i have a internal mail server with pfsense as my gateway. i have vps set with openvpn server with routing rout all mail ports and html ports to my tun0 connection.
if ca follow traphic all the way to the mail server but i can see that it tries to go back out.
09:32:03.348763 IP 192.168.2.5.443 > 188.8.131.52.34672: Flags [S.], seq 2564537778, ack 4274401184, win 65160, options [mss 1460,sackOK,TS val 3217137 ecr 1301819100,nop,wscale 7], length 0
i see it trying to leave via my wan gw not my openvpn gw… any ideas i am alll out
You have two options. If you have point-to-point tunnel, you can push routes that way.
Also, you can add an additional gateway and then make a rule for your mailserver to route via that gateway going over the openvpn tunnel.
thanks that is 1/2 of what i was missing can see it coming in on openvpn and leaving on vpn via gateway. last issue is it seems to be stuck at GW ie i can ssh out from internal server but it seems to route thought vpn but never get to the far side
I didn’t understand. Could you rephrase that? If I understood correctly, now all your traffic from the internal mail server is routing through openvpn and you don’t want that? If that’s the case, make sure the rule contains only the ports for the destination.
Create an Alias containing the list of ports (destination) you want going over your vpn. In this case, I am assuming you just want emails to be NAT’ed through the VPS since perhaps your (home?) IP is automatically on a blacklist?
Modify your existing rule and set the destination ports to the alias you created.
Now you should have your internal mailserver only send over destined email traffic over your vpn connection while forwarding out regular traffic out of your GW wherever this may be (seems like this would only be done at home).
home address is not static not on a black list.
i am currently trying to connect to webmail so using http https as its easy to test.
from mail server (linux) i can ping, traceroute ,ssh etc out and using tcpdump on vps i can see currect traphic go out no issues. when i from outside https://intra-hive.com i can see the trafic been sent trough vps. i can follow it to the mail server using tcpdump and can see it responding and using the packet capture can see it been sent out the gateway 10.8.0.4 issue is i am not seeing it return on the tun0 of the vps. i even routed all my laptop traffic through the tunnel and was able to confirm my ipadress. so only issue is packets from outside not returning still trough the gateway. all other is fine
figured it out i had rule on openvpn that caused it to fail deleted all rules from openvpn and it started working thanks for your help
thanks this all works i did not realise you could hange gw and not sure the logic but the min i took off rule of the defaut openvpn every thing worked