Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense in azure - udp/icmp outbound nat does not work from spoke networks
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense in azure - udp/icmp outbound nat does not work from spoke networks (Read 666 times)
joost123
Newbie
Posts: 1
Karma: 0
OPNsense in azure - udp/icmp outbound nat does not work from spoke networks
«
on:
December 22, 2023, 12:12:56 am »
Hi,
I'm have installed OPNsense in Azure as NVA. The setup:
1 (hub) vnet with address spaces:
* 172.30.0.0/20
* 192.168.123.0/24
subnets:
* 172.30.1.0/24 (default)
* 192.168.123.0/24 (ext)
OPNsense network interfaces:
* WAN (hn0) 192.168.123.4 (DHCP)
* LAN (hn1) 172.30.1.254 (DHCP)
(172.30.1.254 (default subnet))-[OPNsense]-(192.168.123.4 (ext subnet)) <-> (public ip to internet)
I have created an outbound nat rule for 172.30.0.0/16 and an azure routing rule that 0.0.0.0/0 is routed throug OPNsense (172.30.1.254). This works perfectly. All machines from within the default subnet (172.30.1.0/24) can access the internet, no problem
Additionally to this I've added a spoke vnet with address range 172.30.32.0/20 and added a subnet 172.30.32.0/24. I created a peering to the hub vnet and also the azure route (UDR) that all 0.0.0.0/0 traffic goes through OPNsense (172.30.1.254).
Now the problem:
I want to outbound nat from the peered vnet via opnsense, machines internet access.
This works perfectly for tcp traffic, but for icmp/udp this does not work.
By looking at the packet capture (see attachment), the reply from the server (ping to 1.1.1.1) is routed to the wan interface, which (in my perspective) must be the lan interface.
I've tried a lot of things with routes, udr routes, nothing to get it to work.
Does some have an idea what i am doing wrong?
Kind regards,
Joost
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense in azure - udp/icmp outbound nat does not work from spoke networks