4. Trying to join my Domain over other site using pfSense IPSEC Tunnel

Trying to join my Domain over other site using pfSense IPSEC Tunnel

  • P

    I have made an IPSEC tunnel and it pings both sides smooth. Somehow, it is unable to join my AD over the other side. I tried to port scan the 53 port and it is shown filtered, I have enabled port 53 or dns port over pfsense, and all machines/ firewall in between.

    Still no luck, and when I run nslookup to the machine, it shows no details of the the server fully qualified domain.

    Do I have to configure anything to allow at pfsense end? what things matter at pfsense to make AD join using pfsense gateway.

    0
  • D
    Banned

    Your IPsec rules on the IPsec tab should be allow any. Definitely until you figure things out. There's a lot more to AD than DNS.

    0

  • Hi! I'll try to give you a hint here. I've got this scenario and it works fine.
    You can do it in two ways.

    The simplest

    • Manually specify AD-DNS as DNS on the client which you want to join

    • Join domain with the full domain name, eg. mydomain.sample

    The other way.

    • Verify that pfSense can route traffic through the tunnel (use workaround with LAN-gateway) Documented here

    • Add AD-DNS to DNS Resolvers Domain Overrides, eg mydomain.sample points to your AD-DNS

    • Join domain with the full domain name, eg. mydomain.sample

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy