Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN AZURE VTI

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 376 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IKSERVICES ISTA Kenny
      last edited by

      Hello,

      I have a problem communicating with the tunnel, the connection is established but nothing comes through.

      IP-address: xx.xx.xx.xx
      PSK: sdfsdfsdfsdf
      Traffic selection: Route-based
      IKE Protocol: IKEv2

      IKE Phase 1 parameters:
      • Encryption: AES256
      • Integrity/PRF: SHA256
      • DH Group: 14

      IKE Phase 2 (IPSec) parameters:
      • Encryption: AES256
      • Integrity: SHA256
      • PFS Group: None
      • SA lifetime (kb): 102400000
      • SA lifetime (sec): 27000

      Routed subnets:
      • 10.192.0.0/21

      13009a7e-a8c2-4bdc-bdb8-7c9f88839cd1-image.png

      Do you have an idea ?

      1 Reply Last reply Reply Quote 0
      • LarryFahnoeL
        LarryFahnoe
        last edited by

        Have you read https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html?

        That doc suggests configuring a transit network (which could be a /30), and that the two endpoints of the transit network would be configured as ADDRESS rather than NETWORK in the P2.

        You don't mention which version you're running, but if you are on 24.03, note this thread https://forum.netgate.com/topic/188214/vti-gateways-not-adding-static-routes-in-24-03/. There is a patch to address the issue of the necessary static routes not being added.

        --Larry

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.