Revisiting Unify Dream Machine Pro & Azure Site-to-Site

I received a question on GitHub regarding an old post / repository that setup Site-to-Site Connectivity between my Home Network (running Unify Dream Machine Pro) and Azure.

I decided to do more troubleshooting and add some creature comforts to the Terraform solution to help diagnose any issues that arise. I added the following things:

  1. Log Analytics Workspace and diagnostics settings to configure Azure Monitor to capture logs and metrics from the Public IP address and the VPN Network Gateway.
  2. Azure Virtual Machine to be used for simple testing purposes. Complete with a Bastion Host and Key Vault to store the SSH key information for easy access for an administrator.

On the Unify Dream Machine Pro side I changed the IPsec Profile to be “Azure Dynamic Routing”

NOTE: I do NOT have any static routes or any other configuration active on my Dream Machine Pro. It should work without it but once you get it working you can always optimize your configuration with whatever rules you want to apply to control traffic better.

Which changes some of the other fields to default values.

As a result, I had to make an updated to the Terraform to reflect this change client side but it was minimal. The only change to the Terraform that provisions the VPN was the DH Group in the VPN Connection:

The rest of the configuration remains the same:

I did add a test Virtual Machine complete with Bastion Host so you can SSH into the Azure VM and ping a server in your on-premise environment and likewise ping the remote Azure VM from your on-premise environment.

Pinging from my on-premise network to the Azure VM:

Pinging from the Azure VM (connected via Bastion) to the on-premise network:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s