• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

EMAIL Notification Issue

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 2 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    BBcan177 Moderator
    last edited by Feb 1, 2014, 2:07 AM

    I am having an issue with  "System:NOTIFICATION / SMTP"

    I have "DNS Forwarder" set to forward "mail.domain.com" to a 10.10.10.5, I have the Notification "Email server" set to "mail.domain.com" and the emails never go out.

    If I change the "Email Server" in Notification to 10.10.10.5, the emails don't go out.

    When i change "mail.domain.com" to the External IP address of the mail server, the email go thru, as this sends the email out thru the internet to get to my mail server.

    Would prefer the mail to stay within my VPN tunnel if possible.

    If I add a static route as indicated in this link -

    https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

    I have issues with Linux Machines not communicating properly thru the VPN Tunnel.

    Is this issue similar to the SYSLOG issue?

    "This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses. If you pick a single IP, remote syslog severs must all be of that IP type.
              If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.

    Are there are workarounds?

    Thanks

    "Experience is something you don't get until just after you need it."

    Website: http://pfBlockerNG.com
    Twitter: @BBcan177  #pfBlockerNG
    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

    1 Reply Last reply Reply Quote 0
    • B
      BBcan177 Moderator
      last edited by Feb 4, 2014, 12:41 AM

      Does anyone have a similar issue to the post below?

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • B
        BBcan177 Moderator
        last edited by Feb 10, 2014, 8:23 PM

        Anyone….. Someone must be using Email Notification?

        Thanks.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Feb 18, 2014, 1:40 PM

          That's just how IPsec operates currently. The traffic follows the routing table, so unless you have a route telling it to go "out" the LAN, it will not be sourced from the LAN and will end up going out WAN.

          If you want better control over the VPN routing, you'll need to use a routed VPN setup such as OpenVPN or IPsec in transport mode + GRE. OpenVPN is much easier if the other side supports it.

          If your WAN has a static IP, you might be able to work around that by adding another IPsec Phase 2 to cover the path from your WAN IP to the 10.10.10.x network on both ends.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • B
            BBcan177 Moderator
            last edited by Feb 19, 2014, 6:44 AM

            @jimp:

            That's just how IPsec operates currently. The traffic follows the routing table, so unless you have a route telling it to go "out" the LAN, it will not be sourced from the LAN and will end up going out WAN.

            If you want better control over the VPN routing, you'll need to use a routed VPN setup such as OpenVPN or IPsec in transport mode + GRE. OpenVPN is much easier if the other side supports it.

            If your WAN has a static IP, you might be able to work around that by adding another IPsec Phase 2 to cover the path from your WAN IP to the 10.10.10.x network on both ends.

            Thanks Jim,

            I tried to create a 2nd phase 2 on both pfSense Routers without success.

            I set the 2nd PH2 to,

            Tunnel IPv4                                                  (Also tried to change the Type to WAN Subnet)
            Type - Address
            xxx.xxx.xxx.xxx / 32  (WAN address) 
            Nat/BINAt - None
            Network - 10.10.1.0 /24                                  (Tried to set this as the remote router 10.10.1.1 /32
            ESP

            tried AES, than Blowfish separately. (all on Auto)

            Tried with one or several Hashes

            PFS 512,1024,2048, OFF

            No Luck. Also tried to turn on "Prefer older IPsec SAs"

            First PH is solid, First 2nd phase no issue either. ESP 2048, AES256, SHA512

            I will try to debug with an ssh shell using      racoon -F -d -v -f /var/etc/racoon.conf

            Thanks.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received