"
I am running an Azure Virtual OpnSense instance.
I have set up a site-to-site IP tunnel (policy-based) using these instructions:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
The tunnel is up and passing traffic from Site A (office) to Site B (Azure).
From Site B, I can connect to everything on Site A.
From Site A, the ONLY thing I can talk to on Site B is the OpnSense instance.
From my computer on Site A, I ping something on Site B and see it in the logs as passing through:
--- --- --- icmp let out anything from firewall host itself
so the OpnSense firewall doesn't seem to be the issue.
I then thought the issue might be the Azure VM firewalls, so I put in a rule to allow all ICMP. When I did that, I was able to ping Site A -> Internet -> Azure VM public address, but not Site A -> S2S -> OpnSense -> Azure VM private address
I then read elsewhere in these forums to try turning on IP forwarding on the OpnSense VM, so I did that. No change.
Any idea why traffic from Site A -> S2S -> Opnsense doesn't get to the Azure LAN?
I have set up a site-to-site IP tunnel (policy-based) using these instructions:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
The tunnel is up and passing traffic from Site A (office) to Site B (Azure).
From Site B, I can connect to everything on Site A.
From Site A, the ONLY thing I can talk to on Site B is the OpnSense instance.
From my computer on Site A, I ping something on Site B and see it in the logs as passing through:
--- --- --- icmp let out anything from firewall host itself
so the OpnSense firewall doesn't seem to be the issue.
I then thought the issue might be the Azure VM firewalls, so I put in a rule to allow all ICMP. When I did that, I was able to ping Site A -> Internet -> Azure VM public address, but not Site A -> S2S -> OpnSense -> Azure VM private address
I then read elsewhere in these forums to try turning on IP forwarding on the OpnSense VM, so I did that. No change.
Any idea why traffic from Site A -> S2S -> Opnsense doesn't get to the Azure LAN?
