Openvpn clients unable to reach servers through ipsec connection (AZURE)

  • Hey Guys,

    I have searched the threads for over a week and haven't found an answer to my solution… so here it goes.

    We have pfsense with an IPSEC connection to Azure - All works great and well no issues on that side.
    In azure we have one phase 1 connection and 2 phase two connections. Below are the screen shots.
    Our main LAN subnet is Our Azure Virtual network is Our OpenVPN subnet is
    The issue we have is our OpenVPN users cannot access the resources ( servers) on the Azure side but they can access our main LAN perfectly fine.
    I have read other post where they said they need a "second" phase 2 connection so I was positive that would work , then I tried the "push route " scenario where in
    Openvpn Servers were we added the following under "Advanced Configuration"

    push "route"
    push "route"

    Also In the "IPv4 Local network(s) area in the openvpn servers tab we added the following information too,

    But nothing has worked... The only thing I can think of is a NAT or RULE needs to be configured but I believe we said everything from any to any for both ipsec and openvpn rules. Im totally lost and any help would be greatly appreciated.

    Phase 1 Picture

    Phase 2 ( First phase 2 connection)

    Phase 2 ( Second phase 2 connection)

  • Well I feel stupid. I started to do  traceroute from Diagnostics tab and did a ping test from server located inside the azure network and realized it the traceroute was leaving my network but stopping when it hit Azure. So i logged into Azure and checked my "Local network gateway" and realized that forgot to add the address space of Yay its working

    Also I had to switch the outbound NAT to Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT) with the rules generated.  The order of the outbound NAT are very important to getting it work correctly.

Log in to reply