OpnSense to OpnSense VPN

[romey2042]

So I have a OpnSense box at my house and it is connected to an OpnSense VM in the Azure cloud. I have them both configured the same and the IPSec VPN is up. From the Azure side I can ping the other side, however from home I can not ping anything in azure. I have the routes set up. Am I missing something, could it be because Azure is nat'd and I need something there? I have the NSG set to allow all traffic in.

(Home: 10.1.10.0/24)
(Azure: 10.0.0.0/24)

Has anyone got this to work?

[mimugmail]

Is this a routed ipsec tunnel? Can you check if you have ipsec networks in automatic outbound nat (which doesn't work)?

[sl1200mk2]

I had basically this same issue doing a lab with Opnsense to Opnsense (both VM's within Azure). I could ping both sides of the tunnel interfaces from within each Opnsense VM, but nothing else.  My issue was having not enabled 'IP Forwarding' on the NIC's of each VM within the Azure portal.  Once that was completed, everything was accessible on both sides.

"Any network interface attached to a virtual machine that forwards network traffic to an address other than its own must have the Azure Enable IP forwarding option enabled for it. "

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Hopefully this helps someone else.

[mimugmail]

Thanks for sharing