Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense IPSec IKEv2 Tunnel to Azure - Traffic not routed to azure except from pfsense itself

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 284 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      igel2805
      last edited by igel2805

      Hi,

      before bashing me, I already read all posts I've found in WWW.... :-(

      My configuration:

      Azure VNET: 10.0.0.0/16
      Azure GW subnet: 10.0.0.0/24
      Azure client subnet: 10.0.254.0/24

      Local Subnet (on prem): 192.168.2.0/24

      I configured my tunnel phase 1 & 2 settings based on: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

      Azure: Tunnel is up and running...
      PFSense: Tunnel is up and running...
      Which means the site-to-site connection is working fine.

      Firewall Rules local interface to Azure: allow ALL/ALL
      Firewall Rules IPSEC to local: allow ALL/ALL

      My PFsense WAN interface has a static public WAN IP via my ISP.

      The issue::

      Pinging the Azure client from my local client: Nope Nope Nope Nope.... whaaat?!??!
      I don't understand, why pinging or any form of access just won't work from the on prem infrastructure to my Azure infrastructure, when the other way around just works fine.

      Troubleshooting so far:

      Ping from Azure client to local client: yeeehaaa... working fine...
      Ping from PFsense to Azure client: yeeeeeeeeehaaaaaa... working fine....
      tracert from Azure to local: first hop responds with a *, second hop responds with the local IP address.
      tracert from local to Azure: all hops respond with *

      I'll try to configure Point-To-Site configuration just for testing my Azure config but I'm sure everything is configured correctly on the cloud-side.

      If you have any hints, ideas, whatever just feel free...

      Thanks!

      BR
      Martin

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.