0

我正在尝试使用 PowerShell 与 AWS 中转网关建立新的 vpn 连接。我需要一些有关如何设置隧道选项的帮助。AWS 的示例文档非常有限。这是文档的链接:VPNTunnelSpecifications

这是我的脚本: 

foreach ($v in $vpn) {
    $name = $v.vpnname
    $peer = $v.peerip
    $psk = $v.psk
    $type = 'ipsec.1'
    $tgwid = 'tgw-07b5dbf2e29'
    $agency = $v.Agency
    $program = $v.Program
    $poc = $v.poc

    $ph1dh = @(14, 15, 16, 17, 18, 22, 23, 24)
    $ph1ike = @("ikev2")
    $ph1enc = @("AES256")
    $ph1int = @("SHA2-256")
    $ph2dh = @(14, 15, 16, 17, 18, 22, 23, 24)
    $ph2enc = @("AES256")
    $ph2int = @("SHA2-256")

    $TunnelOptions = @( @{key = "dpdtimeoutseconds"; value = 30 }, `
        @{key = "IKEVersions"; value = $ph1ike }, `
        @{key = "Phase1DHGroupNumbers"; value = $ph1dh }, `
        @{key = "Phase1EncryptionAlgorithms"; value = $ph1enc }, `
        @{key = "Phase1IntegrityAlgorithms"; value = $ph1int }, `
        @{key = "Phase1LifetimeSeconds"; value = 28800 }, `
        @{key = "Phase2DHGroupNumbers"; value = $ph2dh }, `
        @{key = "Phase2EncryptionAlgorithms"; value = $ph2enc }, `
        @{key = "Phase2IntegrityAlgorithms"; value = $ph2int }, `
        @{key = "Phase2LifetimeSeconds"; value = 3600 }, `
        @{key = "PreSharedKey"; value = $psk }
    )

    ##create customer gateway
    $cg = New-EC2CustomerGateway -type $type -PublicIp $peer -DeviceName $name 
    $cg
    $cgid = $cg.CustomerGatewayId
    $cgid

    $vpngateway = New-EC2VpnConnection -CustomerGatewayId $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions
    $vpngateway
    $VGWid = $vpngateway.VpnGatewayId
    $VGWid
}

如果我运行脚本,我会上线

$vpngateway = New-EC2VpnConnection -CustomerGatewayId $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions

以下错误:

New-EC2VpnConnection : Cannot bind parameter 'Options_TunnelOption'.
Cannot create object of type
"Amazon.EC2.Model.VpnTunnelOptionsSpecification". The key property was
not found for the  Amazon.EC2.Model.VpnTunnelOptionsSpecification
object. The available property is: [DPDTimeoutSeconds <System.Int32>]
, [IKEVersions 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.IKEVersionsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase1DHGroupNumbers 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1DHGroupNumbersRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase1EncryptionAlgorithms 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1EncryptionAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] ,  [Phase1IntegrityAlgorithms
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase1IntegrityAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral, 
PublicKeyToken=885c28607f98e604]]>] , [Phase1LifetimeSeconds
<System.Int32>] , [Phase2DHGroupNumbers
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2DHGroupNumbersRequestListValue,
AWSSDK.EC2,  Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2EncryptionAlgorithms
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2EncryptionAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2IntegrityAlgorithms 
<System.Collections.Generic.List`1[[Amazon.EC2.Model.Phase2IntegrityAlgorithmsRequestListValue,
AWSSDK.EC2, Version=3.3.0.0, Culture=neutral,
PublicKeyToken=885c28607f98e604]]>] , [Phase2LifetimeSeconds 
<System.Int32>] , [PreSharedKey <System.String>] ,
[RekeyFuzzPercentage <System.Int32>] , [RekeyMarginTimeSeconds
<System.Int32>] , [ReplayWindowSize <System.Int32>] ,
[TunnelInsideCidr <System.String>] At line:1 char:108
+ ... d $cgid -TransitGatewayId $tgwid -Options_TunnelOption $TunnelOptions
+                                                            ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-EC2VpnConnection], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Amazon.PowerShell.Cmdlets.EC2.NewEC2VpnConnectionCmdlet
4

1 回答 1

0

我能够使用以下代码修复脚本。我无法将 DH 值作为列表获取,但是,单个值有效。

$dpd = 30
$ph1lt = 28800
$ph2lt = 3600
$ph1ike = new-object Amazon.EC2.Model.IKEVersionsRequestListValue
$ph1ike.Value = @("ikev2")
$ph1dh = new-object Amazon.EC2.Model.Phase1DHGroupNumbersRequestListValue
$ph1dh.Value = 14 #@( 14, 15, 16, 17, 18, 22, 23, 24)
$ph1enc = new-object Amazon.EC2.Model.Phase1EncryptionAlgorithmsRequestListValue
$ph1enc.Value = @("AES256")
$ph1int = new-object Amazon.EC2.Model.Phase1IntegrityAlgorithmsRequestListValue
$ph1int.Value = @("SHA2-256")
$ph2dh = new-object Amazon.EC2.Model.Phase2DHGroupNumbersRequestListValue
$ph2dh.Value = 14 #@(14, 15, 16, 17, 18, 22, 23, 24) 
$ph2enc = new-object Amazon.EC2.Model.Phase2EncryptionAlgorithmsRequestListValue
$ph2enc.Value = @("AES256")
$ph2int = new-object Amazon.EC2.Model.Phase2IntegrityAlgorithmsRequestListValue
$ph2int.Value = @("SHA2-256")

$TunnelOptions = New-Object Amazon.EC2.Model.VpnTunnelOptionsSpecification
$TunnelOptions.DPDTimeoutSeconds = $dpd
$TunnelOptions.IKEVersions = $ph1ike
$TunnelOptions.PreSharedKey = $psk
$TunnelOptions.Phase1DHGroupNumbers = $ph1dh
$TunnelOptions.Phase1EncryptionAlgorithms = $ph1enc
$TunnelOptions.Phase1IntegrityAlgorithms = $ph1int
$TunnelOptions.Phase1LifetimeSeconds = $ph1lt
$TunnelOptions.Phase2DHGroupNumbers = $ph2dh
$TunnelOptions.Phase2EncryptionAlgorithms = $ph2enc
$TunnelOptions.Phase2IntegrityAlgorithms = $ph2int
$TunnelOptions.Phase2LifetimeSeconds = $ph2lt
于 2020-02-11T17:24:06.583 回答