terraform-provider-azurerm: Error during update a VPN Gateway Basic

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

I’m getting an error during VPN Gateway Basic update

Terraform Version

1.1.7

AzureRM Provider Version

v3.13.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_network_gateway

Terraform Configuration Files

resource "azurerm_virtual_network_gateway" "gateway" {
  name                = "${var.projectname}-vpn-gw"
  location            = azurerm_resource_group.rg.location
  resource_group_name = var.network_rg
  
  type          = "Vpn"
  vpn_type      = "RouteBased"
  active_active = false
  enable_bgp    = false
  sku           = "Basic"
  
  ip_configuration {
    name = "vnet"
    public_ip_address_id = azurerm_public_ip.gateway.id
    private_ip_address_allocation = "Dynamic"
    subnet_id = azurerm_subnet.gateway.id
  }
  
  vpn_client_configuration {
    address_space = [local.vpn_ips]
    root_certificate {
      name = "VPNROOT"
      public_cert_data = var.vpnRootCert
    }
  }
}

Debug Output/Panic Output

2022-07-11T11:44:15.006Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.global.azurerm_virtual_network_gateway.gateway
2022-07-11T11:44:15.006Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for module.global.azurerm_virtual_network_gateway.gateway
2022-07-11T11:44:15.006Z [TRACE] evalApplyProvisioners: module.global.azurerm_virtual_network_gateway.gateway is not freshly-created, so no provisioning is required
2022-07-11T11:44:15.006Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.global.azurerm_virtual_network_gateway.gateway
2022-07-11T11:44:15.006Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for module.global.azurerm_virtual_network_gateway.gateway
2022-07-11T11:44:15.007Z [ERROR] vertex "module.global.azurerm_virtual_network_gateway.gateway" error: Creating/Updating Virtual Network Gateway: (Name "*gateway name*" / Resource Group "*rg name*"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BasicSkuVirtualNetworkGatewayDoesNotSupportBgp" Message="A virtual network gateway SKU of Standard or higher is required for BGP support on virtual network gateway /subscriptions/***/resourceGroups/***/providers/Microsoft.Network/virtualNetworkGateways/*gateway name*" Details=[]
2022-07-11T11:44:15.007Z [TRACE] vertex "module.global.azurerm_virtual_network_gateway.gateway": visit complete, with errors
2022-07-11T11:44:15.007Z [DEBUG] provider.terraform-provider-azurerm_v3.13.0_x5: AzureRM Response for https://management.azure.com/subscriptions/***/resourceGroups/***/providers/Microsoft.Network/virtualNetworkGateways/*gateway name*?api-version=2021-08-01: 
HTTP/2.0 400 Bad Request
Content-Length: 369
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Mon, 11 Jul 2022 11:44:14 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-HTTPAPI/2.0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Ms-Arm-Service-Request-Id: df33a684-538d-48a7-a2a1-3b32bffa1276
X-Ms-Correlation-Request-Id: 18cbb071-08bd-8f04-6290-e23cb81242ce
X-Ms-Ratelimit-Remaining-Subscription-Writes: 1198
X-Ms-Request-Id: 6fb2e928-9ddc-4236-b612-0ba7909339b9
X-Ms-Routing-Request-Id: WESTEUROPE:20220711T114414Z:4d38cbdc-6018-4e3b-9b33-5f222b9df155

{
  "error": {
    "code": "BasicSkuVirtualNetworkGatewayDoesNotSupportBgp",
    "message": "A virtual network gateway SKU of Standard or higher is required for BGP support on virtual network gateway /subscriptions/***/resourceGroups/*rg name*/providers/Microsoft.Network/virtualNetworkGateways/*gateway name*",

Expected Behaviour

Successful update/deployment,

Actual Behaviour

network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 – Original Error: Code=“BasicSkuVirtualNetworkGatewayDoesNotSupportBgp” Message=“A virtual network gateway SKU of Standard or higher is required for BGP support on virtual network gateway /subscriptions/***/resourceGroups/rg name/providers/Microsoft.Network/virtualNetworkGateways/gateway name” Details=[]

Steps to Reproduce

No response

Important Factoids

No response

References

No response

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 2
  • Comments: 17

Most upvoted comments

Found out that it works when you delete the VPN gateway and recreate it with terraform . But it does not support updating a existing VPN gateway.

+1
aink99 on Nov 8, 2022

Faced the same issue here also, using latest version and “3.24.0”

Terraform v1.3.1 on linux_amd64

  • provider registry.terraform.io/hashicorp/azurerm v3.24.0
  • provider registry.terraform.io/hashicorp/random v3.4.3

Has a work a around I had to create manually in the Azure portal the section related to vpn_client_configuration .

I’ve also tried with aztfy to poke around as soon as you change let say the certificate name, it triggers the error.

+1
aink99 on Oct 7, 2022
Read more comments on GitHub
← terraform-provider-azurerm: Error deleting a VM linked to a backend address pool association
terraform-provider-azurerm: Error in azurerm_role_assignment →