Route only dport=25 traffic via site-to-site IPSEC tunnel?
I have a home office set up connected to a rack in our datacenter, with pfSense at both ends. My ISP blocks connections to dport=tcp/25. Problem is, I maintain a bunch of mail servers and often need to telnet to port 25 of these for testing purposes. To get around this I ssh into the datacenter (which isn't blocked) and make my connections from there. But that's an extra step I'd like to cut out.
Anyone know of a way to tunnel & NAT my outbound connections through the site-to-site so that they appear to originate from the datacenter network? Basically, similar to the setup described at: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel
But instead of tunneling all traffic via the tunnel, just match dport=tcp/25
Has anyone done this? I mashed at my keyboard for awhile but couldn't make it work.
mevans336 last edited by
You cannot policy route ipsec. You can with OpenVPN however.
Good to know, thank you. That was my hunch but I thought I'd ask just in case. I will create an OpenVPN tunnel for this.
Set it all up using OpenVPN. Working great! I had to fiddle with my outbound NAT rules a bit, but got it working. Can telnet to port 25 all day long now.