PfSense sending eMail through VPN tunnel - no way?

  • Hi!

    After some years of digging IPsec tunnels I learned something new today: There is apparently no route to make a pfSense box send status eMails (System -> Advanced -> Notifications) trough a fully functional IPsec tunnel. I always get in the Systemlog:

    php: /system_advanced_notifications.php: Could not send the message to "DINGS@Daddal.sel" – Error: could not connect to the host "IP_OF_MAILSERVER_ON_OTHER_SIDE_OF TUNNEL": ??

    No firewall/snort log showing any blocks at all. Ping from LAN-IP of pfSense to mailserver works fine, from WAN-IP of pfSense not at all, even with an ICMP-allow rule for the WAN-IP on the IPsec rules tab.

    The firewall has for IPsec "allow TCP/UDP" and "allow ICMP" rules for all IPs/ports on the LAN. As the box might send with its WAN IP, I added for testing an additional rule, allowing from the WAN IP of the box to the mailserver (port 25). No way to get this eMail through the tunnel.

    Did I miss something?

  • Not yet… but it works!  :D party

    What if I had more than IPsec tunnel active? Is that a problem? Not, I guess...

    PS: The eMail works fine, but the other side of the tunnel can't access various resources on the LAN behind the pfSense to send the eMails...

  • Wuuuuaaaahhh, I removed the route, but even after a reboot on both sides the tunnel works only for smb, http/https, but no VNC, VLC, etc. can pass through and I have no idea why…

  • If it's working for http, etc. I see no reason why it wouldn't be working for other traffic. Try allowing IP any any on the IPsec tab on the fw rules.

  • Changed tunnel back to openVPN, same problem, but only on this single computer… Changed to another network card - works, at least with openVPN, not willing to switch back to IPsec at that time... :o

Log in to reply