azureterraform-provider-azureazure-virtual-network
Azure Virtual gateway: VirtualNetworkGatewayBgpPeeringAddressCannotBeModified
I want to set up the point-to-site VPN however I am getting the following error while trying to set up the point-to-site configuration.
Terraform version used : azurerm-3.0.2
│ Error: Creating/Updating Virtual Network Gateway: (Name "vpng-connectivity-shared-centralus-001" / Resource Group "rg-connectivity-shared-centralus-001"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="VirtualNetworkGatewayBgpPeeringAddressCannotBeModified" Message="The BgpPeeringAddress for the virtual network gateway /subscriptions/xxxx/resourceGroups/rg-connectivity-shared-centralus-001/providers/Microsoft.Network/virtualNetworkGateways/vpng-connectivity-shared-centralus-001 cannot be modified" Details=[]
│
│ with module.create_connectivity_hub_subscription.azurerm_virtual_network_gateway.connectivity-hub-vnet-gateway,
│ on ../../Azure_Terraform_Modules/connectivity_subscription/connectivity_subscription.tf line 558, in resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway":
│ 558: resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
│
╵
##[error]Bash exited with code '1'.
Below is the code used
resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
name = "vpng-${var.subscription_type}-shared-${var.location}-001"
location = var.location
resource_group_name = module.create_rg.rg_name
type = "Vpn"
vpn_type = "RouteBased"
active_active = false
enable_bgp = false
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.connectivity-hub-vpn-gateway1-pip.id
private_ip_address_allocation = "Dynamic"
subnet_id = module.create_gateway_subnet.subnet_id
}
vpn_client_configuration {
address_space = ["172.16.0.0/16"]
root_certificate {
name = "ROOTCERT"
public_cert_data = <<EOF
MIIC3zCCAcegAwIBAgIQJdWvUysG/oxPlBZu2cCi1DANBgkqhkiG9w0BAQsFADAS
EOF
}
}
depends_on = [azurerm_public_ip.connectivity-hub-vpn-gateway1-pip, module.create_gateway_subnet]
tags = var.tags
}
Solution
To achieve the desired outcome, I ran the terraform script below with a few modifications and with the "Azurem" version set to 3.29.1 or you can use latest one(3.37.0); it worked for me without any error.
When I tried it in my environment, I had the same issue. I included three IP configurations because the minimum criteria for creating a gateway is "3" & "2" client configuration peering addresses.
vi main.tf:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.29.1"
}
}
}
provider "azurerm" {
features{}
}
resource "azurerm_resource_group" "xxx" {
name = "testfirst"
location = "West Europe"
}
resource "azurerm_virtual_network" "vnet" {
name = "<xxxvnet>"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.10.0.0/16"]
}
resource "azurerm_subnet" "xxxGatewaySubnet>" {
name = "xxxGatewaySubnet>"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.10.1.0/24"]
}
resource "azurerm_public_ip" "xxip1" {
name = "xxip1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "xxip2" {
name = "xxip2"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "xxip3" {
name = "xxip3"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_virtual_network_gateway" "xxxGateWay" {
name = "xxxGateWay"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku = "VpnGateway1"
type = "Vpn"
active_active = true
enable_bgp = true
ip_configuration {
name = "xxxvnetGatewayConfig1"
public_ip_address_id = azurerm_public_ip.gwip1.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
ip_configuration {
name = "xxxxvnetGatewayConfig2"
public_ip_address_id = azurerm_public_ip.gwip2.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
ip_configuration {
name = "xxxvnetGatewayConfig3"
public_ip_address_id = azurerm_public_ip.gwip3.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
vpn_client_configuration {
address_space = ["172.16.0.0/16"]
root_certificate {
name = "ROOTCERT"
public_cert_data = <<EOF
MIIC6zCCAdOgAwIBAgIQdGSy/6KEorFGCYqMgGcJ0TANBgkqhkiG9w0BAQsFADAY
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LMd5oRRrWWIPI2kj6iOk8FGMNUaJ0q4PgEw0Z9kACoklUt6Wj6JaEU4GrfXQ6Ety
HdgWObzfF3I7azJlOM8Go4PE97LXMPRXJep6oOmQVQ==
EOF
}
}
bgp_settings {
asn = 65515
peering_addresses {
ip_configuration_name = "xxxvnetGatewayConfig1"
apipa_addresses = ["169.254.21.2", "169.254.22.2"]
}
peering_addresses {
ip_configuration_name = "xxxxvnetGatewayConfig2"
apipa_addresses = ["169.254.21.6", "169.254.22.6"]
}
}
tags = {
test = "testpurpose"
}
}
terraform init:
terraform plan:
terraform apply:
Point-to-site configuration in Portal after deployment:
