Messages

There's really not much architecture - just the OPNsense-box at the remote location - it's one end of the IPSec-Tunnel. The other end of the tunnel is a MikroTik-Router (CCR2004 if it helps) connecting it to the private LAN where the mailserver sits. Firewall is completely open for IPSec.

I'm testing connection using OPNsense > Interfaces > Diagnostics > Port Probe
OPNsense succeeds opening connection to the mailserver if the LAN-NIC is selected as Source Address.

If WAN is selected, it says nc: connect to xxx.xxx.xxx.xxx port 25 (tcp) failed: Operation timed out

OPNsense is running at gridscale (an IaaS-Provider) and can get a static IPs from there.
It has two NICs: WAN and LAN.

(Reason for all this: at home, there's no static IP and therefore I'd like to send E-Mail through the tunnel.)

The only setting is a Port Forward matching WAN address at Port 25 natting to the IP on the other side of the tunnel.

A strange thing is: I can ping the private IP from OPNsense using it's LAN-Address but not using the WAN-Address?!

Did nobody ever try this with OPNsense?

Hi!

I have OPNsense (21.7.5) running on a machine having an public (static) IP.
Now I'd like to forward incoming SMTP to my private mailserver in my home-network which is connected using IPsec like:

Internet -> Public-IP:25 -> NAT -> IPSec -> Private Mailserver

Traffic from OPNsense flows fine through IPSec-Tunnel.
Unfortunately, the Port Forward from WAN-Address:25 to the LAN-Address of my mailserver does not work.

Can anybody give me a tip how to set it up?

Edit:
* Port Probe using Source Address "LAN" to Mailserver works fine.
* Port Probe using "WAN" to Mailserver does not work.

Thanks!
Sascha

I can also confirm this issue.
Unfortunately, it literally took more than 3 hours to find this here.
(was really in doubt of myself - but the issue persisting on a freshly pulled up testinstall 'saved' my mind  ;))