Pfsense IPSec IKEv2 Tunnel to Azure - Traffic not routed to azure except from pfsense itself

  • Hi,

    before bashing me, I already read all posts I've found in WWW.... :-(

    My configuration:

    Azure VNET:
    Azure GW subnet:
    Azure client subnet:

    Local Subnet (on prem):

    I configured my tunnel phase 1 & 2 settings based on:

    Azure: Tunnel is up and running...
    PFSense: Tunnel is up and running...
    Which means the site-to-site connection is working fine.

    Firewall Rules local interface to Azure: allow ALL/ALL
    Firewall Rules IPSEC to local: allow ALL/ALL

    My PFsense WAN interface has a static public WAN IP via my ISP.

    The issue::

    Pinging the Azure client from my local client: Nope Nope Nope Nope.... whaaat?!??!
    I don't understand, why pinging or any form of access just won't work from the on prem infrastructure to my Azure infrastructure, when the other way around just works fine.

    Troubleshooting so far:

    Ping from Azure client to local client: yeeehaaa... working fine...
    Ping from PFsense to Azure client: yeeeeeeeeehaaaaaa... working fine....
    tracert from Azure to local: first hop responds with a *, second hop responds with the local IP address.
    tracert from local to Azure: all hops respond with *

    I'll try to configure Point-To-Site configuration just for testing my Azure config but I'm sure everything is configured correctly on the cloud-side.

    If you have any hints, ideas, whatever just feel free...



Log in to reply