Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSec VPN Tunnel to Azure - local no way into the tunnel but rather to the WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec VPN Tunnel to Azure - local no way into the tunnel but rather to the WAN (Read 801 times)
mmossako
Newbie
Posts: 2
Karma: 0
IPSec VPN Tunnel to Azure - local no way into the tunnel but rather to the WAN
«
on:
February 19, 2024, 10:14:50 pm »
Hi,
I am working on setting up the IPSec VPN (Route based) to Msft Azure according to the official Opnsense tutorial and several other posts and articles.
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html
The tunnel (both phases) has been established and I can ping from a server on Azure to a local subnet server behind the Opnsense firewall.
From Opnsense itself (Gui and Shell) I can also ping a Linux server in Azure and traceroute on the OPNSense box is giving me a single hop to the server in Azure via the tunnel. So the static route and the Gateway seem to be working ok.
However I cannot get any connection from a server in the local site via Opnsense&Tunnel to a server in Azure.
Traceroute and the firewall logs are showing a direct connection to the WAN interface and from there into the internet and obviously a connection request to a 10.1.2.4 address leads to nowhere.
It looks like the routing is not using the tunnel but rather the WAN link
I have read about:
- adding a second Phase 2 entry in the Tunnel definition with different addresses
- adding a new Firewall rule to overrule a generic Firewall rule that is pushing everything to the outside
- Removing the configuration on the firewall to disable force Gateway and to not install routes.
None of them helped (or I configured them wrong).
Looks to me as a local routing or a firewall rule issue as in principle the tunnel is working in both directions. Couple of weeks ago I also tried to connect AWS also with no success
Where else to look?
Thanks
Logged
mmossako
Newbie
Posts: 2
Karma: 0
Re: IPSec VPN Tunnel to Azure - local no way into the tunnel but rather to the WAN
«
Reply #1 on:
February 26, 2024, 12:21:44 am »
Solved it.
2 years ago I have implemented Multi WAN Setup and introduced a Group Gateway.
https://docs.opnsense.org/manual/how-tos/multiwan.html
The new VPN Gateway was automatically included in the Gateway Group but with action to never be chosen. Therefore no traffic could enter the Gateway and the tunnel.
After disabling the group it works like explained in the docs.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSec VPN Tunnel to Azure - local no way into the tunnel but rather to the WAN