Azure Site to Site VPN with Transit Gatewa
i am new to this networking stuff, been scratching my head over using one Virtual Gateway and one connection to connect to two different VNET that has been peered.
What I want to achieve:
\- Able to connect from VM C On Prem to VNET-02 VM B passing through VNET-01 and vice versa
What I have done:
* VNET-01 Peered to VNET-02
* Traffic to remote virtual network: Allow
* Traffic forwarded from remote virtual network: Allow
* Virtual network gateway or Route Server: Use this virtual network’s gateway or Route Server
* VNET-02 Peered to VNET-01
* Traffic to remote virtual network: Allow
* Traffic forwarded from remote virtual network: Allow
* Use the remote virtual network’s gateway or Route Server
* On Prem Router (OpenWRT)
* Forwarded Port 500 and 4500 to Libreswan VM to [192.168.7.40](https://192.168.7.40)
* Added Static Route:
* Target: [10.17.5.0/24](https://10.17.5.0/24)
* Gateway: [192.168.7.40](https://192.168.7.40)
* Local Network Gateway
* Address Spaces: [192.168.7.0/24](https://192.168.7.0/24)
* Libreswan VM Con
conn some-tunnel
authby=secret
auto=start
dpdaction=restart
dpddelay=30
dpdtimeout=120
ike=aes256-sha1;modp1024
ikelifetime=3600s
ikev2=yes
keyingtries=3
pfs=yes
phase2alg=aes128-sha1
left=[Virtual Gateway Public IP]
leftsubnets=10.17.5.0/24
right=%defaultroute
rightsubnets=192.168.7.0/24
salifetime=3600s
type=tunnel
What is working:
* VM A on VNET 01 able to ping VM B on VNET 02 and vice versa
* On Prem VM C able to ping VM A on VNET 01 and vice versa
What is not working:
* On Prem VM C not able to ping VM B on VNET 02 and vice versa
Additional stuff tried:
* Added another Static Route
* Target: [10.17.5.0/24](https://10.17.5.0/24)
* Gateway: [192.168.7.40](https://192.168.7.40)
* Modified Libreswan Config File
* leftsubnets: {[10.17.5.0/24,10.17.4.0/24](https://10.17.5.0/24,10.17.4.0/24)}
* Outcome:
* When i check [ipsec.services](https://ipsec.services), I can see [10.17.4.0/24](https://10.17.4.0/24) failed to connect to the tunnel.