Active Directory authentication server over IPSEC tunnel



  • Hello,

    I want an AD authentication server in use PFSENSE1 which lies behind an IPSEC tunnel.

    PFSENSE1 <-IPSEC-> PFSENSE2 <-> AD server

    Unfortunately, the firewall can not achieve this.

    Is there any place to set the interface which use  the AD authenication server from pfsense to be connect do the AD-Server ? So similar like DIAGNOSTIC-PING?

    greeting

    Christian



  • This setup works beautifully for me, except I use OpenVPN, which is irrelevant if your VPN tunnel works.



  • hi,

    hm strange. I have a working ipsec connection.

    pfsense1 IP192.168.185.1 / 24
    pfsense2 IP192.168.210.1 / 24
    AD server 192.168.210.10

    I have access from the network 192.168.185.XXX  to the AD-server 192.168.210.10.
    Only when I try in pfsense1 under System User / Manager / Authentication Server add a  LDAP Server - I get  no connection to the ad-server 192.168.210.10
    I test this in the server setting with "Select a container". Then always appears:
    Could not connect to the LDAP server. Please check the LDAP configuration.

    IP address of the server, etc. are correct.



  • …-----+------... (Clients/Servers)
                | LAN 192.168.185.0/24
                |
                | 192.168.185.1
        .-----:------.
          |pfS:ense1| (Authentication Server via a  LDAP Server 192.168.210.10)
          |                |
          '-----:------'       
                  |             
                  |
    WAN/    | IPSEC
    INET    |
          .-----:------.
          |pfS:ense2+-------. 192.168.210.1
          |                |      |
          '-----:------'      |
                |                  |
          LAN |      OPT1  | serversnetwork
                |                  | 192.168.210.0/24
                |                  |
                                    |
                        ...-----+------... (Servers) (AD-Server 192.168.210.10)



  • Good morning,

    I had just the same problem! I solved it using the following guide:
    https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

    Cheers,

    JBR