Windows Domain Controller and IPSec Tunnels



  • Hello All,

    I currently have an IPSec tunnel setup between my house 192.168.1/24 (Network A) and my friends house 192.168.2/24 (Network B).

    I also have a Windows 2003 Domain Controller on Network A under the ip address 192.168.1.25. His client computer on Network B at ip address 192.168.2.100 is trying to connect to the domain NETWORK. His client computer is able to ping and see all the ports on the Windows DC from Network A, but unable to join the domain itself with the DNS Forwarder or without it and having the DNS directly set as 192.168.1.25. I was hoping someone on here might have a similiar setup and might have som suggestions?
    Thanks



  • I'm using a similiar setup to connect from home to the office. My client at home uses the remote DC as DNS and WINS. This way everything works for me, even logonscripts.



  • Do you think WINS would help this issue? Or were there any specific quirks you had to set to get your client machine on the domain, like MTU sizes? On the machine 192.168.2.100 when using the DNS server 192.168.1.25, it is able to resolve NETWORK via nslookup, to 192.168.1.25.



  • No, no additional quirks needed here but try lowering the mtu at the WANs of both pfSense to something like 1300 just to see if that helps. If it does move up the mtu step by step until it breaks again. We had some reports where lowering WAN mtu helped with large packet problems over ipsec.



  • Thanks for the info Hoba, turns out the issue was resolved by this article.

    http://support.microsoft.com/kb/300684/

    Is there a way to have NetBIOS broadcasts sent across the IPSec tunnel?



  • No, broadcasts won't leave the own subnet and the other end has a differnet subnetrange.


Locked