AWS VPNConnection с использованием PowerShell

Я пытаюсь настроить новое VPN-соединение с транзитным шлюзом AWS с помощью PowerShell. Мне нужна помощь в настройке параметров туннеля. У AWS очень ограниченная документация с примерами. Вот ссылка на документацию: VPNTunnelSpecifications.

Вот мой сценарий:

foreach ($v in $vpn) {
    $name = $v.vpnname
    $peer = $v.peerip
    $psk = $v.psk
    $type = 'ipsec.1'
    $tgwid = 'tgw-07b5dbf2e29'
    $agency = $v.Agency
    $program = $v.Program
    $poc = $v.poc

    $ph1dh = @(14, 15, 16, 17, 18, 22, 23, 24)
    $ph1ike = @("ikev2")
    $ph1enc = @("AES256")
    $ph1int = @("SHA2-256")
    $ph2dh = @(14, 15, 16, 17, 18, 22, 23, 24)
    $ph2enc = @("AES256")
    $ph2int = @("SHA2-256")

    $TunnelOptions = @( @{key = "dpdtimeoutseconds"; value = 30 }, `
        @{key = "IKEVersions"; value = $ph1ike }, `
        @{key = "Phase1DHGroupNumbers"; value = $ph1dh }, `
        @{key = "Phase1EncryptionAlgorithms"; value = $ph1enc }, `
        @{key = "Phase1IntegrityAlgorithms"; value = $ph1int }, `
        @{key = "Phase1LifetimeSeconds"; value = 28800 }, `
        @{key = "Phase2DHGroupNumbers"; value = $ph2dh }, `
        @{key = "Phase2EncryptionAlgorithms"; value = $ph2enc }, `
        @{key = "Phase2IntegrityAlgorithms"; value = $ph2int }, `
        @{key = "Phase2LifetimeSeconds"; value = 3600 }, `
        @{key = "PreSharedKey"; value = $psk }
    )

    ##create customer gateway
    $cg = New-EC2CustomerGateway -type $type -PublicIp $peer -DeviceName $name 
    $cg
    $cgid = $cg.CustomerGatewayId
    $cgid

    $vpngateway = New-EC2VpnConnection -CustomerGatewayId $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions
    $vpngateway
    $VGWid = $vpngateway.VpnGatewayId
    $VGWid
}

Если я запускаю скрипт, я оказываюсь на линии

$vpngateway = New-EC2VpnConnection -CustomerGatewayId $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions

Следующая ошибка:

New-EC2VpnConnection : Cannot bind parameter 'Options_TunnelOption'.
Cannot create object of type
"Amazon.EC2.Model.VpnTunnelOptionsSpecification". The key property was
not found for the  Amazon.EC2.Model.VpnTunnelOptionsSpecification
object. The available property is: [DPDTimeoutSeconds <System.Int32>]
, [IKEVersions 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.IKEVersionsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase1DHGroupNumbers 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1DHGroupNumbersRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase1EncryptionAlgorithms 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1EncryptionAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] ,  [Phase1IntegrityAlgorithms
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1IntegrityAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral, 
PublicKeyToken=885c28607f98e604]]>] , [Phase1LifetimeSeconds
<System.Int32>] , [Phase2DHGroupNumbers
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2DHGroupNumbersRequestListValue,
AWSSDK.EC2,  Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2EncryptionAlgorithms
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2EncryptionAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2IntegrityAlgorithms 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2IntegrityAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2LifetimeSeconds 
<System.Int32>] , [PreSharedKey <System.String>] ,
[RekeyFuzzPercentage <System.Int32>] , [RekeyMarginTimeSeconds
<System.Int32>] , [ReplayWindowSize <System.Int32>] ,
[TunnelInsideCidr <System.String>] At line:1 char:108
+ ... d $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions
+                                                            ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-EC2VpnConnection], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Amazon.PowerShell.Cmdlets.EC2.NewEC2VpnConnectionCmdlet
Источник

1 ответ

Мне удалось исправить сценарий с помощью следующего кода. Я не мог получить значения DH в виде списка, однако одно значение работало.

$dpd = 30
$ph1lt = 28800
$ph2lt = 3600
$ph1ike = new-object Amazon.EC2.Model.IKEVersionsRequestListValue
$ph1ike.Value = @("ikev2")
$ph1dh = new-object Amazon.EC2.Model.Phase1DHGroupNumbersRequestListValue
$ph1dh.Value = 14 #@( 14, 15, 16, 17, 18, 22, 23, 24)
$ph1enc = new-object Amazon.EC2.Model.Phase1EncryptionAlgorithmsRequestListValue
$ph1enc.Value = @("AES256")
$ph1int = new-object Amazon.EC2.Model.Phase1IntegrityAlgorithmsRequestListValue
$ph1int.Value = @("SHA2-256")
$ph2dh = new-object Amazon.EC2.Model.Phase2DHGroupNumbersRequestListValue
$ph2dh.Value = 14 #@(14, 15, 16, 17, 18, 22, 23, 24) 
$ph2enc = new-object Amazon.EC2.Model.Phase2EncryptionAlgorithmsRequestListValue
$ph2enc.Value = @("AES256")
$ph2int = new-object Amazon.EC2.Model.Phase2IntegrityAlgorithmsRequestListValue
$ph2int.Value = @("SHA2-256")

$TunnelOptions = New-Object Amazon.EC2.Model.VpnTunnelOptionsSpecification
$TunnelOptions.DPDTimeoutSeconds = $dpd
$TunnelOptions.IKEVersions = $ph1ike
$TunnelOptions.PreSharedKey = $psk
$TunnelOptions.Phase1DHGroupNumbers = $ph1dh
$TunnelOptions.Phase1EncryptionAlgorithms = $ph1enc
$TunnelOptions.Phase1IntegrityAlgorithms = $ph1int
$TunnelOptions.Phase1LifetimeSeconds = $ph1lt
$TunnelOptions.Phase2DHGroupNumbers = $ph2dh
$TunnelOptions.Phase2EncryptionAlgorithms = $ph2enc
$TunnelOptions.Phase2IntegrityAlgorithms = $ph2int
$TunnelOptions.Phase2LifetimeSeconds = $ph2lt
Источник
Другие вопросы по тегам