Active Directory authentication server over IPSEC tunnel

missionleben · Jun 25, 2016, 4:03 PM

Hello,

I want an AD authentication server in use PFSENSE1 which lies behind an IPSEC tunnel.

PFSENSE1 <-IPSEC-> PFSENSE2 <-> AD server

Unfortunately, the firewall can not achieve this.

Is there any place to set the interface which use the AD authenication server from pfsense to be connect do the AD-Server ? So similar like DIAGNOSTIC-PING?

greeting

Christian

Pistolero · Jun 27, 2016, 6:24 PM

This setup works beautifully for me, except I use OpenVPN, which is irrelevant if your VPN tunnel works.

missionleben · Jun 29, 2016, 2:33 PM

hi,

hm strange. I have a working ipsec connection.

pfsense1 IP192.168.185.1 / 24
pfsense2 IP192.168.210.1 / 24
AD server 192.168.210.10

I have access from the network 192.168.185.XXX to the AD-server 192.168.210.10.
Only when I try in pfsense1 under System User / Manager / Authentication Server add a LDAP Server - I get no connection to the ad-server 192.168.210.10
I test this in the server setting with "Select a container". Then always appears:
Could not connect to the LDAP server. Please check the LDAP configuration.

IP address of the server, etc. are correct.

missionleben · Jun 29, 2016, 3:35 PM

…-----+------... (Clients/Servers)
| LAN 192.168.185.0/24
|
| 192.168.185.1
.-----:------.
|pfS:ense1| (Authentication Server via a LDAP Server 192.168.210.10)
| |
'-----:------'
|
|
WAN/ | IPSEC
INET |
.-----:------.
|pfS:ense2+-------. 192.168.210.1
| | |
'-----:------' |
| |
LAN | OPT1 | serversnetwork
| | 192.168.210.0/24
| |
|
...-----+------... (Servers) (AD-Server 192.168.210.10)

julianbros · Feb 12, 2017, 9:18 AM

Good morning,

I had just the same problem! I solved it using the following guide:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

Cheers,

JBR