Azure Site to Site VPN (S2S VPN) started as a method to connect Azure VNet and on premise network. Now it appears as a good solution to connect Azure VNets as well.
Equipped with Azure S2S VPN, we are able to build more complex Windows lab across Azure subscriptions. The diagram below show the idea. Compare to P2S VPN, S2S VPN is a much stable solution and could reserve static IP Address for DNS and Domain Controller.
The steps to make that happen are:
1. Create VNet per subscription.
2. Create gateway for each VNet. You may need to export VNetConfig, manually add local network and import config at first before that.
3. Create local network and build connection for each VNet. You must use VNetConfig file to do that. And gateway should be provisioned already as local network will need that.
4. Make all the VPN connection share the same gateway sharedkey.
Step 3 and step 4 will be very time-consuming as you need to create N*(N-1) local network if you have N VNet to connect together. I wrote a script to make step 2-4 automated.
All you need to do are step 1 + a .csv file to describe VNets + SharedKey.
The csv file looks like
AddressPrefix should not overlap with each other and GatewaySubnet not overlap the existed Subnet in the specific Vnet. You can find correct GatewaySubnet by adding a new subnet in Vnet config (don’t save).
Attach the code URL: https://github.com/tombwu/ConnectAzureVPN/blob/master/Site%20To%20Site/BuildSiteToSiteVPN.ps1