So it appears MS have changed our VPN gateway SKU to vpngw1. Since November last year I have been paying £110 per month for a service that was previously free.
I totally get the “boil the frog” approach, so this isn’t a rant about cloud service lock-in, but more a request for help.
I want to “downgrade” from the vpngw1 SKU to the basic SKU but it appears the only way you can do this is via Azure Powershell. I’m not 100% comfortable using that, but am learning. I have found the following doc:
And am working my way through it. Because I already have a functioning VPN, I already have the following:
Resource Group
Virtual Network.
Gateway Subnet
Public IP address
that I’m planning to reuse. The part that I’m struggling with is the Gateway IP address configuration. I can’t see mention of this in the portal, so is this something that I’m going to need to create?
My plan is to delete the current VPN Gateway, and then execute the script to create a new basic one, making use of above resources that already exist (plus the GW IP address config once I sort that out!). Has anyone already done this? Does any of this make sense?
Hello, don’t forget that soon you won’t be able to use a basic one.
Because of the retirement of Basic IP, which Standard and High-Performance SKUs only accept, we will retire these SKUs on 30 September 2025. Starting 1 December 2023, you will no longer be able to create a new gateway with these SKUs.
Recommended action: Post December 2024, you will be able to upgrade your Standard/High-Performance gateway SKU to one of the other VPN Gateway SKUs available.
There are no price changes for migrating Standard (VPNGw1) and High-Performance (VPNGw2). As a benefit, the performance improvement after migrating Standard is 6.5x and High Performance is 5x respectively.
If you do not upgrade your gateway by August 2025, your gateway will be automatically upgraded to VPNGw1AZ (Standard) or VPNGw2AZ (High-Performance) after 30 September 2025.
If your public IP matches the following criteria, you can easily create the basic VPN via powershell:
A Basic SKU VPN gateway uses a Basic SKU public IP address, not Standard.
The public IP address allocation method for a Basic SKU VPN gateway must be Dynamic, not Static.
You can copy and paste the powershell commands from ms learn and create the von gw.
The GW subnet will be created at a certain step
Not a direct answer to your question, but I’ve started using Tailscale with Azure and it works well. Depends on your needs obviously, I’d also consider running a small Linux VM for ~7 bucks a month and run an OpenVPN server on it.
Which implies MS are looking into making the standard IP service available for Basic VPNGW SKUs. Is this no longer the case?
Also, just one other question, if I do create a new Basic VPN GW, will this be visible in the portal for the purposes of managing it and seeing its status? I know I can’t create one in the portal but can I at least see the one I create via PS?
Thanks for your reply. I already have a GW subnet, it’s the GW IP Address configuration I’m unsure about. However, after doing a bit more reading it appears that the Basic VPN GW SKU only supports dynamic public IPs that are created at the point the GW is instantiated, so it looks like I’m going to have to nuke the existing one and create a new one anyway. Great!
Yes you can still create it using powershell and yes you can manage it in the portal.
No idea, they are “working on it”. After 5years of azure, i have no expectation on this. If they do, nice. If they don’t, no problem i didn’t expect them to do it.