Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route only dport=25 traffic via site-to-site IPSEC tunnel?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckman212L
      luckman212 LAYER 8
      last edited by

      I have a home office set up connected to a rack in our datacenter, with pfSense at both ends.  My ISP blocks connections to dport=tcp/25. Problem is, I maintain a bunch of mail servers and often need to telnet to port 25 of these for testing purposes. To get around this I ssh into the datacenter (which isn't blocked) and make my connections from there.  But that's an extra step I'd like to cut out.

      Anyone know of a way to tunnel & NAT my outbound connections through the site-to-site so that they appear to originate from the datacenter network? Basically, similar to the setup described at: https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnel

      But instead of tunneling all traffic via the tunnel, just match dport=tcp/25

      Has anyone done this? I mashed at my keyboard for awhile but couldn't make it work.

      1 Reply Last reply Reply Quote 0
      • M
        mevans336
        last edited by

        You cannot policy route ipsec. You can with OpenVPN however.

        1 Reply Last reply Reply Quote 0
        • luckman212L
          luckman212 LAYER 8
          last edited by

          Good to know, thank you.  That was my hunch but I thought I'd ask just in case.  I will create an OpenVPN tunnel for this.

          1 Reply Last reply Reply Quote 0
          • luckman212L
            luckman212 LAYER 8
            last edited by

            Set it all up using OpenVPN.  Working great!  I had to fiddle with my outbound NAT rules a bit, but got it working.  Can telnet to port 25 all day long now.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.