This post is part 1 of a small series and stems from this post https://marckean.com/2016/05/17/azure-resource-groups-networks/
The following is some PowerShell I put together that ends up setting up a full Virtual Network along with a Local network gateway, Public IP address and Virtual Network Gateway in the same Resource Group. This will set all this up into a separate Azure Resource Group on its own, which I recommend to keep the network part of your Azure environment separate, then you can easily deploy other resources in other Resource Groups, e.g. Virtual Machines which all can be attached to this Virtual Network, even though it’s in another Resource Group. Also to the fact that with RBAC, you can delegate access to the network team or someone with this know how to manage the Azure network resources.
For information and templates to help setup the other side of the VPN tunnel i.e. VPN device scripts, see https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/
Below you will need to change the variables to suit yourself. When running the script, it will take a long time in the section where it creates the Virtual Network Gateway, about 20-40 mins. Also takes this long when deleting the Virtual Network Gateway, so make sure you have this correct before deploying it, otherwise you’ll end up wasting heaps of time.
BTW, I am using the Azure PowerShell module v1.4.0 I got from here: https://github.com/Azure/azure-powershell/releases (a full download instead of the web installer).
This is what is looks like in Azure:
My other blog post explains how to setup the other end of the tunnel based on Windows Server 2012 R2 (Routing & Remote Access).