Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to join my Domain over other site using pfSense IPSEC Tunnel

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pythonoid
      last edited by

      I have made an IPSEC tunnel and it pings both sides smooth. Somehow, it is unable to join my AD over the other side. I tried to port scan the 53 port and it is shown filtered, I have enabled port 53 or dns port over pfsense, and all machines/ firewall in between.

      Still no luck, and when I run nslookup to the machine, it shows no details of the the server fully qualified domain.

      Do I have to configure anything to allow at pfsense end? what things matter at pfsense to make AD join using pfsense gateway.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Your IPsec rules on the IPsec tab should be allow any. Definitely until you figure things out. There's a lot more to AD than DNS.

        1 Reply Last reply Reply Quote 0
        • iorxI
          iorx
          last edited by

          Hi! I'll try to give you a hint here. I've got this scenario and it works fine.
          You can do it in two ways.

          The simplest

          • Manually specify AD-DNS as DNS on the client which you want to join

          • Join domain with the full domain name, eg. mydomain.sample

          The other way.

          • Verify that pfSense can route traffic through the tunnel (use workaround with LAN-gateway) Documented here

          • Add AD-DNS to DNS Resolvers Domain Overrides, eg mydomain.sample points to your AD-DNS

          • Join domain with the full domain name, eg. mydomain.sample

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.