Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS and Domain Control over OpenVPN Site to Site

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 882 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      VikingNetwork
      last edited by

      Working on a project for my advanced networking university class. I've setup a network with the following layout: http://imgur.com/FyGZEtm (IPSEC tunnel was changed to OpenVPN tunnel)

      The goal I am trying to accomplish is that on the AWS side I have setup a Windows 2016 server to act as the Domain Controller for the network. So I am trying to have the VM Desktops join the domain controlled by the AD on AWS. They are connected with a openVPN site to site link. The OpenVPN status shows them connected. I can ping from the EXSi pfsense WAN to the AWS pfsense WAN.

      AWS GATEWAY 10.100.100.1
      WAN 10.100.10.183
      WIN2016 10.100.100.248

      ESXI
      Gateway 10.2.0.1
      WAN 10.2.0.61
      LAN 192.168.1.1
      UbuntuMate 192.168.1.105 DMZ 192.168.220.1
      OpenVPN Tunnel 10.0.8.0/24
      The VPN connects out to a public IP address on AWS that is connected to the AWS pfsense server.

      I guess my first question to people who are more knowledgeable about pfsense, is this something that can even be done?

      I can ping from:
      AWS pfsense to ESXi Pfsense WAN
      AWS pfsense to ESXi Lan
      AWS pfsense to ESXi UbuntuMate
      UbuntuMate on ESXi Lan to AWS WAN

      I can not ping from AWS WIN2016 to Pfsense Gateway or behind it
      Ubuntumate on ESXi Lan to AWS WIN2016

      Tried doing packet captures but they seem strange to me. Did one on the ESXi Wan interface looking only for ICMP packets since I was pinging from the AWS WIN2016 and was gettting only this:
      20:46:38.563621 IP 10.2.0.1>10.2.0.61 ICMP echo reply, id 34073, seq 19565, length 8 which just repeats with increasing time stamp and seq numbers

      From the packet capture on the AWS pfsense I was getting
      20:46:33.867577 IP 10.100.100.183 > 10.100.100.1: ICMP echo request, id 3097, seq 4255, length 8
      20:46:33.867921 IP 10.100.100.1 > 10.100.100.183: ICMP echo reply, id 3097, seq 4255, length 8

      Which was just repeating multiple times.
      I have my firewalls rules pretty much open as they can be. I am at a loss of what else to check to see if I can fix this.
      Any help or suggestions would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • C Offline
        ceofreak
        last edited by

        Why do you have a second pfSense in your VPC?

        This is not necessary and as far as I know, AWS just supports IPsec with IKEv1.

        I basically covered what you want to do in a post a few days ago: https://www.ceos3c.com/2017/04/24/site-to-site-vpn-between-pfsense-and-aws-vpc/

        Maybe this can help you?

        You over complicate things with the second virtual pfSense inside of AWS in my opinion. AWS has more than enough security measures in place that this is not needed.

        Ceo

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.