Suggested Corrections re Azure Route Based VPN Instructions

[mossywell]

Hi, a few things I noticed when going through the instructions:

1.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-1-phase-1-opnsense
This section suggests using a description "IPsec Azure". However, I had issues with this later on when creating the gateway object (https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-6-define-gateways) because when I had a description entered, the description (alias) for the network interface appeared in the drop down list, but when I tried entering the IP address in the gateway field, it errored something about there being no IP address on that interface. Interestingly, if I left the description field blank, the device name appears in the drop down list appears instead and it works. But if I _then_ add a description field in the Phase 1 field (that is, after creating the gateway object), it no longer errors. Therefore, I recommend in the instructions to lave the description field blank on the Phase 1 config to avoid the same problem. (It is clear from the instructions that later on, you've done the same thing because the instructions later say to use the interface IPSEC1000, not IPsecAzure ;-) )

2.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-2-phase-2-opnsense
There is no button that says "Show 0 Phase 2 Entries". There is, however, a button that says "Add phase 2 entry"
The statement "you might already know from OpenVPN" I think doesn't belong here.

3.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#phase-2-proposal-sa-key-exchange
After hitting "Save" the Apply button disappears (I assume that Save also Applies?)

4.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-3-set-mss-clamping
Should there be an "Apply" after hitting Save?

5.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#id3
This says "Under Firewall -> Rules -> IPsec". I notice that there is also an interface called "AzureIPsec". It looks like the firewall is seeing both "IPsec" and "AzureIPsec". Is this a bug? Also, when I look at the automatically created rules in IPsec, it has already created an IP4+6 "any to any" rule already, so the manualy addition of this rule is superfluous?
EDIT: OK, I didn't notice the arrow direction. My bad. ;-)

6.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-6-define-gateways
This says to set the interface to IPSEC1000, but there is no interface IPSEC1000. There is, however, an interface "IPsecAzure" (if a Description was enterred earlier). Again, there seems to be a discrepancy between the device and the interface name. See my first point above.
There is a "Save" instruction missing at the end of this section.

7.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html#step-7-add-static-routes
There is a "Apply" instruction missing at the end of this section.


HTH

[mimugmail]

Thx for the hints, you can edit the file in GitHub to propose the changes

[mossywell]

  I should have spotted that, shouldn't I? Will do.

[mimugmail]

I'll get a note when there is a PR and happy to review.
Thanks man!