The pfSense Store

Author Topic: openvpn clients unable to reach servers through ipsec connection (AZURE)  (Read 72 times)

0 Members and 1 Guest are viewing this topic.

Offline qhdevon43

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hey Guys,

I have searched the threads for over a week and haven't found an answer to my solution... so here it goes.


We have pfsense with an IPSEC connection to Azure - All works great and well no issues on that side.
 In azure we have one phase 1 connection and 2 phase two connections. Below are the screen shots.
Our main LAN subnet is 10.0.1.0/24. Our Azure Virtual network is 10.11.0.0/16. Our OpenVPN subnet is 10.0.12.0/24
The issue we have is our OpenVPN users cannot access the resources ( servers) on the Azure side but they can access our main LAN perfectly fine.
I have read other post where they said they need a "second" phase 2 connection so I was positive that would work , then I tried the "push route " scenario where in
Openvpn Servers were we added the following under "Advanced Configuration" 

push "route 10.11.0.0 255.255.0.0"
push "route 10.0.1.0 255.255.255.0"


Also In the "IPv4 Local network(s) area in the openvpn servers tab we added the following information too
10.0.1.0/24, 10.11.0.0/16


But nothing has worked... The only thing I can think of is a NAT or RULE needs to be configured but I believe we said everything from any to any for both ipsec and openvpn rules. Im totally lost and any help would be greatly appreciated.

     Phase 1 Picture


    Phase 2 ( First phase 2 connection)


    Phase 2 ( Second phase 2 connection)



Offline qhdevon43

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: openvpn clients unable to reach servers through ipsec connection (AZURE)
« Reply #1 on: December 29, 2017, 11:40:41 am »
Well I feel stupid. I started to do  traceroute from Diagnostics tab and did a ping test from server located inside the azure network and realized it the traceroute was leaving my network but stopping when it hit Azure. So i logged into Azure and checked my "Local network gateway" and realized that forgot to add the address space of 10.0.12.0/24. Yay its working





Also I had to switch the outbound NAT to Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT) with the rules generated.  The order of the outbound NAT are very important to getting it work correctly.
« Last Edit: December 29, 2017, 03:57:18 pm by qhdevon43 »