Community discussions

 
ieleja
just joined
Topic Author
Posts: 8
Joined: Thu Mar 29, 2012 10:22 pm

access SMTP server using VPN

Wed Mar 01, 2017 3:11 pm

hi,

my setup is hAP AC (962, 6.38.3), two WANs, one of them is with static IP, FQDN externally and used for outgoing connections, also SMTP

I use Mangle for this
also I use HairPinning to access hosts with same FQDN name internally and externally

all work fine, but if I try to use SMTP from VPN, connection time out. SMTP server acts as VPN server and I think, that there is some loop with this Mangle&HairPinning. I try to send e-mail from this host with externally FQDN name and there also was connection time out

therefore I need some solution to avoid this looping

thanks in advance,
ieleja
 
ieleja
just joined
Topic Author
Posts: 8
Joined: Thu Mar 29, 2012 10:22 pm

Re: access SMTP server using VPN

Wed Mar 01, 2017 7:01 pm

I have 2 temporary solutions (workarounds, but it is not optimal):
as mobile clients always use VPN and all IP traffic such as web browsing and and DNS lookups goes through the VPN
- use SMTP server with internal IP address,
- switch off VPN when sending e-mails
 
Sob
Forum Guru
Forum Guru
Posts: 4807
Joined: Mon Apr 20, 2009 9:11 pm

Re: access SMTP server using VPN

Fri Mar 03, 2017 1:19 am

Hint: If you posted your config, you could possibly get some useful replies. Based just on your description, nobody can know for sure what exactly you have configured.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
Van9018
Long time Member
Long time Member
Posts: 515
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: access SMTP server using VPN

Fri Mar 03, 2017 3:14 am

Does the hairpin nat work... If you're on the same network as smtp server, and you connect to the smtp service via the external IP of your router, does it hairpin back to the smtp server?

I avoid hairpin in favour of DNS because of these types of issues.

An internal DNS will resolve to internal IP, the public DNS will resolve to public IP. Then remember that DNS changes have to be applied both to the public and internal dns servers. Or if this is a one off case, you can put the smtp server's FQDN in the Mikrotik, IP > DNS, Static. Using this feature does not make the Mikrotik authoratative for your domain so it's possible to simply override a single subdomain in your domain.

Who is online

Users browsing this forum: No registered users and 22 guests