Azure Site to Site VPN with Transit Gatewa<\/p>\n
i am new to this networking stuff, been scratching my head over using one Virtual Gateway and one connection to connect to two different VNET that has been peered.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
https:\/\/preview.redd.it\/36ouid5c0bia1.jpg?width=621&format=pjpg&auto=webp&v=enabled&s=445bc91d0f0ed02790c3eae89e85698c569b5fff<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
What I want to achieve:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
\\- Able to connect from VM C On Prem to VNET-02 VM B passing through VNET-01 and vice versa<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
What I have done:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
* VNET-01 Peered to VNET-02<\/p>\n
<\/p>\n
* Traffic to remote virtual network: Allow<\/p>\n
<\/p>\n
* Traffic forwarded from remote virtual network: Allow<\/p>\n
<\/p>\n
* Virtual network gateway or Route Server: Use this virtual network’s gateway or Route Server<\/p>\n
<\/p>\n
* VNET-02 Peered to VNET-01<\/p>\n
<\/p>\n
* Traffic to remote virtual network: Allow<\/p>\n
<\/p>\n
* Traffic forwarded from remote virtual network: Allow<\/p>\n
<\/p>\n
* Use the remote virtual network’s gateway or Route Server<\/p>\n
<\/p>\n
* On Prem Router (OpenWRT)<\/p>\n
<\/p>\n
* Forwarded Port 500 and 4500 to Libreswan VM to [192.168.7.40](https:\/\/192.168.7.40)<\/p>\n
<\/p>\n
* Added Static Route:<\/p>\n
<\/p>\n
* Target: [10.17.5.0\/24](https:\/\/10.17.5.0\/24)<\/p>\n
<\/p>\n
* Gateway: [192.168.7.40](https:\/\/192.168.7.40)<\/p>\n
<\/p>\n
* Local Network Gateway<\/p>\n
<\/p>\n
* Address Spaces: [192.168.7.0\/24](https:\/\/192.168.7.0\/24)<\/p>\n
<\/p>\n
* Libreswan VM Con<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
conn some-tunnel<\/p>\n
<\/p>\n
authby=secret<\/p>\n
<\/p>\n
auto=start<\/p>\n
<\/p>\n
dpdaction=restart<\/p>\n
<\/p>\n
dpddelay=30<\/p>\n
<\/p>\n
dpdtimeout=120<\/p>\n
<\/p>\n
ike=aes256-sha1;modp1024<\/p>\n
<\/p>\n
ikelifetime=3600s<\/p>\n
<\/p>\n
ikev2=yes<\/p>\n
<\/p>\n
keyingtries=3<\/p>\n
<\/p>\n
pfs=yes<\/p>\n
<\/p>\n
phase2alg=aes128-sha1<\/p>\n
<\/p>\n
left=[Virtual Gateway Public IP]<\/p>\n
<\/p>\n
leftsubnets=10.17.5.0\/24<\/p>\n
<\/p>\n
right=%defaultroute<\/p>\n
<\/p>\n
rightsubnets=192.168.7.0\/24<\/p>\n
<\/p>\n
salifetime=3600s<\/p>\n
<\/p>\n
type=tunnel<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
What is working:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
* VM A on VNET 01 able to ping VM B on VNET 02 and vice versa<\/p>\n
<\/p>\n
* On Prem VM C able to ping VM A on VNET 01 and vice versa<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
What is not working:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
* On Prem VM C not able to ping VM B on VNET 02 and vice versa<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Additional stuff tried:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
* Added another Static Route<\/p>\n
<\/p>\n
* Target: [10.17.5.0\/24](https:\/\/10.17.5.0\/24)<\/p>\n
<\/p>\n
* Gateway: [192.168.7.40](https:\/\/192.168.7.40)<\/p>\n
<\/p>\n
* Modified Libreswan Config File<\/p>\n
<\/p>\n
* leftsubnets: {[10.17.5.0\/24,10.17.4.0\/24](https:\/\/10.17.5.0\/24,10.17.4.0\/24)}<\/p>\n
<\/p>\n
* Outcome:<\/p>\n
<\/p>\n
* When i check [ipsec.services](https:\/\/ipsec.services), I can see [10.17.4.0\/24](https:\/\/10.17.4.0\/24) failed to connect to the tunnel.<\/p>\n","protected":false},"author":0,"comment_status":"open","ping_status":"closed","template":"","question-category":[28],"question_tags":[],"class_list":["post-511","question","type-question","status-publish","hentry","question-category-others"],"yoast_head":"\n