Route only dport=25 traffic via site-to-site IPSEC tunnel?
-
I have a home office set up connected to a rack in our datacenter, with pfSense at both ends. My ISP blocks connections to dport=tcp/25. Problem is, I maintain a bunch of mail servers and often need to telnet to port 25 of these for testing purposes. To get around this I ssh into the datacenter (which isn't blocked) and make my connections from there. But that's an extra step I'd like to cut out.
Anyone know of a way to tunnel & NAT my outbound connections through the site-to-site so that they appear to originate from the datacenter network? Basically, similar to the setup described at: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel
But instead of tunneling all traffic via the tunnel, just match dport=tcp/25
Has anyone done this? I mashed at my keyboard for awhile but couldn't make it work.
-
You cannot policy route ipsec. You can with OpenVPN however.
-
Good to know, thank you. That was my hunch but I thought I'd ask just in case. I will create an OpenVPN tunnel for this.
-
Set it all up using OpenVPN. Working great! I had to fiddle with my outbound NAT rules a bit, but got it working. Can telnet to port 25 all day long now.
