Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote PFSENSE to local PFSENSE thru ipsec cannot access LDAP for Authentication

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 635 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gokallit
      last edited by

      I have a remote pfsense (Houston) connected to local pfsense (Austin) using ipsec and everything works wonderfully. The Houston office computers are joined to a Windows domain that is in Austin and they authenticate thru the ipsec tunnel to the Austin domain controller. This has been working for over a year now and there are no servers in the Houston office, just a router.

      The staff in Houston need to use openvpn to connect to the Houston office, authenticate to the Austin domain controller then RDP to their Houston computers from their homes.

      Problem: The "Active Directory Authentication Server" in the Houston Pfsense router cannot seem to find the domain controller Austin even though the local computers can. When I click the "Select a Container" in the authentication containers section it fails.

      Again, both offices can access each other without any issues thru the ipsec tunnel.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If this is in IPsec tunnel mode, then you'll need a route setup like https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/accessing-firewall-services-over-ipsec-vpns.html to nudge the firewall to use the LAN as the source address when sending traffic through IPsec from the firewall itself.

        VTI mode IPsec would work much better, but the traffic would be sourced from the VTI interface address so you'd need to account for that in the firewall rules/other config on the remote end.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.