Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure Pfsense to Onprem Pfsense VTI routed - port 80 works but ping only one way

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 647 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacoventer
      last edited by jacoventer

      Hello Everyone

      I am experiencing a strange issue with my setup.

      Azure subnet: 10.3.0.0 /24
      Peered with:
      Azure subnet: 10.4.0.0 /24(Pfsenes VA)

      Azure Pfsense virtual appliance. (forwarding enabled on interfaces)
      Azure route table entry to forward on-prem LAN traffic to 10.4.1.4
      WAN: 10.4.1.4 (associated public IP)
      LAN: 10.4.0.4

      VTI tunnel from VA to on Prem.

      WAN: static IP
      LAN: 172.30.0.0/16

      BGP setup between the the VA and the on-prem.

      Problem:
      The one prem 172.30 network can ping the 10.3 network.
      The 10.3 network cannot ping the 172.30 network, but can access router on the web port 80.

      Anyone have idea what could be causing this? I have scoured the internet with no solution and spent 3 days trying various different fixes, MTU, VSS clamping etc.

      Kind Regards

      1 Reply Last reply Reply Quote 0
      • J
        jacoventer
        last edited by

        Just found the answer

        The solution was to create another routing table on the 10.4.0.0/24 subnet.

        Both the below rules were needed on both subnets

        172.30.0.0 /16 - next hope VA IP 10.4.1.4.

        Hindsight is a wonderfull thing.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.