Hey guys hoping someone can advise on a VPN setup I want to implement.
I have attached an image which helps illustrate what I am trying to accomplish. The IT company I used to work for had a similar setup but they setup each customer with a RODC which connected to a master domain controller.
So the permissions for remote access would be set on the master domain controller and propagate to the RODCs.
I don’t have my clients DCs setup in this method. I believe pfsense can be configured to connect to multiple ADs but I don’t want to complicate things.
Pfsense can be setup with groups and users so the idea is that if someone asks for remote access you just create a new login on pfsense and assign it to the correct group.
I may be wrong and the setup may not be possible, any advice is appreciated.
Each customer has a static IP address and the endpoint is a Juniper SSG5
Pfsense firewall has a static public IP address on its WAN port
Some users are using OSX to remote onto work machines.