After contact with microsoft helpdesk I found the solution for me. For future reference: I had to turn on mss clamping and set it to 1350. This is also in the advanced IPSec settings Maybe this settings was defaulted after an update? I wasn't the one who configured it in the first place, so I wouldn't know for sure. I made sure to match my settings to this document https://docs.microsoft.com/nl-nl/azure/vpn-gateway/vpn-gateway-about-vpn-devices @stephenw10 Thanks for the reply, I had this disabled already, but the pointer was appreciated

@hekl Vergiß die Fritte. Stell dir ein OpenVPN Gateway als Client ins Netz und das Site2Site Szenarium steht. VPN mit einer Fritte sollte man sich nun wirklich nicht mehr antun! LG

@vistatech said in routing specific packets through IPSEC gre tunnel: 10.1.1.20 Hey And why is outgoing NAT used ? Try disabling it . I have a similar scheme and everything works fine without NAT. The question such, Pfsense can ping a host 10.1.1.20 ?

@k15 Don't mention it Good luck

Hi, your machines uses s.o windows ? in that case turn off the firewall each and check pin to the other machine

@treborjm87 I'd be curious about this as well... I think you need to establish how much throughput/bandwidth you need and how many concurrent user connections you anticipate, etc? (Is this box dedicated to routing and VPN only or more exotic use cases like running VMs, etc) I've seen some charts floating around with hardware recommendations based on required throughput here and at the servethehome website.

2.3.2... I just don't get this.. Why would you not be on at least 2.3.5p2? 2.3.2 is no longer supported.. And to be honest the 2.3.x line is EOL here soon.. Like tmrw ;) https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html

Changed the client's metric. Ethernet > VPN.