Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Load Balancing LDAP for pfsense Authentication

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 774 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guyp
      last edited by

      I'm running a new number of LDAP severs which I've put behind pfsense load balancing. All systems inside the network are able to correctly reach the load balancer and thus authenticate to anyone of the LDAP servers.

      However, I'm trying to do the same with pfSense's authentication. However when I select the VIP of the load balancer in the settings, it's not able to reach anything. If I specify a specific LDAP server then all is well.

      Has anyone tried to use pfsense to load balancer for a service it's using?

      From the CLI of pfsense I'm not able to tenet to ldap VIP port 389. I'm guessing I need to add some specific NAT rules to force the traffic, which I did for internal systems.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What sort of load-balancing is it? Does that VIP respond to pfSense in any other way?

        Steve

        1 Reply Last reply Reply Quote 0
        • G
          guyp
          last edited by

          I was using the load balancer Application built into pfsense.. I've now swapped to HAProxy inside pfsense which is working perfectly.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ah, OK! Yes HAProxy will work there as it's a true proxy. relayd is basically a dynamic port forward so you run into the same routing issues you would with a normal port forward when sourcing from the firewall itself.
            Better to be on HAProxy anyway as Relayd will very likely be removed in 2.5.

            Steve

            1 Reply Last reply Reply Quote 0
            • G
              guyp
              last edited by

              Yes indeed... very impressed with HAProxy in pfsense..
              My only slight complaint, is that I would like to use a port alias to simplify my configurations but it seems HAProxy doesn't currently support that.

              So for a web site hosting 80 and 443 connections I need to duplicate everything once for port 80 and once for port 443.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.