FRR between Azure pfsense and onpremise pfsense



  • Hi all, I am trying to configure FRR for my connection between my local cluster and Azure. So far I have created two IPSec tunnels between my teo WANs and the two Azure WANs but I am not sure how to configure FRR to use BGP.

    Here is my high level layout
    56e3cb0d-e78b-4b4d-8406-dcf455d8de8b-image.png

    Where I am struggling is:

    • In the FRR global settings I have enabled FRR but I am not sure if I have to configure the Router ID. If I leave it empty, then in the logs I see that the router ID is my secondary public IP address. So, what IP Address should I use as router ID? And most specific, which IP shall I use in Azure? Can it be an IP from one of the three subnets that I use there? My Azure instance has three NICs and one is used for the LAN (10.56.0.0) and the other two for the WANs (10.56.9.0 and 10.56.8.0). So, what router ID can I use?

    • In the firewall, do I have to create any rules for BGP? In the video that I watched it was mentioned that there is BGP traffic in port 179. If I have to create rules, then where do I have to create them? In the IPSec interface?

    • The neighbors Address, which should be? The WAN address or any of the internal IP addresses? Again, especially in Azure, should it be the WAN address, or the NATed internal IP? If none of them, then which IP address should be?

    Any help is much appreciated.

    Thank you all in advance and god bless pfsense ✌


Log in to reply