Active Directory over IPSEC



  • Hi All

    I've created a VPN site-to-site via IPSEC and all rule works fine but I've an issue on AD.

    I try to ping to remote AD and it's works fine but if from my remote pfsense try to create an AD autentication it's fail. I try to change from IPSEC to OpenVPN and AD test works very well.

    Any idea where can I found a solution or where I need to create some stuff( like rules or nat, or…)

    thanks

    Mattia



  • Please provide:

    Local LAN subnet
    Remote LAN subnet
    AD server IP
    DNS address configured on client computers in remote subnet.
    IPSec firewall rules on both pfsense firewalls. (IPSec and LAN tabs)



  • HI Matthis

    the problem is on pfsense first of all.

    3 net

    site A x.x.3.0/32
    site B x.x.4.0/32
    site C x.x.7.0/32

    AD is on Site A x.x.3.60

    I switch on OpenVPN and it's works from A to B and A to C, now I try to investigate how can comunicate from C to B. I test a road Woarior and cominicate from A;B; and C

    Before the switch i can comunicate from 3 site but not with AD



  • It seems like there is traffic being blocked by the IPSec tunnel. Try doing packet captures to trace where the packets are getting to. That way you'll be able to see which part needs to be troubleshooted.

    Update (18/12/2013):

    I just set up a mock network using VMware with two pfSense boxes and a DC behind one and a windows 8 client behind the other. The client authenticated fine over the IPSec tunnel I set up. There must be something you are doing wrong. I suspect it's a DNS issue.


Log in to reply