I have copied this post from the VPN Connectivity forum as that seems to be a very low traffic area.

---

I have a 2866 at site 1 connected to a 2862 at site 2 via a Lan to Lan VPN.

Site 1 router's IP is 192.168.1.1 while site 2 is on 10.27.27.x

At site 2 there is a mail server running (hMailserver) at 10.27.27.56.

Port 25 at the site 1 2866 is open and forwarded to the mail server at 10.27.27.56 - down the VPN

What I have discovered is that connections made at site 1 to port 25 and forwarded to the mail server at site 2 are appearing to the mailserver as coming from 192.168.1.1 (the site 1 router address) rather than from the actual connecting device's external IP.

This is a disaster. All mail servers are constantly being hammered by spammers looking for open relays. The mailserver is constantly banning IPs that keep trying and failing. The result in this case is that 192.168.1.1 is banned 100% of the time and is effectively dead for the purpose of receiving emails.

Is this behaviour normal? Shouldn't the site 1 routing be passing on the IP of the external connection via the vpn?

Clearly for a local mailserver at site 1 it must see the the external IP. Why should the fact that is going down the VPN change this?

It strikes me I must have done something wrong somewhere. (This is the first time I have set up a VPN so maybe something there is wrong.)

The VPN is using SSL Tunnel.

Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.

pharcyder wrote:
Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.

I have set this up. I can see the two options. It is greyed out with option set to Route.

But I'm still getting the same result - the mail server connections at site 2 are showing as coming from 192.16.1.1 - the site 1 router.