Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure VPN > Head Office > OpenVPN - No Access

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 563 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      thenickmarks
      last edited by

      To give some idea of the network architecture;

      Head Office has a Pfsense firewall with a site-to-site IPSec VPN connection to some virtual machines in Azure. When on site (192.168.1.1/22) I have no issues communicating to the Azure VNET (10.0.0.0/16) or its VM's.

      Remote users connect to head office using OpenVPN on Pfsense (10.8.0.0/24) and can access site resources but can't see the Azure VNET.

      I tried adding the route to the OpenVPN server config (push "route 10.0.0.0 255.255.0.0"), but that made no difference.

      Any direction on how to make the AZ VNET visible to remote users would be appreciated.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        The IPSec tunnel, assuming it's policy based, must carry that traffic. So you would need an additional P2 for: 10.8.0.0/24 <-> 10.0.0.0/16

        Steve

        T 1 Reply Last reply Reply Quote 1
        • T Offline
          thenickmarks @stephenw10
          last edited by

          @stephenw10

          Thanks for that. Makes sense. I've added the P2, but still not seeing the AZVNET though.

          f5916dbe-d955-43e6-82b3-1a1c52b58813-image.png

          Anything else I could be missing?

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Did the P2 establish? Do you see traffic on it on the state counters in the IPSec status?

            You can try to ping across it from pfSense itself by setting the source IP to the OpenVPN server.

            To use it from an OpenVPN client you need a route, which it looks like you added, and firewall rules on the OpenVPN in pfSense and in Azure.

            Steve

            T 1 Reply Last reply Reply Quote 1
            • T Offline
              thenickmarks @stephenw10
              last edited by

              That was it!

              I had everything set up on pfSense after adding the P2, but the Azure VNET wasn't aware of the 10.8.0.0/24 address space.

              Thanks Stephen.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.