IPsec+LDAP
-
IPsec+LDAP is known to be broken at the moment. There is a ticket pending for it.
The authentication is being switched to a script-based auth mechanism so it can easily do LDAP, RADIUS, etc, like OpenVPN can.
That has nothing to do with a site-to-site tunnel being broken as in this ticket though.
Thanks Jim, However, I'm not quite sure what you mean… my site-to-site tunnel is down though ???
-
It's down because racoon isn't running, not because the tunnel won't establish. It's not the same problem as the thread you originally posted in. I moved this to a new threads because it was unrelated.
-
It's down because racoon isn't running, not because the tunnel won't establish. It's not the same problem as the thread you originally posted in. I moved this to a new threads because it was unrelated.
Ah, okay. :)
Is there a work around at the moment?
-
Yes, don't configure LDAP support.
-
Yes, don't configure LDAP support.
do you know where i can go to shut it off? (i dont recall turning LDAP on!) :-\
-
probably on the mobile tab.
-
probably on the mobile tab.
Hmm, I dont even have that turned on.
I also perused through every tab on pfSense and have nothing to do with LDAP turned on. Very puzzling.
-
Do you have an LDAP server setup under System > User Manager, on the server tab perhaps?
Looking at the code the only way it would put that ldap section in there is if someone had the mobile IPsec tab setup to use a non-local source, and if that source was ldap.
-
I disabled that whole chunk of code for now so it won't write out an invalid racoon.conf while that part is being reworked.
https://github.com/bsdperimeter/pfsense/commit/9500537d51b481086e8a685b70e825688c0526e1
-
Do you have an LDAP server setup under System > User Manager, on the server tab perhaps?
Looking at the code the only way it would put that ldap section in there is if someone had the mobile IPsec tab setup to use a non-local source, and if that source was ldap.
Found it! Yes, I have an LDAP server enabled for OpenVPN. I really don't know why, because I use the Local Database for authentication… that shizz is getting turned off big time. 8)
I'll letcha know how that works out.
EDIT: IPSec tunnel is back up! Thanks Jim.. (aka: Super Mario)
