPNURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
|
||||
} else {
|
||||
$requests = Invoke-WebRequest -Uri $policyBasedVPNURL -Body $body -Method $method -Headers $global:nsxtProxyConnection.headers
|
||||
}
|
||||
} catch {
|
||||
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
|
||||
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
|
||||
break
|
||||
} else {
|
||||
Write-Error "Error in configuring Policy Based VPN"
|
||||
Write-Error "`n($_.Exception.Message)`n"
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if($requests.StatusCode -eq 200) {
|
||||
Write-Host "Successfully created Policy Based VPN"
|
||||
($requests.Content | ConvertFrom-Json)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Function Get-NSXTPolicyBasedVPN {
|
||||
<#
|
||||
.NOTES
|
||||
===========================================================================
|
||||
Created by: William Lam
|
||||
Date: 05/09/2019
|
||||
Organization: VMware
|
||||
Blog: http://www.virtuallyghetto.com
|
||||
Twitter: @lamw
|
||||
===========================================================================
|
||||
|
||||
.SYNOPSIS
|
||||
Returns all NSX-T Policy Based VPN Tunnels
|
||||
.DESCRIPTION
|
||||
This cmdlet retrieves all NSX-T Policy Based VPN Tunnels description
|
||||
.EXAMPLE
|
||||
Get-NSXTPolicyBasedVPN
|
||||
.EXAMPLE
|
||||
Get-NSXTPolicyBasedVPN -Name "VPN-T1"
|
||||
#>
|
||||
param(
|
||||
[Parameter(Mandatory=$false)][String]$Name,
|
||||
[Switch]$Troubleshoot
|
||||
)
|
||||
|
||||
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
|
||||
$method = "GET"
|
||||
$policyBaseVPNURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-0s/vmc/locale-services/default/l3vpns"
|
||||
|
||||
if($Troubleshoot) {
|
||||
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$routeBaseVPNURL`n"
|
||||
}
|
||||
|
||||
try {
|
||||
if($PSVersionTable.PSEdition -eq "Core") {
|
||||
$requests = Invoke-WebRequest -Uri $policyBaseVPNURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
|
||||
} else {
|
||||
$requests = Invoke-WebRequest -Uri $policyBaseVPNURL -Method $method -Headers $global:nsxtProxyConnection.headers
|
||||
}
|
||||
} catch {
|
||||
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
|
||||
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
|
||||
break
|
||||
} else {
|
||||
Write-Error "Error in retrieving NSX-T Policy Based VPN Tunnels"
|
||||
Write-Error "`n($_.Exception.Message)`n"
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if($requests.StatusCode -eq 200) {
|
||||
$groups = ($requests.Content | ConvertFrom-Json).results
|
||||
if ($PSBoundParameters.ContainsKey("Name")){
|
||||
$groups = $groups | where {$_.display_name -eq $Name}
|
||||
}
|
||||
|
||||
$results = @()
|
||||
foreach ($group in $groups) {
|
||||
if($group.l3vpn_session.resource_type -eq "PolicyBasedL3VpnSession") {
|
||||
$tmp = [pscustomobject] @{
|
||||
Name = $group.display_name;
|
||||
ID = $group.id;
|
||||
Path = $group.path;
|
||||
Local_IP = $group.local_address;
|
||||
Remote_Public_IP = $group.remote_public_address;
|
||||
Tunnel_IP_Address = $group.remote_private_address;
|
||||
IKE_Version = $group.ike_version;
|
||||
IKE_Encryption = $group.ike_encryption_algorithms;
|
||||
IKE_Digest = $group.ike_digest_algorithms;
|
||||
Tunnel_Encryption = $group.tunnel_encryption_algorithms;
|
||||
Tunnel_Digest = $group.tunnel_digest_algorithms;
|
||||
DH_Group = $group.dh_groups;
|
||||
IP_Sources = $group.l3vpn_session.rules.sources.subnet;
|
||||
IP_Destinations = $group.l3vpn_session.rules.destinations.subnet
|
||||
Created_by = $group._create_user;
|
||||
Last_Modified_by = $group._last_modified_user;
|
||||
}
|
||||
$results+=$tmp
|
||||
}
|
||||
}
|
||||
$results
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Function Remove-NSXTPolicyBasedVPN {
|
||||
<#
|
||||
.NOTES
|
||||
===========================================================================
|
||||
Created by: William Lam
|
||||
Date: 05/09/2019
|
||||
Organization: VMware
|
||||
Blog: http://www.virtuallyghetto.com
|
||||
Twitter: @lamw
|
||||
===========================================================================
|
||||
|
||||
.SYNOPSIS
|
||||
Removes a policy based VPN Tunnel
|
||||
.DESCRIPTION
|
||||
This cmdlet removes a policy based VPN Tunnel
|
||||
.EXAMPLE
|
||||
Remove-NSXTPolicyBasedVPN -Name "Policy1" -Troubleshoot
|
||||
#>
|
||||
Param (
|
||||
[Parameter(Mandatory=$True)]$Name,
|
||||
[Switch]$Troubleshoot
|
||||
)
|
||||
|
||||
If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
|
||||
$TunnelId = (Get-NSXTPolicyBasedVPN -Name $Name).ID
|
||||
|
||||
# Delete IPSEC tunnel
|
||||
$method = "DELETE"
|
||||
$deleteVPNtunnelURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-0s/vmc/locale-services/default/l3vpns/$TunnelId"
|
||||
|
||||
if($Troubleshoot) {
|
||||
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$deleteVPNtunnelURL`n"
|
||||
}
|
||||
|
||||
try {
|
||||
if($PSVersionTable.PSEdition -eq "Core") {
|
||||
$requests = Invoke-WebRequest -Uri $deleteVPNtunnelURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
|
||||
} else {
|
||||
$requests = Invoke-WebRequest -Uri $deleteVPNtunnelURL -Method $method -Headers $global:nsxtProxyConnection.headers
|
||||
}
|
||||
} catch {
|
||||
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
|
||||
Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
|
||||
break
|
||||
} else {
|
||||
Write-Error "Error in removing NSX-T VPN Tunnel: $Name"
|
||||
Write-Error "`n($_.Exception.Message)`n"
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if($requests.StatusCode -eq 200) {
|
||||
Write-Host "Successfully removed NSX-T VPN Tunnel: $Name"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user