Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Active Directory authentication server over IPSEC tunnel

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      missionleben
      last edited by

      Hello,

      I want an AD authentication server in use PFSENSE1 which lies behind an IPSEC tunnel.

      PFSENSE1 <-IPSEC-> PFSENSE2 <-> AD server

      Unfortunately, the firewall can not achieve this.

      Is there any place to set the interface which use  the AD authenication server from pfsense to be connect do the AD-Server ? So similar like DIAGNOSTIC-PING?

      greeting

      Christian

      1 Reply Last reply Reply Quote 0
      • P
        Pistolero
        last edited by

        This setup works beautifully for me, except I use OpenVPN, which is irrelevant if your VPN tunnel works.

        1 Reply Last reply Reply Quote 0
        • M
          missionleben
          last edited by

          hi,

          hm strange. I have a working ipsec connection.

          pfsense1 IP192.168.185.1 / 24
          pfsense2 IP192.168.210.1 / 24
          AD server 192.168.210.10

          I have access from the network 192.168.185.XXX  to the AD-server 192.168.210.10.
          Only when I try in pfsense1 under System User / Manager / Authentication Server add a  LDAP Server - I get  no connection to the ad-server 192.168.210.10
          I test this in the server setting with "Select a container". Then always appears:
          Could not connect to the LDAP server. Please check the LDAP configuration.

          IP address of the server, etc. are correct.

          1 Reply Last reply Reply Quote 0
          • M
            missionleben
            last edited by

            …-----+------... (Clients/Servers)
                        | LAN 192.168.185.0/24
                        |
                        | 192.168.185.1
                .-----:------.
                  |pfS:ense1| (Authentication Server via a  LDAP Server 192.168.210.10)
                  |                |
                  '-----:------'       
                          |             
                          |
            WAN/    | IPSEC
            INET    |
                  .-----:------.
                  |pfS:ense2+-------. 192.168.210.1
                  |                |      |
                  '-----:------'      |
                        |                  |
                  LAN |      OPT1  | serversnetwork
                        |                  | 192.168.210.0/24
                        |                  |
                                            |
                                ...-----+------... (Servers) (AD-Server 192.168.210.10)

            1 Reply Last reply Reply Quote 0
            • J
              julianbros
              last edited by

              Good morning,

              I had just the same problem! I solved it using the following guide:
              https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

              Cheers,

              JBR

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.