VPN S2S (IPsec) Azure - the server itself cant reach Azure Virtual Network
-
Hi,
I did setup a VPN conection S2S with an Azure Virtual network.
Everything works fine, but with one exception.I cant reach noting as destination Azure virtual network and source pfsense server itself.
To make my self more clear.
I have an AD (active directory) forest setup on Azure Virtual network. I can reach the AD master from my LAN:
Here is a ping from my workstation, behind pfsense
–- admsweasvm01.eu.buddyguard.tech ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003msWhen I am pinging from pfsense router I cant reach admsweasvm01.
The reason I want to reach the Azure AD server from pfsense router is to setup the LDAP.
As port 389 I can reach it from my workstation, behind pfsense :telnet admsweasvm01 389
Trying 192.168.48.6...
Connected to admsweasvm01.
Escape character is '^]'.
^CConnection closed by foreign host.But from pfsense router I cant.
All the tests shows there is no issue with the VPN or firewall on the destination, since everything working from my station so that means is an issue with pfsense and I have no clue where to start to dig in.
Any ideas?
Thank you!
-
Found the issue that I could not ping.
The traffic from pfsense is not going via lan interface automatically. If I am specifying the interface I have trafic:PING 192.168.48.5 (192.168.48.5) from 192.170.0.1: 56 data bytes
64 bytes from 192.168.48.5: icmp_seq=0 ttl=127 time=39.681 ms
64 bytes from 192.168.48.5: icmp_seq=1 ttl=127 time=39.773 ms
64 bytes from 192.168.48.5: icmp_seq=2 ttl=127 time=39.590 ms–- 192.168.48.5 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 39.590/39.681/39.773/0.075 msNow I wonder I I tell to LDAP to bind to specific interface ?
-
I did figure it out.
I have created a "LANGATWAY" that is my pfsense LAN interface IP adress (192.170.0.1) then i have created a static route Azure virtual network via "LANGATEWAY"
Gateway
Name Interface Gateway Monitor IP Description Actions
LANGATEWAY LANIPV4 192.170.0.1 192.170.0.1 Lan gatewayStatic Routes
192.168.48.0/20 LANGATEWAY - 192.170.0.1 LANIPV4
Hope this will help others that will face same issue.