my setup is hAP AC (962, 6.38.3), two WANs, one of them is with static IP, FQDN externally and used for outgoing connections, also SMTP
I use Mangle for this
also I use HairPinning to access hosts with same FQDN name internally and externally
all work fine, but if I try to use SMTP from VPN, connection time out. SMTP server acts as VPN server and I think, that there is some loop with this Mangle&HairPinning. I try to send e-mail from this host with externally FQDN name and there also was connection time out
therefore I need some solution to avoid this looping
I have 2 temporary solutions (workarounds, but it is not optimal):
as mobile clients always use VPN and all IP traffic such as web browsing and and DNS lookups goes through the VPN
Hint: If you posted your config, you could possibly get some useful replies. Based just on your description, nobody can know for sure what exactly you have configured.
Does the hairpin nat work… If you’re on the same network as smtp server, and you connect to the smtp service via the external IP of your router, does it hairpin back to the smtp server?
I avoid hairpin in favour of DNS because of these types of issues.
An internal DNS will resolve to internal IP, the public DNS will resolve to public IP. Then remember that DNS changes have to be applied both to the public and internal dns servers. Or if this is a one off case, you can put the smtp server’s FQDN in the Mikrotik, IP > DNS, Static. Using this feature does not make the Mikrotik authoratative for your domain so it’s possible to simply override a single subdomain in your domain.