Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec+LDAP

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    12 Posts 2 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      afrojoe
      last edited by

      @jimp:

      IPsec+LDAP is known to be broken at the moment. There is a ticket pending for it.

      The authentication is being switched to a script-based auth mechanism so it can easily do LDAP, RADIUS, etc, like OpenVPN can.

      That has nothing to do with a site-to-site tunnel being broken as in this ticket though.

      Thanks Jim, However, I'm not quite sure what you mean… my site-to-site tunnel is down though  ???

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's down because racoon isn't running, not because the tunnel won't establish. It's not the same problem as the thread you originally posted in. I moved this to a new threads because it was unrelated.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          afrojoe
          last edited by

          @jimp:

          It's down because racoon isn't running, not because the tunnel won't establish. It's not the same problem as the thread you originally posted in. I moved this to a new threads because it was unrelated.

          Ah, okay. :)

          Is there a work around at the moment?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes, don't configure LDAP support.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              afrojoe
              last edited by

              @jimp:

              Yes, don't configure LDAP support.

              do you know where i can go to shut it off? (i dont recall turning LDAP on!)  :-\

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                probably on the mobile tab.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • A
                  afrojoe
                  last edited by

                  @jimp:

                  probably on the mobile tab.

                  Hmm, I dont even have that turned on.

                  I also perused through every tab on pfSense and have nothing to do with LDAP turned on. Very puzzling.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Do you have an LDAP server setup under System > User Manager, on the server tab perhaps?

                    Looking at the code the only way it would put that ldap section in there is if someone had the mobile IPsec tab setup to use a non-local source, and if that source was ldap.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      I disabled that whole chunk of code for now so it won't write out an invalid racoon.conf while that part is being reworked.

                      https://github.com/bsdperimeter/pfsense/commit/9500537d51b481086e8a685b70e825688c0526e1

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • A
                        afrojoe
                        last edited by

                        @jimp:

                        Do you have an LDAP server setup under System > User Manager, on the server tab perhaps?

                        Looking at the code the only way it would put that ldap section in there is if someone had the mobile IPsec tab setup to use a non-local source, and if that source was ldap.

                        Found it!  Yes, I have an LDAP server enabled for OpenVPN.  I really don't know why, because I use the Local Database for authentication… that shizz is getting turned off big time.  8)

                        I'll letcha know how that works out.

                        EDIT:  IPSec tunnel is back up!  Thanks Jim.. (aka: Super Mario)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.