Trying to join my Domain over other site using pfSense IPSEC Tunnel



  • I have made an IPSEC tunnel and it pings both sides smooth. Somehow, it is unable to join my AD over the other side. I tried to port scan the 53 port and it is shown filtered, I have enabled port 53 or dns port over pfsense, and all machines/ firewall in between.

    Still no luck, and when I run nslookup to the machine, it shows no details of the the server fully qualified domain.

    Do I have to configure anything to allow at pfsense end? what things matter at pfsense to make AD join using pfsense gateway.


  • Banned

    Your IPsec rules on the IPsec tab should be allow any. Definitely until you figure things out. There's a lot more to AD than DNS.



  • Hi! I'll try to give you a hint here. I've got this scenario and it works fine.
    You can do it in two ways.

    The simplest

    • Manually specify AD-DNS as DNS on the client which you want to join

    • Join domain with the full domain name, eg. mydomain.sample

    The other way.

    • Verify that pfSense can route traffic through the tunnel (use workaround with LAN-gateway) Documented here

    • Add AD-DNS to DNS Resolvers Domain Overrides, eg mydomain.sample points to your AD-DNS

    • Join domain with the full domain name, eg. mydomain.sample


Log in to reply