Routed IPsec (VTI) to Azure - Does it work?
richard.gray last edited by
Has anyone been successful in establishing a routed IPsec connection (VTI) between pfSense and the Microsoft Azure VPN gateway? Tunnel mode works fine for me, but I can't get routed mode working for the life of me. I guess my main question is how to configure the local and remote addresses/networks in the pfSense side phase 2 connection.
The closest I've got so far is by setting the local network to a small private range, and the remote address to the private address for the Azure VPN gateway (i.e. the GatewaySubnet address). With this configuration in place, I can establish a BGP session between pfSense and Azure, so there's some basic connectivity there. If I try to connect from pfSense to a host on the Azure side though, I see packets leaving the ipsec2000 interface, but nothing coming back.
It's not obviously a routing problem because I see my BGP advertised routes in the effective routes table in the Azure portal for my VM. And I don't think it's a firewall or security group problem because the same rules work fine when I'm using tunnel mode.
Has anyone managed to get this to work?
wdupreez last edited by
Did you ever get this working?