Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn clients unable to reach servers through ipsec connection (AZURE)

    OpenVPN
    1
    2
    534
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qhdevon43
      last edited by

      Hey Guys,

      I have searched the threads for over a week and haven't found an answer to my solution… so here it goes.

      We have pfsense with an IPSEC connection to Azure - All works great and well no issues on that side.
      In azure we have one phase 1 connection and 2 phase two connections. Below are the screen shots.
      Our main LAN subnet is 10.0.1.0/24. Our Azure Virtual network is 10.11.0.0/16. Our OpenVPN subnet is 10.0.12.0/24
      The issue we have is our OpenVPN users cannot access the resources ( servers) on the Azure side but they can access our main LAN perfectly fine.
      I have read other post where they said they need a "second" phase 2 connection so I was positive that would work , then I tried the "push route " scenario where in
      Openvpn Servers were we added the following under "Advanced Configuration"

      push "route 10.11.0.0 255.255.0.0"
      push "route 10.0.1.0 255.255.255.0"

      Also In the "IPv4 Local network(s) area in the openvpn servers tab we added the following information too
      10.0.1.0/24, 10.11.0.0/16

      But nothing has worked... The only thing I can think of is a NAT or RULE needs to be configured but I believe we said everything from any to any for both ipsec and openvpn rules. Im totally lost and any help would be greatly appreciated.

      Phase 1 Picture

      Phase 2 ( First phase 2 connection)

      Phase 2 ( Second phase 2 connection)

      1 Reply Last reply Reply Quote 0
      • Q
        qhdevon43
        last edited by

        Well I feel stupid. I started to do  traceroute from Diagnostics tab and did a ping test from server located inside the azure network and realized it the traceroute was leaving my network but stopping when it hit Azure. So i logged into Azure and checked my "Local network gateway" and realized that forgot to add the address space of 10.0.12.0/24. Yay its working

        Also I had to switch the outbound NAT to Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT) with the rules generated.  The order of the outbound NAT are very important to getting it work correctly.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.