IPSEC over LDAP (Synology AD)



  • I have a problem with IPSEC over LDAP.

    I use the Synology Active Directory as LDAP Server. Everything is woking fine so fare. I can save and test the LDAP connection unter user manager -> authentication Server. I can also select the container with following settings:

    TCP STARTTLS
    Global Root CA List
    Protocol 3
    Server Timeout 25
    Level Entire Subtree
    Base DN DC=xxx,DC=yyy
    CN=Users,DC=xxx,DC=yyy

    If I test the connection over diagnostics -> authentication I will get the correct Domain groups.

    Also the test on system -> user manager - > settings will work:

    Attempting connection to xxx.xxx.xxx.xxx OK
    Attempting bind to xxx.xxx.xxx.xxx OK
    Attempting to fetch Organizational Units from xxx.xxx.xxx.xxx OK

    The login with the AD accounts to the fw will also work without any problem.

    Just when I try to connect over iPhone IPSec Client to the FW, I get a authentication error.

    Any hint's or is there a bug in the IPSEC module?

    g
    Thomas