Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN S2S (IPsec) Azure - the server itself cant reach Azure Virtual Network

    Scheduled Pinned Locked Moved IPsec
    3 Posts 1 Posters 703 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cradulescu
      last edited by

      Hi,

      I did setup a VPN conection S2S with an Azure Virtual network.
      Everything works fine, but with one exception.

      I cant reach noting as destination Azure virtual network and source pfsense server itself.

      To make my self more clear.

      I have an AD (active directory) forest setup on Azure Virtual network.  I can reach the AD master from my LAN:

      Here is a ping from my workstation, behind pfsense

      –- admsweasvm01.eu.buddyguard.tech ping statistics ---
      4 packets transmitted, 4 received, 0% packet loss, time 3003ms

      When I am pinging from pfsense router I cant reach admsweasvm01.

      The reason I want to reach the Azure AD server from pfsense router is to setup the LDAP.
      As port 389 I can reach it from my workstation, behind pfsense :

      telnet admsweasvm01 389
      Trying 192.168.48.6...
      Connected to admsweasvm01.
      Escape character is '^]'.
      ^CConnection closed by foreign host.

      But from pfsense router I cant.

      All the tests shows there is no issue with the VPN or firewall on the destination, since everything working from my station so that means is an issue with pfsense and I have no clue where to start to dig in.

      Any ideas?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • C
        cradulescu
        last edited by

        Found the issue that I could not ping.
        The  traffic from pfsense is not going via lan interface automatically. If I am specifying the interface I have trafic:

        PING 192.168.48.5 (192.168.48.5) from 192.170.0.1: 56 data bytes
        64 bytes from 192.168.48.5: icmp_seq=0 ttl=127 time=39.681 ms
        64 bytes from 192.168.48.5: icmp_seq=1 ttl=127 time=39.773 ms
        64 bytes from 192.168.48.5: icmp_seq=2 ttl=127 time=39.590 ms

        –- 192.168.48.5 ping statistics ---
        3 packets transmitted, 3 packets received, 0.0% packet loss
        round-trip min/avg/max/stddev = 39.590/39.681/39.773/0.075 ms

        Now I wonder I I tell to LDAP to bind to specific interface ?

        1 Reply Last reply Reply Quote 0
        • C
          cradulescu
          last edited by

          I did figure it out.

          I have created a "LANGATWAY" that is my pfsense LAN interface IP adress (192.170.0.1) then i have created a static route Azure virtual network via "LANGATEWAY"

          Gateway

          Name Interface Gateway Monitor IP Description Actions
          LANGATEWAY LANIPV4 192.170.0.1 192.170.0.1 Lan gateway

          Static Routes

          192.168.48.0/20 LANGATEWAY - 192.170.0.1 LANIPV4

          Hope this will help others that will face same issue.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.