Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense didn't send notification emails over openvpn/ipsec

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    8 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ggzengel
      last edited by

      I think the pfsense take the wrong source ip (WAN) for sending emails.
      Same thing if dns server behind openvpn or ipsec.

      What's the best way that pfsense will use source ip of LAN interface?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          ggzengel
          last edited by

          From this doc:

          As of pfSense 2.1, you can change the binding for SNMP, NTP, the DNS Forwarder, and several other services. 
          

          There are no options.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @ggzengel:

            There are no options.

            Huh? You need to look deeper in the GUI… Like, Services => SNMP => Interface binding; Services => DNS Forwarder => Interfaces or Services => NTP => Interface(s)

            1 Reply Last reply Reply Quote 0
            • G
              ggzengel
              last edited by

              But bindings didn't say which IP will be used for forwardings and notification didn't have any.

              In this doc:

              it :doesn't send the response out through a socket bound to the request packet
              

              The most services have config for source (or used) ip.

              The use of a "bogus static route" can have side effects in multi wan and load balancing configs.

              Until now is there not a user friendly solution?

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                I just do not think some 2004 quote related to SNMP is relevant to the OP and useful in any way. (On that note, the SNMP implementation is completely different.)

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  The quote about 2.1 is for the services mentioned and others that have controls.

                  For services that don't have binding controls, you still need the route, even on 2.1.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • G
                    ggzengel
                    last edited by

                    For dnsmasq I found this:

                    You can control how dnsmasq talks to a server: this forces

                    queries to 10.1.2.3 to be routed via eth1

                    server=10.1.2.3@eth1

                    For smtp.inc fsockopen can replaced like in http://stackoverflow.com/questions/4765269/specify-source-ip-using-fsockopen:

                    
                    $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
                    socket_bind($sock, '192.168.1.100');
                    socket_connect($sock, 'stackoverflow.com', 80);
                    
                    

                    I'm not a friend to make the config more complex with unnecessary routing.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.