Connecting to Active Directory (AD) via IPSEC

Started by samnet, August 18, 2020, 01:37:18 PM

Previous topic - Next topic
Dear sirs;
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.
----------------------------
Breeding Open Source
M0n0wall -> PfSense -> OpnSense -> Make lots of sense


thx for this, can you pls explain more on how to do this?
----------------------------
Breeding Open Source
M0n0wall -> PfSense -> OpnSense -> Make lots of sense

Add a second phase2 to your IPsec, local net is WAN IP with /32 and remote net is LAN of DC

this is done already from what I recall, the way packets are shown is
Wanip 72.xx.xx.96:45556 to AD server ip 10.xx.x.2:389
ive done a packet capture and I can see 5 requests coming out but no AD handshake
----------------------------
Breeding Open Source
M0n0wall -> PfSense -> OpnSense -> Make lots of sense