OpenVPN Static Ip, Routing Problem, NAT

Derelict · Dec 22, 2019, 10:35 PM

If you are port forwarding into a server over OpenVPN you have to:

Assign an interface
Make sure the rules on the OpenVPN tab DO NOT match the incoming traffic. They must match on the assigned interface tab to get the benefit of pf's reply-to.

Since your OpenVPN should probably be treated as a WAN, I would delete all of the rules on the OpenVPN tab and only add rules on the assigned interface tab that pass the proper mail ports to the proper server. Passing any there is bad news.

A Former User · Dec 22, 2019, 10:44 PM

@Derelict The Interface is assigned and also the Rules are in the Assigned Interface Tab and they work as long as i pull the vpn routes.

It seems to be and problem dedicated to the routes of my firewall.

Sadly i dont know further.

Maybe someone can look directly into it, if this isnt to timetaking.

Derelict · Dec 22, 2019, 10:52 PM

Is it also matching on the OpenVPN tab? If it matches on the OpenVPN tab the assigned interface tab will never be looked at and you will not get reply-to.

A Former User · Dec 22, 2019, 10:55 PM

On the OpenVPN Tab there are no rules only on the assigned interface tab.

Derelict · Dec 22, 2019, 10:55 PM

Then it should be working. Packet capture and see what's going on. Look at states and see what's going on.

A Former User · Dec 22, 2019, 11:46 PM

@Derelict
It seems they are talking when i try to send a mail.

Paket Capture:
00:41:11.073926 IP MAIL.localdomain.56830 > mx01.emig.gmx.net.smtp: tcp 0
00:41:11.074317 IP mx01.emig.gmx.net.smtp > MAIL.localdomain.56830: tcp 0
00:41:11.074527 IP MAIL.localdomain.34318 > mx00.emig.gmx.net.smtp: tcp 0
00:41:11.074865 IP mx00.emig.gmx.net.smtp > MAIL.localdomain.34318: tcp 0

States:
LAN tcp 192.168.1.105:56812 -> 212.227.17.5:25 TIME_WAIT:TIME_WAIT 1 / 1 60 B / 40 B
WAN tcp 192.168.188.22:8701 (192.168.1.105:56812) -> 212.227.17.5:25 TIME_WAIT:TIME_WAIT 1 / 1 60 B / 40 B

192.168.1.105 (Mail)
192.168.188.22 (Pfsense)

A Former User · Dec 22, 2019, 11:56 PM

@Derelict i tried to set my default gateway at the routing tab to my vpn gateway and then the traffic seems to get routed threw the OpenVPN Tunnel.
Dont know if that helps.

Derelict · Dec 22, 2019, 11:59 PM

Are you talking about outbound connections or inbound? What, specifically is not working.

A Former User · Dec 23, 2019, 12:00 AM

Outbound.

A Former User · Dec 23, 2019, 12:10 AM

@Derelict I think i got it to work. After i set the default gateway manually to the VPN and not automatic and saw that it worked,
i transfered the Flowing Rule i made for the outbound traffic to the Lan interface.
With the new knowledge of your help and the help of viragomann i changed some tiny things in the firewall rule.
After that i changed the default gateway back to automatic and know the outbound traffic takes the vpn and everything works.
I even rebootet the firewall to get lost of the states but everything still functions as it seems.

Thank you so very much for your dedication and your help.