Joining a PC to Active Directory over VPN
-
I want to join some servers and PCs over VPN to Active Directory through pfSense. What is the access rule or option required to be enabled to allow this.
-
At the pfSense router+VPN level, you just need to have rules on your LAN and VPN interfaces at each end that allow traffic between the relevant IP addresses (or allow the whole of the LAN subnets - that is the easiest).
When joining a server in a remote office to the forest/domain in a central office, you just need to give the server a DNS IP of one of the central office Active Directory DNS servers. Then it can find the domain when you run dcpromo etc. Then you can make the remote office server a domain controller, DNS server etc itself, if you wish.
Client Windows systems can join the domain as long as the DHCP on the remote LAN gives them an AD domain DNS server. Then they happily learn where to find resources in the AD domain. It is easiest if every remote site has a AD domain controller+DNS locally, but I don't think that is absolutely essential.