PfSense sending eMail through VPN tunnel - no way?
-
Hi!
After some years of digging IPsec tunnels I learned something new today: There is apparently no route to make a pfSense box send status eMails (System -> Advanced -> Notifications) trough a fully functional IPsec tunnel. I always get in the Systemlog:
php: /system_advanced_notifications.php: Could not send the message to "DINGS@Daddal.sel" – Error: could not connect to the host "IP_OF_MAILSERVER_ON_OTHER_SIDE_OF TUNNEL": ??
No firewall/snort log showing any blocks at all. Ping from LAN-IP of pfSense to mailserver works fine, from WAN-IP of pfSense not at all, even with an ICMP-allow rule for the WAN-IP on the IPsec rules tab.
The firewall has for IPsec "allow TCP/UDP" and "allow ICMP" rules for all IPs/ports on the LAN. As the box might send with its WAN IP, I added for testing an additional rule, allowing from the WAN IP of the box to the mailserver (port 25). No way to get this eMail through the tunnel.
Did I miss something?
-
Did you try this?
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F -
Not yet… but it works! :D party
What if I had more than IPsec tunnel active? Is that a problem? Not, I guess...
PS: The eMail works fine, but the other side of the tunnel can't access various resources on the LAN behind the pfSense to send the eMails...
-
Wuuuuaaaahhh, I removed the route, but even after a reboot on both sides the tunnel works only for smb, http/https, but no VNC, VLC, etc. can pass through and I have no idea why…
-
If it's working for http, etc. I see no reason why it wouldn't be working for other traffic. Try allowing IP any any on the IPsec tab on the fw rules.
-
Changed tunnel back to openVPN, same problem, but only on this single computer… Changed to another network card - works, at least with openVPN, not willing to switch back to IPsec at that time... :o