It took abut thirty minutes for the Microsoft Azure Virtual Network Gateway to be created. You can't do anything else until this is completed.

Provision in this order:

  1. Virtual Network Gateways, this is used so your AzureVMs can talk outside, 30 minutes
  2. Local Network Gateways (enables pFsense to connect to Azure), 15 minutes
  3. IP Address (home)
  4. Configuration: Local Subnet Range, 192.168.2.0/24
  5. Virtual Networks, this is used so your AzureVMs can talk to each other, 10 minutes
  6. Address Space: 10.1.0.0/16
  7. Subnets: 10.1.0.0/24 (AzureVM network)
  8. Virtual Machine, 15 minutes
  9. Ensure connectivity from pFsense to the AzureVM private IP (10.0.0.4) before continuing.

On your on-premise domain controller:

  1. Go to AD Sites and Services
  2. Add a new site: Azure
  3. Add a new subnet: 10.1.0.0/16 (Step 3A)

pFsense IPSEC VPN

Unlike OpenVPN's single configuration file, pFsense's IPSEC VPN has two settings you need to do. Their article took some breaking down and brainstorming. I was able to get my pFsense connected to Azure with these two settings. I think of the different phases like this: phase 1 connects me to the gateway (router) and phase 2 is the actual client connection.

Phase 1

  • Key Exchange Version: V2
  • Internet Protocol: IPv4
  • Interface: LAN
  • Remote Gateway: IP from Step 1 above
  • Description: Azure
  • Authentication Method: Mutual PSK (Pre-shared Key)
  • My identifier: My IP address
  • Peer identifier: Peer IP Address
  • Pre-Shared Key: Whatever
  • Encryption Algorithm: AES, 256 bits
  • Hash Algorithm: SHA1
  • DH (Diffie Hellman) Group: 2 (1024 bit)
  • Lifetime (Seconds): 28800
  • Disable rekey: Unchecked
  • Disable Reauth: Unchecked
  • Responder Only: Unchecked
  • MOBIKE: Disable
  • Split connections: Unchecked
  • Dead Peer Detection: Checked
  • Delay: 10
  • Max failures: 5

Phase 2

  • Mode: Tunnel IPv4
  • Local Network: LAN subnet
  • NAT/BINAT translation: None
  • Remote Network: Network, IP from Step 1 above
  • Description: Azure
  • Protocol: ESP
  • Encryption Algorithms: AES. 256 bits
  • Hash Algorithms: SHA1, SHA256
  • PFS key group: off
  • Lifetime: 3600