Azure Virtual gateway: VirtualNetworkGatewayBgpPeeringAddressCannotBeModified

Question

I want to set up the point-to-site VPN however I am getting the following error while trying to set up the point-to-site configuration.

Terraform version used : azurerm-3.0.2

│ Error: Creating/Updating Virtual Network Gateway: (Name "vpng-connectivity-shared-centralus-001" / Resource Group "rg-connectivity-shared-centralus-001"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="VirtualNetworkGatewayBgpPeeringAddressCannotBeModified" Message="The BgpPeeringAddress for the virtual network gateway /subscriptions/xxxx/resourceGroups/rg-connectivity-shared-centralus-001/providers/Microsoft.Network/virtualNetworkGateways/vpng-connectivity-shared-centralus-001 cannot be modified" Details=[]
│ 
│   with module.create_connectivity_hub_subscription.azurerm_virtual_network_gateway.connectivity-hub-vnet-gateway,
│   on ../../Azure_Terraform_Modules/connectivity_subscription/connectivity_subscription.tf line 558, in resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway":
│  558: resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
│ 
╵
##[error]Bash exited with code '1'.

Below is the code used

resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
  name                = "vpng-${var.subscription_type}-shared-${var.location}-001"
  location            = var.location
  resource_group_name = module.create_rg.rg_name

  type     = "Vpn"
  vpn_type = "RouteBased"

  active_active = false
  enable_bgp    = false
  sku           = "VpnGw1"

  ip_configuration {
    name                          = "vnetGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.connectivity-hub-vpn-gateway1-pip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = module.create_gateway_subnet.subnet_id
  }

  vpn_client_configuration {
    address_space = ["172.16.0.0/16"]
    root_certificate {
      name = "ROOTCERT"
      public_cert_data = <

Jahnavi · Accepted Answer

To achieve the desired outcome, I ran the terraform script below with a few modifications and with the "Azurem" version set to 3.29.1 or you can use latest one(3.37.0); it worked for me without any error.

When I tried it in my environment, I had the same issue. I included three IP configurations because the minimum criteria for creating a gateway is "3" & "2" client configuration peering addresses.

vi main.tf:

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.29.1"
    }
  }
}
provider "azurerm" {
  features{}
}
resource "azurerm_resource_group" "xxx" {
  name = "testfirst"
  location = "West Europe"
}
resource "azurerm_virtual_network" "vnet" {
  name                = ""
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  address_space       = ["10.10.0.0/16"]
}
resource "azurerm_subnet" "xxxGatewaySubnet>" {
  name                 = "xxxGatewaySubnet>"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.10.1.0/24"]
}

resource "azurerm_public_ip" "xxip1" {
  name                = "xxip1"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  sku = "Standard"
  allocation_method   = "Static"
}
resource "azurerm_public_ip" "xxip2" {
  name                = "xxip2"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
    sku = "Standard"
  allocation_method   = "Static"
}
resource "azurerm_public_ip" "xxip3" {
  name                = "xxip3"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
    sku = "Standard"
  allocation_method   = "Static"
}
resource "azurerm_virtual_network_gateway" "xxxGateWay" {
  name                = "xxxGateWay"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  sku           = "VpnGateway1"
  type          = "Vpn"
  active_active = true
  enable_bgp    = true

  ip_configuration {
    name                          = "xxxvnetGatewayConfig1"
    public_ip_address_id          = azurerm_public_ip.gwip1.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.gwsubnet.id
  }
  ip_configuration {
    name                          = "xxxxvnetGatewayConfig2"
    public_ip_address_id          = azurerm_public_ip.gwip2.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.gwsubnet.id
  }
 ip_configuration {
    name                          = "xxxvnetGatewayConfig3"
    public_ip_address_id          = azurerm_public_ip.gwip3.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.gwsubnet.id
  }
  vpn_client_configuration {
    address_space = ["172.16.0.0/16"]
    root_certificate {
      name = "ROOTCERT"
      public_cert_data = <


terraform init:

terraform plan:

terraform apply:

Point-to-site configuration in Portal after deployment:

Reference: terraform

Azure Virtual gateway: VirtualNetworkGatewayBgpPeeringAddressCannotBeModified

Answers (1)

Related Questions