opnSense in Azure - IPSec s2s VPN with mulitple subnets

[sdndreamer]

Hi,
I have deployed opnSense within Azure using the marketplace image and have upgraded it to the latest version.

Vnet=10.0.0.0/8
WAN (hn0)=10.1.31.0/24
LAN (hn1)=10.1.23.0/24
Subnet-A=10.1.20.0/24
Subnet-B=10.1.22.0/24

I have built an IPSec tunnel from on-prem firewall and am able to establish phase 1. Phase 2 looks like is establishing but is unable to pass traffic. Packet captures show on-prem initiated pings entering through the tunnel but not reaching a test machine in subnet-A. Its as if opnSense is not aware of the other subnets and doesn't know where to forward traffic to. I created a static route in opnSense forcing it to route Subnet-A traffic to 10.1.23.1 and still no go. Thankful for any advise received.

OpenVPN on the other hand works beautifully using the desktop client.

[mimugmail]

Did you add  the routing table in Azure to forward traffic to OPNsense?

[sdndreamer]

I added the remote network (on-prem) as a UDR with the next hop being the LAN IP of the opnSense instance. I asssociated this UDR with the subnets.

I still haven't figured out how to capture traffic traversing the subnets within the vnet (outside of opnSense and my test Ubuntu VM). That may help answer what route the packets are taking.