Azure VPN


#1

Hi,

I have a VPN setup between Azure and Vyos, the connections have been established and working perfectly, but when i enable zone-polices it blocks all traffic between the Local Subnet and the Azure Subnet.

The remote subnet is 172.17.0.0/24 and my local subnet is 172.16.0.0/24 i have a zone-policy and firewall rules configured on my local subnet which i assume is blocking the traffic, but how do i define rules to allow traffic to flow between the VPN connection and local subnet as i don’t know how to configure the a zone-policy for the VPN connection?

Hope that makes sense.

Cheers

Tommy.


#2

Hello,
check out this post
http://forum.vyos.net/showthread.php?tid=26893


#3

Hi, Thanks for the link.

I have managed to get this working now. So just in case anyone else comes across the same issues, here’s what i had to do:

i have the VYOS setup with Zone-Polices with each interface assigned a zone. DMZ, Production and so on. As i only have a single outbound interface (eth0) i set this as my DMZ zone and my VPN is set to use the same interface. So to get the traffic flowing between Azure and my Local Subnet i had to create source IP firewall rules within my DMZ Zone-Policy. (DMZ-PROD) and vice versa.

The only problem i have now is that to enable traffic to flow from my local Subnet to Azure I’ve had to disable NAT, which now prevents my Local servers from accessing the internet. :frowning:
I’m sure there must be a way to have NAT enable and still be able to communicate with Azure, but i dont know how yet.

Anyway, hope this all makes sense.

Cheers

Tommy.