WebGUI RADIUS Requests Interface?
-
We have our pfSense servers configured with an ipsec site-to-site VPN. Traffic flows fine across the tunnel and if I select the correct local interface, pfSense can ping servers on the other end.
I'm trying to configure the pfSense RADIUS client to hit Microsoft NAP and authenticate to AD. I have a working config that I have configured on a pfSense box on the same LAN as the MS NAP server. I'm trying to configure the remote pfSense box, but it appears the RADIUS requests aren't going over the site-to-site VPN tunnel and thus, just timing out. Again, this remote pfSense box can ping the IP of the MS NAP server, as long as I choose the correct local interface.
Is there a way to make these request traverse the ipsec site-to-site link? Maybe a static route is needed for this single IP so pfSense sends all traffic to that individual IP over the ipsec tunnel? Could I perhaps add the freeradius package and configure it to proxy requests on a specific interface to MS NAP, then just point pfSense there?
-
That's just how IPsec works. It has no concept of routing, so you have to nudge the traffic to use the correct source:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
-
That's just how IPsec works. It has no concept of routing, so you have to nudge the traffic to use the correct source:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
Bingo. Add the static route with a /32 and now it's working perfectly. Thanks Jim!