opnSense in Azure - IPSec s2s VPN with mulitple subnets

Started by sdndreamer, June 15, 2021, 06:57:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 15, 2021, 06:57:52 PM
Hi,
I have deployed opnSense within Azure using the marketplace image and have upgraded it to the latest version.

Vnet=10.0.0.0/8
WAN (hn0)=10.1.31.0/24
LAN (hn1)=10.1.23.0/24
Subnet-A=10.1.20.0/24
Subnet-B=10.1.22.0/24

I have built an IPSec tunnel from on-prem firewall and am able to establish phase 1. Phase 2 looks like is establishing but is unable to pass traffic. Packet captures show on-prem initiated pings entering through the tunnel but not reaching a test machine in subnet-A. Its as if opnSense is not aware of the other subnets and doesn't know where to forward traffic to. I created a static route in opnSense forcing it to route Subnet-A traffic to 10.1.23.1 and still no go. Thankful for any advise received.

OpenVPN on the other hand works beautifully using the desktop client.
June 15, 2021, 09:30:19 PM #1
Did you add  the routing table in Azure to forward traffic to OPNsense?
June 16, 2021, 01:29:10 AM #2
I added the remote network (on-prem) as a UDR with the next hop being the LAN IP of the opnSense instance. I asssociated this UDR with the subnets.

I still haven't figured out how to capture traffic traversing the subnets within the vnet (outside of opnSense and my test Ubuntu VM). That may help answer what route the packets are taking.
Print
Go Up Pages1
User actions