Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure pfSense ipsec IP Forwarding

    General pfSense Questions
    1
    2
    756
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jdemmer
      last edited by

      Hello,

      I have been trying to figure out how to use pfSense in azure as an ipsec VPN endpoint. I have successfully deployed single NIC marketplace pfsense in azure. After bringing up IPSEC...From my local network I can only ping the pfsense interface. I cannot ping any other VM's in azure that are on the same subnet. Now from my understanding this is because azure VM's cannot change their default gateway. So i believe the recommended solution is to create a route table in azure to route 0.0.0.0/0 to the pfsense interface and associate the subnet. And then enable IP Forwarding on the pfsense NIC. As soon as I do this I lose all communication with azure VM's and the pfSense appliance in azure. My configuration is as follows:
      pfsense on prem: 10.169.169.1/24
      pfsense in azure: 10.105.0.4/24
      ipsec tunnel between the two allowing remote network access.
      From on prem I can only ping azure pfsense interface 10.105.0.4
      I have added the following WAN firewall rule on azure pfsense:

      WAN:
      Source: 10.105.0.4/24
      Destination: Any

      I have left a packet capture running when I enable the 0.0.0.0/0 route and can see the Azure windows VM (10.105.0.5) start hitting the WAN interface of azure pfsense. Also when I look at the firewall logs I can see multiple entries showing traffic from 10.105.0.5 being blocked by WAN Default deny rule IPv4 (1000000103) 10.105.0.5:50004 40.67.254.36:443

      I really appreciate any suggestions.

      1 Reply Last reply Reply Quote 0
      • J
        jdemmer
        last edited by

        Solved by adding static routes in azure pfsense and adding UDR routes of the remote network in the azure route table....finally!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.