route traffic from local host though site-to-site VPN
-
Hey folks,
I'd like to route traffic from HostA on SiteA (local) though an IPsec VPN and out of one of SiteB's static IPs.Why?
- On SiteB I have some static IPs available and that's not an option on SiteA.
- SiteA is local to most users, and has more hosting capacity for this server
- It's a mail server and SiteA's ISP blocks port 25 where as SiteB does not.
SiteA and SiteB are connected via an IPsec VPN.
Is this the approach?
- set up an interface for IPsec
- use that interface as the gateway in a rule for HostA
- use outbound NAT on SiteB to make sure traffic goes out on a specific static IP
- add an inbound NAT rule on SiteB forwarding port 25 to HostA
Am I thinking about this correctly? What am I missing? Any other (preferable?) ways to accomplish effectively using a static IP on another box for a service on a local network?
-
@spacebass
I think, it could work if you use an OpenVPN site-to-site instead IPSec and if the pfSense on A is not on version 2.5.1. -
@viragomann thanks! Just curious why OpenVPN is preferable?
-
@spacebass
You have to route SMTP traffic from public sources over from B to A. To send response packets back the correct path to B instead out to the default gateway, there is a special traffic marking required, called reply-to.
But as far as I know, this doesn’t work on IPSec interfaces and it doesn‘t work on CE 2.5.1.