No reply through OpenVPN tunnel

  • Hi there,

    Maybe someone of you can help me to find the right way - I am out of ideas. Here's my configuration:

    I want to access certain ports (testing with smtp - port 25 at the moment) on specific computers from the internet, but my provider has blocked almost all of the ports. So I have installed an OpenVPN server on the internet that forwards these ports through a tunnel to the requested clients in the local network. This works so far but has the disadvantage that every single client has to establish an own OpenVPN connection with the server.

    So I want pfSense to connect with the OpenVPN server as a client and NAT the ports to the appropriate clients.

    The OpenVPN connection works fine, I can ping from both sides, and I have assigned it to the OPT1 interface

    I have set up the following NAT rules: port 25 (WAN) -> port 25 (local Exchange server) port 25 (OPT1) -> port 25 (local Exchange server)

    When I telnet to on port 25 I get the expected response from the Exchange server, but if I telnet from the external OpenVPN server to on port 25 I get a time out.

    Tcpdump on the WAN interface shows indeed a connection from -> so the NAT rule seems to work (although I expected this on the LAN interface that is available on
    Tcpdump on the OPT1 interface shows the same.

    Somehow the response from the Exchange server seems not to be accepted by the firewall although the firewall rule -> any is enabled as pass on the WAN port.

    What do I oversee?

    Best regards,