DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Forwarding port via VPN - wrong IP shown
- lesd
- Topic Author
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
26 Feb 2024 13:17 #103186
by lesd
Les
Forwarding port via VPN - wrong IP shown was created by lesd
I have copied this post from the VPN Connectivity forum as that seems to be a very low traffic area.
I have a 2866 at site 1 connected to a 2862 at site 2 via a Lan to Lan VPN.
Site 1 router's IP is 192.168.1.1 while site 2 is on 10.27.27.x
At site 2 there is a mail server running (hMailserver) at 10.27.27.56.
Port 25 at the site 1 2866 is open and forwarded to the mail server at 10.27.27.56 - down the VPN
What I have discovered is that connections made at site 1 to port 25 and forwarded to the mail server at site 2 are appearing to the mailserver as coming from 192.168.1.1 (the site 1 router address) rather than from the actual connecting device's external IP.
This is a disaster. All mail servers are constantly being hammered by spammers looking for open relays. The mailserver is constantly banning IPs that keep trying and failing. The result in this case is that 192.168.1.1 is banned 100% of the time and is effectively dead for the purpose of receiving emails.
Is this behaviour normal? Shouldn't the site 1 routing be passing on the IP of the external connection via the vpn?
Clearly for a local mailserver at site 1 it must see the the external IP. Why should the fact that is going down the VPN change this?
It strikes me I must have done something wrong somewhere. (This is the first time I have set up a VPN so maybe something there is wrong.)
The VPN is using SSL Tunnel.
I have a 2866 at site 1 connected to a 2862 at site 2 via a Lan to Lan VPN.
Site 1 router's IP is 192.168.1.1 while site 2 is on 10.27.27.x
At site 2 there is a mail server running (hMailserver) at 10.27.27.56.
Port 25 at the site 1 2866 is open and forwarded to the mail server at 10.27.27.56 - down the VPN
What I have discovered is that connections made at site 1 to port 25 and forwarded to the mail server at site 2 are appearing to the mailserver as coming from 192.168.1.1 (the site 1 router address) rather than from the actual connecting device's external IP.
This is a disaster. All mail servers are constantly being hammered by spammers looking for open relays. The mailserver is constantly banning IPs that keep trying and failing. The result in this case is that 192.168.1.1 is banned 100% of the time and is effectively dead for the purpose of receiving emails.
Is this behaviour normal? Shouldn't the site 1 routing be passing on the IP of the external connection via the vpn?
Clearly for a local mailserver at site 1 it must see the the external IP. Why should the fact that is going down the VPN change this?
It strikes me I must have done something wrong somewhere. (This is the first time I have set up a VPN so maybe something there is wrong.)
The VPN is using SSL Tunnel.
Les
Please Log in or Create an account to join the conversation.
- pharcyder
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
27 Feb 2024 09:27 #103188
by pharcyder
Replied by pharcyder on topic Re: Forwarding port via VPN - wrong IP shown
Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.
Please Log in or Create an account to join the conversation.
- lesd
- Topic Author
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
27 Feb 2024 10:09 #103189
by lesd
I have set this up. I can see the two options. It is greyed out with option set to Route.
But I'm still getting the same result - the mail server connections at site 2 are showing as coming from 192.16.1.1 - the site 1 router.
Les
Replied by lesd on topic Re: Forwarding port via VPN - wrong IP shown
pharcyder wrote:
Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.
I have set this up. I can see the two options. It is greyed out with option set to Route.
But I'm still getting the same result - the mail server connections at site 2 are showing as coming from 192.16.1.1 - the site 1 router.
Les
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek