Azure site to site VPN to OPNSense VPN
I have an Azure Site to Site VPN to an OPNSense using IPsec. I have tried a multitude of configurations and its not quite working. When I manually start the VPN it states that it is up in OPNSense but no data is being transferred. If I use ssh on a device on-prem to a vm in azure it opens the connection and I can log on to the azure VM. After while it seems the connection stops (still shows as up in OPNSense and Azure) If i try to ssh from the azure VM to the device on-prem it doesn't work and the connection times out. If I do the reverse again (on prem VM to azure vm) and try to ssh the connection opens and all is ok for a while.
UDP ports 500 and 4500 are allowed through the OPNSense Firewall rules
Here are my current settings. I have tried many.
OPN Sense - Version 24.7.4_1-amd64
Phase 1
Proposals - aes256-sha384-ecp384[DH20, NIST EC]
Version - IKEv2
MOBIKE - checked
Re-auth time - 86400
Re-key - 1440
DPD Delays - 30
DPD Timeout - 120
Phase 2
aes256gcm16-sha256-ecp384[DH20, NIST EC]
Policies - enabled
Start action - Start
Close action - None
DPD action - Start
Rekey time - 14400
Azure connection configs
Phase1
Encryption - AES256
Integrity/PRF - SHA384
DH Group - ECP384
Phase 2
IPSec Encryption - GCMAES256
IPSec Integrity - GCMAES256
PFS Group - ECP384
IPSec SA lifetime in seconds - 86400
DPD timeout - 45
Connection mode - Default.
Has anyone seen or have this combination of Azure Network gateway and OPNSense Firewall working well.
The only way I can keep the connection up is using a device on-prem doing an icmp request to a device in azure.
Kind regards