Azure Site-to-Site VPN with FritzBox
/blog/artikel/azure-fritzbox
In Azure, you can set up your "own" network, i.e. configure an (almost) arbitrary address range of your choice in a so-called VNet. Through the possibility of connecting via VPN to the network in your own data center, the network set up in Azure becomes another location of your own infrastructure and the resources in Azure are accessible transparently as in your own network.
This guide describes how you can also establish this VPN connection with a FritzBox 7490 and thus also use Azure as an "extension" of your own home network.
Deutsch Français Espagnol PortugueseSetup VNet
It is based on Article https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm. As an example, I'll set up a VNet with address range 10.3.0.0/16 (the address range must not overlap with the local addresses) and the following subnets:
Subnet 10.3.0.0/24 - provides 247 free IP addresses
GatewaySubnet 10.3.1.0/24 - Special subnet for VPN connection
Virtual machines, which are to be accessed later as in the local network, must be created in the first subnet.
Set up the gateway in Azure
https://docs.microsoft.com/de-de/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal describes how to do it. Create the gateway as described in the article. Note: The gateway must be "policy-based". A public IP address is then also created, which will be needed later when configuring the FritzBox.
The "Local Network Gateway" is now created in Azure as a "representative" for the FritzBox. You need to know the public IP address of the FritzBox, which is currently valid. Also enter the address range of the local network, in my case this is e.g. 192.168.2.0/24.
Finally, as described in the article, a connection must be established between the gateway and the local gateway. Define the shared key, which you will later configure for the FritzBox.
Configuring FritzBox
In order to configure the FritzBox, the configuration file must https://1drv.ms/u/s!AlVNeomY2iiZnvQhtPIwZ59v4bTNNw be adjusted: All places marked with <todo> must be added accordingly and then, of course, "<todo>" must be deleted. The FritzBox must be registered with a dynamic DNS service so that the changing IP address can be queried.
Finally, in the releases in the FritzBox configuration menu, you read in the customized CFG file. This will then establish the connection.
Automatic adjustment of the IP address
With most Internet providers, the IP address is reassigned once every 24 hours. It is best to configure the FritzBox in such a way that you carry out a forced disconnection, e.g. at 4 o'clock in the morning, and thus have an IP address after this time that remains valid for 24 hours. Now the task remains to ensure that this IP address is automatically included in the configuration of the gateway in Azure.
To do this, an automation account is set up and the following script is executed (after adjusting the variables, of course) every morning after 4 am: https://1drv.ms/u/s!AlVNeomY2iiZnvQjmtJ24egMhsAFfQ
This would set up the connection and will automatically maintain it with the current IP of the FritzBox.
About the costs: If you maintain the connection for the whole month, you will incur costs of just under 22 EUR per month.