I have a VPN setup between Azure and Vyos, the connections have been established and working perfectly, but when i enable zone-polices it blocks all traffic between the Local Subnet and the Azure Subnet.
The remote subnet is 172.17.0.0/24 and my local subnet is 172.16.0.0/24 i have a zone-policy and firewall rules configured on my local subnet which i assume is blocking the traffic, but how do i define rules to allow traffic to flow between the VPN connection and local subnet as i don’t know how to configure the a zone-policy for the VPN connection?
I have managed to get this working now. So just in case anyone else comes across the same issues, here’s what i had to do:
i have the VYOS setup with Zone-Polices with each interface assigned a zone. DMZ, Production and so on. As i only have a single outbound interface (eth0) i set this as my DMZ zone and my VPN is set to use the same interface. So to get the traffic flowing between Azure and my Local Subnet i had to create source IP firewall rules within my DMZ Zone-Policy. (DMZ-PROD) and vice versa.
The only problem i have now is that to enable traffic to flow from my local Subnet to Azure I’ve had to disable NAT, which now prevents my Local servers from accessing the internet.
I’m sure there must be a way to have NAT enable and still be able to communicate with Azure, but i dont know how yet.