I've been trying to connect Windows Azure to my main network using pfSense, which is a lightweight open source router, with limited success.
I've configured it as follows:
Phase 1
Interface WAN
Remote Gateway<Azure Gateway IP Address>
Authentication Method: Mutual PSK
Negotiation Mode: main
My Identifier:<My Public IP Address>
Peer Identifier:<Azure Gateway IP Address>
Pre-Shared Key: <Key Given By Azure>
Policy Generation: Default
Proposal Checking: Default
Encryption Algorythm: AES 128-bit
Hash Algorythm: SHA1
DH key group: 2
Lifetime: 28800
Phase 2
Mode: Tunnel
Local Network: <My Local Network>
Remote Network: <My Azure Address space>
Protocol: ESP
Encryption Algorythms: AES 128-bits
Hash Algorythm: SHA1
PFS key group: off
Lifetime: 3600
What I am seeing:
The azure control pannel seems to suggest that I have connectivity, and I can see Security Associations appearing on my IPSec gateway, Interestingly I only ever get one that seems to originate from my side, and every 10 seconds or so I get one added to the list originating from the Windows Azure side.
I also tried a constant ping for a while from my network to a device in one of my virtual networks and I clocked up a few KBytes in, but nothing back - so connectivity seems to be working - all be it a bit one sided.
I believe that pfSense's implimentation of a IPSec VPN is based on racoon, any help will be much appreciated.