Azure OpnSense S2S VPN not passing traffic to Azure LAN

Started by EBG, June 13, 2023, 11:06:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 13, 2023, 11:06:19 PM
I am running an Azure Virtual OpnSense instance.

I have set up a site-to-site IP tunnel (policy-based) using these instructions:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html

The tunnel is up and passing traffic from Site A (office) to Site B (Azure).
From Site B, I can connect to everything on Site A.
From Site A, the ONLY thing I can talk to on Site B is the OpnSense instance.

From my computer on Site A, I ping something on Site B and see it in the logs as passing through:
--- --- ---   icmp   let out anything from firewall host itself

so the OpnSense firewall doesn't seem to be the issue.

I then thought the issue might be the Azure VM firewalls, so I put in a rule to allow all ICMP.  When I did that, I was able to ping Site A -> Internet -> Azure VM public address, but not Site A -> S2S -> OpnSense -> Azure VM private address

I then read elsewhere in these forums to try turning on IP forwarding on the OpnSense VM, so I did that.   No change.

Any idea why traffic from Site A -> S2S -> Opnsense doesn't get to the Azure LAN?
Print
Go Up Pages1
User actions