No reply through OpenVPN tunnel



  • Hi there,

    Maybe someone of you can help me to find the right way - I am out of ideas. Here's my configuration:

    I want to access certain ports (testing with smtp - port 25 at the moment) on specific computers from the internet, but my provider has blocked almost all of the ports. So I have installed an OpenVPN server on the internet that forwards these ports through a tunnel to the requested clients in the local network. This works so far but has the disadvantage that every single client has to establish an own OpenVPN connection with the server.

    So I want pfSense to connect with the OpenVPN server as a client and NAT the ports to the appropriate clients.

    The OpenVPN connection works fine, I can ping from both sides, and I have assigned it to the OPT1 interface

    I have set up the following NAT rules:
    192.168.0.33 port 25 (WAN) -> 192.168.0.5 port 25 (local Exchange server)
    10.8.0.5 port 25 (OPT1) -> 192.168.0.5 port 25 (local Exchange server)

    When I telnet to 192.168.0.33 on port 25 I get the expected response from the Exchange server, but if I telnet from the external OpenVPN server to 10.8.0.5 on port 25 I get a time out.

    Tcpdump on the WAN interface shows indeed a connection from 10.8.0.1:25 -> 192.168.0.5:25 so the NAT rule seems to work (although I expected this on the LAN interface that is available on 192.168.0.25).
    Tcpdump on the OPT1 interface shows the same.

    Somehow the response from the Exchange server seems not to be accepted by the firewall although the firewall rule 192.168.0.0/24 -> any is enabled as pass on the WAN port.

    What do I oversee?

    Best regards,
    Axel


Log in to reply