Messages

1

22.1 Legacy Series / Re: OPNSense on Azure messing up routes?

« on: April 06, 2022, 05:04:45 am »

There is no general rule if azure 168.63.129.16 should be routed via hn0 or hn1, it depends on your underlying azure infrastructure deployment and the usecase(s) related to 168.63.129.16.

On pitfall is that OPNSense tries to talk to 168.63.129.16 on both interfaces.

Example:

- Your OPNsense is using Azure DNS on LAN/hn0 (route 168.63.129.16 -> LAN/hn0).  This is outbound connection from OPNsense to Azure
- You have incoming connection from Azure Loadbalancer Healthprobe (also 168.63.129.16) on WAN/hn1

=> loadbalancer probe will always fail because answer is routed via LAN.

So first make sure that you see all packets with source OR destination address = 168.63.129.16 in logs. Then check if they are on the same interface. If not, it won't work even if you flip LAN/WAN assignments to hn0/hn1.
There are solutions for this problem, but they depend on the Use-Case and the underlying azure infrastructure.

If connections to/from 168.63.129.16 are all on the same interface, i think it is a problem of your underlying infrastructure deployment or System->Gateways->Single configuration problem.

But again, without more details i cannot offer solution.