Trying to join my Domain over other site using pfSense IPSEC Tunnel
-
I have made an IPSEC tunnel and it pings both sides smooth. Somehow, it is unable to join my AD over the other side. I tried to port scan the 53 port and it is shown filtered, I have enabled port 53 or dns port over pfsense, and all machines/ firewall in between.
Still no luck, and when I run nslookup to the machine, it shows no details of the the server fully qualified domain.
Do I have to configure anything to allow at pfsense end? what things matter at pfsense to make AD join using pfsense gateway.
-
Your IPsec rules on the IPsec tab should be allow any. Definitely until you figure things out. There's a lot more to AD than DNS.
-
Hi! I'll try to give you a hint here. I've got this scenario and it works fine.
You can do it in two ways.The simplest
-
Manually specify AD-DNS as DNS on the client which you want to join
-
Join domain with the full domain name, eg. mydomain.sample
The other way.
-
Verify that pfSense can route traffic through the tunnel (use workaround with LAN-gateway) Documented here
-
Add AD-DNS to DNS Resolvers Domain Overrides, eg mydomain.sample points to your AD-DNS
-
Join domain with the full domain name, eg. mydomain.sample
-