Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    EMAIL Notification Issue

    General pfSense Questions
    2
    5
    997
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177
      BBcan177 Moderator last edited by

      I am having an issue with  "System:NOTIFICATION / SMTP"

      I have "DNS Forwarder" set to forward "mail.domain.com" to a 10.10.10.5, I have the Notification "Email server" set to "mail.domain.com" and the emails never go out.

      If I change the "Email Server" in Notification to 10.10.10.5, the emails don't go out.

      When i change "mail.domain.com" to the External IP address of the mail server, the email go thru, as this sends the email out thru the internet to get to my mail server.

      Would prefer the mail to stay within my VPN tunnel if possible.

      If I add a static route as indicated in this link -

      https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

      I have issues with Linux Machines not communicating properly thru the VPN Tunnel.

      Is this issue similar to the SYSLOG issue?

      "This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses. If you pick a single IP, remote syslog severs must all be of that IP type.
                If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.

      Are there are workarounds?

      Thanks

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        Does anyone have a similar issue to the post below?

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • BBcan177
          BBcan177 Moderator last edited by

          Anyone….. Someone must be using Email Notification?

          Thanks.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            That's just how IPsec operates currently. The traffic follows the routing table, so unless you have a route telling it to go "out" the LAN, it will not be sourced from the LAN and will end up going out WAN.

            If you want better control over the VPN routing, you'll need to use a routed VPN setup such as OpenVPN or IPsec in transport mode + GRE. OpenVPN is much easier if the other side supports it.

            If your WAN has a static IP, you might be able to work around that by adding another IPsec Phase 2 to cover the path from your WAN IP to the 10.10.10.x network on both ends.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • BBcan177
              BBcan177 Moderator last edited by

              @jimp:

              That's just how IPsec operates currently. The traffic follows the routing table, so unless you have a route telling it to go "out" the LAN, it will not be sourced from the LAN and will end up going out WAN.

              If you want better control over the VPN routing, you'll need to use a routed VPN setup such as OpenVPN or IPsec in transport mode + GRE. OpenVPN is much easier if the other side supports it.

              If your WAN has a static IP, you might be able to work around that by adding another IPsec Phase 2 to cover the path from your WAN IP to the 10.10.10.x network on both ends.

              Thanks Jim,

              I tried to create a 2nd phase 2 on both pfSense Routers without success.

              I set the 2nd PH2 to,

              Tunnel IPv4                                                  (Also tried to change the Type to WAN Subnet)
              Type - Address
              xxx.xxx.xxx.xxx / 32  (WAN address) 
              Nat/BINAt - None
              Network - 10.10.1.0 /24                                  (Tried to set this as the remote router 10.10.1.1 /32
              ESP

              tried AES, than Blowfish separately. (all on Auto)

              Tried with one or several Hashes

              PFS 512,1024,2048, OFF

              No Luck. Also tried to turn on "Prefer older IPsec SAs"

              First PH is solid, First 2nd phase no issue either. ESP 2048, AES256, SHA512

              I will try to debug with an ssh shell using      racoon -F -d -v -f /var/etc/racoon.conf

              Thanks.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post