Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN block and redirect ports

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ground01
      last edited by

      Hi all,

      I'm in the following situation.

      My pfSense box is configured to support PPTP VPN and OpenVPN co-workers. Both have their own subnet.

      Interface LAN = 172.16.2.0/28
      PPTP VPN = 172.16.201.0/28
      OpenVPN = 172.16.200.0/28

      Some of our co-workers work from home and connect with their VPN but due to a bad habbit they use their own
      mailserver for sending mail to our customers. Now there is a policy that they may only use our relay SMTP.

      Is there a way that i can block port 25 SMTP and redirect that to our lets say: 172.16.2.10 SMTP box?

      I have read i have to make those rules under the LAN firewall part, and specify the openvpn subnet as source but not working.
      Older releases don't have an option to filter tun / tap devices but i'm lost on what to use, for PPTP i can block the port but not yet redirect it.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        I think you're looking at it from the wrong perspective.

        What programs do they use to e-Mail? The SMTP server they are using has to be changed in the program settings.
        If it is setup to use  smtp.yahoo.com (for example) it tries to connect to this server, regardless of the route.

        1 Reply Last reply Reply Quote 0
        • G
          ground01
          last edited by

          Hi,

          I know. I don't have much users but problem is they mostly don't even know the difference between our SMTP server and the one they use at home.

          It would be easier if i can route all port 25 to my own server since they use different providers. Then they can leave their settings just as they are and
          when they are not connected they dont have to change the mailserver.

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            You are trying to fix the wrong problem.

            Do those computers belong to the company that owns the to-be-used relay server?
            What OS and which mail program do they use?

            1 Reply Last reply Reply Quote 0
            • G
              ground01
              last edited by

              I fixed the problem using the DNS forwarder and make their A record lookup for the mailserver they use to go to our A record.

              Not very fail proof but for now it is working.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.