I have configured as an OpenVPN server (Debian) and other servers in Azure network 172.20.0.0/24 which is connected to on-premises network (10.1.0.0/24) via site-to-site VPN IPsec tunnel.
Connection was established between Virtual Network Gateway on Azure and local Paloalto. Network connection from azure to local network works fine:
(172.20.0.0 <------> 10.1.0.0/24).
On the openvpn server's been configured point to site vpn for clients with address space 172.32.128.0/17.
From client to Azure communication works well:
(172.32.128.0 <----->172.20.0.0/24)
but I have a problem in that, when I attempt to ping on-premises network (10.1.0.0/24).
Not connection between (172.32.128.0 <- ------/------- -> 10.1.0.0/24)
Pinging 10.1.0.8 (DNS on local site) from 172.32.128.14 (Client connected to OpenVpn)
I received (request timeout):
Packets captured on Vitual Network Gateway Azure:
172.20.0.5 10.1.0.8 ICMP 130 Destination unreachable (Port unreachable)
(Here rather than 172.32.128.14 address we can se 172.20.0.5 OpenVpn Azure Interface, despite masquerade is disabled and routing and packet forwarding is enabled.)
Tcpdump Openvpn:
IP 172.32.128.14 > 10.1.0.8: ICMP echo request, id 1, seq 970, length 40
OpenVpn server shows tcpdump requests from 172.32.128.14 to 10.1.0.8 but not reply.
What’s more on PaloAlto (Local Network) I can see requests from 172.32.128.14 and reply from 10.1.0.8 but packets not reach the network 172.32.128.0/17, it looks like packets were lost before enter to azure network.
Route table shows (OpenVpn):
default via 172.28.1.1 dev eth0
10.1.0.0/24 via 172.28.1.1 dev eth0
172.20.0.0/24 dev eth0 proto kernel scope link src 172.20.0.5
172.32.128.0/17 via 172.32.128.2 dev tun0
172.32.128.2 dev tun0 proto kernel scope link src 172.32.128.1
172.20.0.5 is OpenVpn interface on Azure
Azure route table:
Name | Network | Next Hop Type
ToAure | 172.31.128.0/17 | 172.20.0.5
ToLocalNet | 10.1.0.0/24 | VirtualNetworkGateway
Any thoughts as to why I'm not getting to local net from client net? Thanks very much for your help!
