v1.0.0

deployment can create a secure hub-spoke network using Azure VWANs.

The setup will deploy:

• Azure VWAN
• Azure Hubs
• Azure VWAN Firewall
• Azure VWAN s2s gateway
• Azure VWAN p2s gateway
• Azure VNETs (Spokes)

A regular central hub network is also deployed in this release which will host most core infra services in the future. There are currently spoke examples which need some updating but you can also DIY your own implementation passing in the values you need from the global module and hub module as needed.

Force tunneling for Azure VPN only supports IPv4 today (October 2022)
To enable force tunneling you must ensure you have:

• internet_security_enabled = true for VPN gateways and for VNET-Hub connections (aka Secure Hubs)
• create a route named public_traffic with route 0.0.0.0/0 set to the firewall for a given hub and that this route is associated to the default route table of a hub
• You must ensure when you download the Azure VPN client config package for the "AzureVPN" Client app, manually change the version attribute/tag set in azurevpnconfig.xml file to "2" (e.g. <version>2</version>) NOTE: Version "1" does not seem to enforce forced tunneling
• You must also ensure you import 3 certicicates: (1) the client.pfx file (windows), (2) the self-signed rootca certificate (ca.pem) and the DigiCert Global Root CA certificate into your local system trust so that VPN certificate validation works accordingly
• The client.pfx cert should be stored under the users client certificates location and both the self-signed rootca and DigiCert stored to the machine's Trusted Root Certificate Authority locations