Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense sending eMail through VPN tunnel - no way?

    Scheduled Pinned Locked Moved IPsec
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Hi!

      After some years of digging IPsec tunnels I learned something new today: There is apparently no route to make a pfSense box send status eMails (System -> Advanced -> Notifications) trough a fully functional IPsec tunnel. I always get in the Systemlog:

      php: /system_advanced_notifications.php: Could not send the message to "DINGS@Daddal.sel" – Error: could not connect to the host "IP_OF_MAILSERVER_ON_OTHER_SIDE_OF TUNNEL": ??

      No firewall/snort log showing any blocks at all. Ping from LAN-IP of pfSense to mailserver works fine, from WAN-IP of pfSense not at all, even with an ICMP-allow rule for the WAN-IP on the IPsec rules tab.

      The firewall has for IPsec "allow TCP/UDP" and "allow ICMP" rules for all IPs/ports on the LAN. As the box might send with its WAN IP, I added for testing an additional rule, allowing from the WAN IP of the box to the mailserver (port 25). No way to get this eMail through the tunnel.

      Did I miss something?

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Did you try this?
        https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Not yet… but it works!  :D party

          What if I had more than IPsec tunnel active? Is that a problem? Not, I guess...

          PS: The eMail works fine, but the other side of the tunnel can't access various resources on the LAN behind the pfSense to send the eMails...

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            Wuuuuaaaahhh, I removed the route, but even after a reboot on both sides the tunnel works only for smb, http/https, but no VNC, VLC, etc. can pass through and I have no idea why…

            1 Reply Last reply Reply Quote 0
            • dotdashD
              dotdash
              last edited by

              If it's working for http, etc. I see no reason why it wouldn't be working for other traffic. Try allowing IP any any on the IPsec tab on the fw rules.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Changed tunnel back to openVPN, same problem, but only on this single computer… Changed to another network card - works, at least with openVPN, not willing to switch back to IPsec at that time... :o

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.