Remote PFSENSE to local PFSENSE thru ipsec cannot access LDAP for Authentication
-
I have a remote pfsense (Houston) connected to local pfsense (Austin) using ipsec and everything works wonderfully. The Houston office computers are joined to a Windows domain that is in Austin and they authenticate thru the ipsec tunnel to the Austin domain controller. This has been working for over a year now and there are no servers in the Houston office, just a router.
The staff in Houston need to use openvpn to connect to the Houston office, authenticate to the Austin domain controller then RDP to their Houston computers from their homes.
Problem: The "Active Directory Authentication Server" in the Houston Pfsense router cannot seem to find the domain controller Austin even though the local computers can. When I click the "Select a Container" in the authentication containers section it fails.
Again, both offices can access each other without any issues thru the ipsec tunnel.
-
If this is in IPsec tunnel mode, then you'll need a route setup like https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/accessing-firewall-services-over-ipsec-vpns.html to nudge the firewall to use the LAN as the source address when sending traffic through IPsec from the firewall itself.
VTI mode IPsec would work much better, but the traffic would be sourced from the VTI interface address so you'd need to account for that in the firewall rules/other config on the remote end.