Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VPN S2S (IPsec) Azure - the server itself cant reach Azure Virtual Network

    IPsec
    1
    3
    374
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cradulescu last edited by

      Hi,

      I did setup a VPN conection S2S with an Azure Virtual network.
      Everything works fine, but with one exception.

      I cant reach noting as destination Azure virtual network and source pfsense server itself.

      To make my self more clear.

      I have an AD (active directory) forest setup on Azure Virtual network.  I can reach the AD master from my LAN:

      Here is a ping from my workstation, behind pfsense

      –- admsweasvm01.eu.buddyguard.tech ping statistics ---
      4 packets transmitted, 4 received, 0% packet loss, time 3003ms

      When I am pinging from pfsense router I cant reach admsweasvm01.

      The reason I want to reach the Azure AD server from pfsense router is to setup the LDAP.
      As port 389 I can reach it from my workstation, behind pfsense :

      telnet admsweasvm01 389
      Trying 192.168.48.6...
      Connected to admsweasvm01.
      Escape character is '^]'.
      ^CConnection closed by foreign host.

      But from pfsense router I cant.

      All the tests shows there is no issue with the VPN or firewall on the destination, since everything working from my station so that means is an issue with pfsense and I have no clue where to start to dig in.

      Any ideas?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • C
        cradulescu last edited by

        Found the issue that I could not ping.
        The  traffic from pfsense is not going via lan interface automatically. If I am specifying the interface I have trafic:

        PING 192.168.48.5 (192.168.48.5) from 192.170.0.1: 56 data bytes
        64 bytes from 192.168.48.5: icmp_seq=0 ttl=127 time=39.681 ms
        64 bytes from 192.168.48.5: icmp_seq=1 ttl=127 time=39.773 ms
        64 bytes from 192.168.48.5: icmp_seq=2 ttl=127 time=39.590 ms

        –- 192.168.48.5 ping statistics ---
        3 packets transmitted, 3 packets received, 0.0% packet loss
        round-trip min/avg/max/stddev = 39.590/39.681/39.773/0.075 ms

        Now I wonder I I tell to LDAP to bind to specific interface ?

        1 Reply Last reply Reply Quote 0
        • C
          cradulescu last edited by

          I did figure it out.

          I have created a "LANGATWAY" that is my pfsense LAN interface IP adress (192.170.0.1) then i have created a static route Azure virtual network via "LANGATEWAY"

          Gateway

          Name Interface Gateway Monitor IP Description Actions
          LANGATEWAY LANIPV4 192.170.0.1 192.170.0.1 Lan gateway

          Static Routes

          192.168.48.0/20 LANGATEWAY - 192.170.0.1 LANIPV4

          Hope this will help others that will face same issue.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post