Some questions about the firewall



  • Hello everyone,

    I've a pfSense, with the last update installed. I have a S2S VPN to Azure and a S2S VPN IKEv2 for me.
    I don't understand why I've a block traffic through the IP Sec tunnel because a rule is present and allow all port from the IPSec tunnel (see screenshots).

    Another question is, when I'm connected to my IPSec VPN through my laptop, I can't access the subnet who is in Azure. But I can access the LAN (see screen shot for Phase 1 and 2).

    Thanks in advance for your help :)
    Florent







  • Rebel Alliance Global Moderator

    "when I'm connected to my IPSec VPN through my laptop"

    You mean your client is actually on your laptop and your tunneling through pfsense to the vpn server, or your connecting to pfsense vpn while your remote, or you have policy based routing to send your laptops traffic through your vpn via a policy route?

    With policy routing if you want to go elsewhere other than down the tunnel, you need to have rules that allow that traffic or send the traffic down a different gateway before you send all your traffic down a specific gateway.



  • @johnpoz:

    "when I'm connected to my IPSec VPN through my laptop"

    You mean your client is actually on your laptop and your tunneling through pfsense to the vpn server, or your connecting to pfsense vpn while your remote, or you have policy based routing to send your laptops traffic through your vpn via a policy route?

    With policy routing if you want to go elsewhere other than down the tunnel, you need to have rules that allow that traffic or send the traffic down a different gateway before you send all your traffic down a specific gateway.

    Hello,

    Currently I have 2 IPSec VPN:

    • One connected to a gateway in Azure

    • One where I connect my laptop to have access to my lab

    Thanks for your help.
    Florent


  • Rebel Alliance Global Moderator

    So your connecting to your pfsense from the wan side on a roadwarrior vpn connection.  And you want to route traffic from your 1 vpn connection out your other vpn connection.

    Do does this azure site your connected too know how to get to whatever IP your giving your laptop?  Does he know to come down the tunnel back to to pfsense to get to that IP?



  • Hi,

    Thanks for your quick reply.
    Exactly, I want to connect through my VPN on my laptop to the other VPN connected with Azure to access private IP addresses of my Azure VNet.

    The address space of my IPsec VPN is registered in my Azure VPN connection (192.168.3.0/24).

    If I connect to a VM in my lab (192.168.2.0/24) and try to access a VM in Azure (192.168.0.0/24), it works fine.

    Florent



  • Up :)


  • Rebel Alliance Global Moderator

    Well does azure know that to get to 192.168.3 it has to use the tunnel.  Do you have 192.168.3 set as local network, does your outbound nat into that vpn also nat your vpn remote network to that interface so azure knows its from the tunnel, etc.



  • Hello,
    Thanks for the answer and sorry for the late reply.

    I always have the problem.
    Is it possible to connect to an IPSec VPN and after, connect to a range who is through a S2S VPN?

    I think I'm missing something, because if I connect with OpenVPN, it works fine to access to my Azure network.
    But with my IPSec VPN, it doesn't work :(

    Thanks.
    Florent