OPNsense Forum
English Forums => Virtual private networks => Topic started by: fbeye on February 19, 2023, 03:43:51 pm
-
Hello
I have a DHCP Server 192.168.5.2 - 192.168.5.177 to hand out IP's. I have an email server 192.168.5.180, 192.168.5.181 that need to have their legitimate WAN IP.
When I enable the OpenVPN (NordVPN) I see that my .180 and .181 WAN IP change to the NordVPN IP.... But oddly enough, incoming email still gets to them. The issue I have is that OUTGOING emails say "connection refused".
To verify it is not something else, when I disable the OpenVPN, email sends out like normal.
Unless this is an obvious thing to fix/modify, is there simply a way to remove specific IP's, or even 192.168.5.178 - 192.168.5.200 from the OpenVPN connectivity?
-
Look up "Policy Based Routing" in the docs.
-
Hopefully these are what you mean;
https://docs.opnsense.org/manual/firewall.html
https://docs.opnsense.org/manual/how-tos/multiwan.html
-
https://docs.opnsense.org/manual/firewall.html#policy-based-routing
-
Correct, I posted the main default page but I did and do see that.
I do not want it said for me, as clearly no one learns as such, but man alive I am looking at that and my jaw is dropping cause I simply am not seeing WHAT to do.
Am I correct in, I create a new rule (LAN Out, or Outbound NAT?) and then simply specify the Gateway, which enables the PBR?
Gateway
When a gateway is specified, packets will use policy based routing using the specified gateway or gateway group. Usually this option is set on the receiving interface (LAN for example), which then chooses the gateway specified here. (This ignores default routing rules). Only packets flowing in the same direction of the rule are affected by this parameter, the opposite direction (replies) are not affected by this option.
-
Ugh. I can not get it to work, or I have done something wrong!
NO VPN, All email incoming and outgoing. When I enable VPN and using SAME "LAN to WAN (Outbound Mail) Rule, I add in Gateway (and created a Gateway) and use that, it still does not send. Well, it tries to but fails;
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[67.195.228.110]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[98.136.96.91]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta5.am0.yahoodns.net[98.136.96.91]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[67.195.204.72]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[98.136.96.75]:25: Connection refused
I do indeed have Port 25 open, and my ISP does not block Port 25.
I know this is not an OPNSense issue, but by enabling the VPN, it is getting blocked so my intent is if anyone has a solution regardless.?
-
Well maybe there was a delay in what I did, because now all of a sudden I got like 50 test emails both to and from the email server, so it worked!
I bypassed the VPN using PBR. Thank you for that link, and your SILENCE ONLY MADE ME DIG DEEPER!!
Thank you.
-
Sorry, Didn't know I WAS SUPPOSED TO BE AT YOUR BECK AND CALL all day.
I gave you the answer in my first post.
-
I was saying it as a compliment and encouragement that you gave me to dig dig dig ;)
-
Gotcha. So then you took it correctly! ;D
Good to learn new things.