Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Creating Site-to-Site VPN to Windows Azure…

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Sup3rior
      last edited by

      Hi,

      There's been a thread on connecting to AWS using site-to-site VPN, but none for Azure so I thought I'd share my findings so someone else can benefit from those.
      Spent some time on this as not all features are documented (yet I hope) on generic VPN boxes. Only Cisco and Juniper are apparently supported using autoconfig scripts from Microsoft.
      Settings are from reverse-engineering on those as well as some power-googling.
      Since the service is still in beta, the settings are subject to changes. I'll update what I've posted in case I see these changes.

      But for connecting, these are the settings you need:

      Phase1 settings:

      Remote gateway: as listed in Azure Management portal
      Authentication method: Mutual PSK
      Negotiation mode: main
      My identifier: My IP address
      Peer identifier: Peer IP address
      Encryption: 3DES
      Has: SHA1
      DH group: 2
      SA: 28800
      NAT-T: Enable

      Phase 2:
      Mode: Tunnel
      Local Network: your local network / the network you designated as your local network in the virtual network you created in Azure Management Portal
      Remote Network: The network you created as a virtual network and assigned to your VPN gateway
      Protocol: ESP
      Encryption: 3DES
      Hash: SHA1
      PFS: Off
      SA: 3600

      Regards,
      Anders

      1 Reply Last reply Reply Quote 0
      • P Offline
        plittlemore
        last edited by

        Such a useful tip!

        I've managed to get it connected, but cant connect to anything.  Cant see anything in the firewall logs - any pointers?

        1 Reply Last reply Reply Quote 0
        • S Offline
          Sup3rior
          last edited by

          From which end are you having trouble?

          How is the firewall in your pfSense box configured for the IPsec and LAN interface? And which connections are you not getting through?

          Regards,
          Anders

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.