4. VPN S2S (IPsec) Azure - the server itself cant reach Azure Virtual Network

VPN S2S (IPsec) Azure - the server itself cant reach Azure Virtual Network

  • C

    Hi,

    I did setup a VPN conection S2S with an Azure Virtual network.
    Everything works fine, but with one exception.

    I cant reach noting as destination Azure virtual network and source pfsense server itself.

    To make my self more clear.

    I have an AD (active directory) forest setup on Azure Virtual network.  I can reach the AD master from my LAN:

    Here is a ping from my workstation, behind pfsense

    –- admsweasvm01.eu.buddyguard.tech ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3003ms

    When I am pinging from pfsense router I cant reach admsweasvm01.

    The reason I want to reach the Azure AD server from pfsense router is to setup the LDAP.
    As port 389 I can reach it from my workstation, behind pfsense :

    telnet admsweasvm01 389
    Trying 192.168.48.6...
    Connected to admsweasvm01.
    Escape character is '^]'.
    ^CConnection closed by foreign host.

    But from pfsense router I cant.

    All the tests shows there is no issue with the VPN or firewall on the destination, since everything working from my station so that means is an issue with pfsense and I have no clue where to start to dig in.

    Any ideas?

    Thank you!

    0
  • C

    Found the issue that I could not ping.
    The  traffic from pfsense is not going via lan interface automatically. If I am specifying the interface I have trafic:

    PING 192.168.48.5 (192.168.48.5) from 192.170.0.1: 56 data bytes
    64 bytes from 192.168.48.5: icmp_seq=0 ttl=127 time=39.681 ms
    64 bytes from 192.168.48.5: icmp_seq=1 ttl=127 time=39.773 ms
    64 bytes from 192.168.48.5: icmp_seq=2 ttl=127 time=39.590 ms

    –- 192.168.48.5 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 39.590/39.681/39.773/0.075 ms

    Now I wonder I I tell to LDAP to bind to specific interface ?

    0
  • C

    I did figure it out.

    I have created a "LANGATWAY" that is my pfsense LAN interface IP adress (192.170.0.1) then i have created a static route Azure virtual network via "LANGATEWAY"

    Gateway

    Name Interface Gateway Monitor IP Description Actions
    LANGATEWAY LANIPV4 192.170.0.1 192.170.0.1 Lan gateway

    Static Routes

    192.168.48.0/20 LANGATEWAY - 192.170.0.1 LANIPV4

    Hope this will help others that will face same issue.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy