DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Forwarding port via VPN - wrong IP shown

More
26 Feb 2024 13:17 #103186 by lesd
I have copied this post from the VPN Connectivity forum as that seems to be a very low traffic area.


I have a 2866 at site 1 connected to a 2862 at site 2 via a Lan to Lan VPN.

Site 1 router's IP is 192.168.1.1 while site 2 is on 10.27.27.x

At site 2 there is a mail server running (hMailserver) at 10.27.27.56.

Port 25 at the site 1 2866 is open and forwarded to the mail server at 10.27.27.56 - down the VPN

What I have discovered is that connections made at site 1 to port 25 and forwarded to the mail server at site 2 are appearing to the mailserver as coming from 192.168.1.1 (the site 1 router address) rather than from the actual connecting device's external IP.

This is a disaster. All mail servers are constantly being hammered by spammers looking for open relays. The mailserver is constantly banning IPs that keep trying and failing. The result in this case is that 192.168.1.1 is banned 100% of the time and is effectively dead for the purpose of receiving emails.

Is this behaviour normal? Shouldn't the site 1 routing be passing on the IP of the external connection via the vpn?

Clearly for a local mailserver at site 1 it must see the the external IP. Why should the fact that is going down the VPN change this?

It strikes me I must have done something wrong somewhere. (This is the first time I have set up a VPN so maybe something there is wrong.)

The VPN is using SSL Tunnel.

Les

Please Log in or Create an account to join the conversation.

More
27 Feb 2024 09:27 #103188 by pharcyder
Replied by pharcyder on topic Re: Forwarding port via VPN - wrong IP shown
Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.

Please Log in or Create an account to join the conversation.

More
27 Feb 2024 10:09 #103189 by lesd

pharcyder wrote:
Sounds like the tunnel is NAT'd rather than Route. I only use IPSec VPNs which offers both modes. Worth a check.



I have set this up. I can see the two options. It is greyed out with option set to Route.

But I'm still getting the same result - the mail server connections at site 2 are showing as coming from 192.16.1.1 - the site 1 router.

Les

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami