We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


AD issue via openvpn on PFsense

vextor asked
Medium Priority
Last Modified: 2012-05-06
Greetings and salutations.

I set up OpenVPN on my pfsense firewall and (almost) everything works well.
my problem is when i try to access AD resources it prompts me for my full AD UID and pass.
even tho the workstation is on the domain and works fine when in (not VPN) the network.
typing in UID and pass fails, typing in domain\UID and password fails.
I have to type in FQDN\UID and pass... then everything works.
so i have to type in:
cause blat\johndoe doesn't work????

i assume this is an AD issue but it works fine in the network just not via openVPN on PFsense

So, here is my network setup: : main network behind pfSense : pfSense box 1.2.2 (LAN) : Server 2003 (active directory) (SP2) : Remote computer VPN  IP pool for VPN clients workstation connected via VPN

From the VPN'ed workstation I can ping everything and get to internal network resources (workstations, Servers).
again from local workstations there is no problem

VPN client config:
dev tun
proto udp
remote blat.dyndns.net 1194
ping 10
resolv-retry 2
ca ca.crt
cert openvpn1.crt
key openvpn1.key
ns-cert-type server
verb 1
Watch Question

The short domain name is actually the NetBIOS name for the domain.  When you are connected at work you either resolve NetBIOS names by broadcast or you network adapter converts it to a DNS query by appending DNS suffixes (domain names) to the request.  The OpenVPN client does not support doing either leaving you with 2 options:

1.  Use FQDN for everything (Recommended).
2.  Enable WINS on your domain.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


what do you mean by "everything"??
I tried to log into the workstation as FQDN\username
 that doesn't work. :-(
I log into the system with blat.local\johndoe
VPN into the office and i still cant use my network shares without having to login.

i'm trying to avoid my users from having to type in the FQDN\username after they are logged in.
this is not an issue when using the cisco vpn system (just dont have 3k-5k to run it right now)



noone has any other ideas??


I enabled WINS on my domain but i am still seeing the main problem of having to type in
domain-name\UID each time the users access the server.

so it's alittle better that i dont need to type domain.local\UID
but when logged into the system as a domain user i still have to type domain\UID



/me is sad there is no fix for this, thanks aces4all2008 for trying.


thanks for the info
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.