Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Active Directory over IPSEC

    IPsec
    2
    4
    1333
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andmattia last edited by

      Hi All

      I've created a VPN site-to-site via IPSEC and all rule works fine but I've an issue on AD.

      I try to ping to remote AD and it's works fine but if from my remote pfsense try to create an AD autentication it's fail. I try to change from IPSEC to OpenVPN and AD test works very well.

      Any idea where can I found a solution or where I need to create some stuff( like rules or nat, or…)

      thanks

      Mattia

      1 Reply Last reply Reply Quote 0
      • M
        Matthias last edited by

        Please provide:

        Local LAN subnet
        Remote LAN subnet
        AD server IP
        DNS address configured on client computers in remote subnet.
        IPSec firewall rules on both pfsense firewalls. (IPSec and LAN tabs)

        1 Reply Last reply Reply Quote 0
        • A
          andmattia last edited by

          HI Matthis

          the problem is on pfsense first of all.

          3 net

          site A x.x.3.0/32
          site B x.x.4.0/32
          site C x.x.7.0/32

          AD is on Site A x.x.3.60

          I switch on OpenVPN and it's works from A to B and A to C, now I try to investigate how can comunicate from C to B. I test a road Woarior and cominicate from A;B; and C

          Before the switch i can comunicate from 3 site but not with AD

          1 Reply Last reply Reply Quote 0
          • M
            Matthias last edited by

            It seems like there is traffic being blocked by the IPSec tunnel. Try doing packet captures to trace where the packets are getting to. That way you'll be able to see which part needs to be troubleshooted.

            Update (18/12/2013):

            I just set up a mock network using VMware with two pfSense boxes and a DC behind one and a windows 8 client behind the other. The client authenticated fine over the IPSec tunnel I set up. There must be something you are doing wrong. I suspect it's a DNS issue.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy