Hi, Im newbie by the way. I have this weird error where I configured the openvpn of our IPFIRE, well it works really well even without any rules. Our small company have on Premise Exchange Server. I first, created a rule .
Source: Red Desti.NAT: Automatic Destination: 192.168.201.3(ip of the exchange server) protocol:tcp Desti_port:443. Well it is fine as well. I can connect openvpn and can also use the outlook mail through web browser anywhere. But as soon As I created the rule for SMTP25, as below rule settings:
Source: RED NAT:Desti.NAT:Auto Destination:192.168.201.3 Protocol:Preset Sevices:SMPT
Once everything created and applied, We still able to access the outlook from web browser and now we can also send and receive email using outlook app or thunderbird. But, I cant seem to connect the openVPN.
2022-08-23 10:19:22 MANAGEMENT: >STATE:1661242762,WAIT,
2022-08-23 10:20:23 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-08-23 10:20:23 TLS Error: TLS handshake failed
2022-08-23 10:20:23 SIGUSR1[soft,tls-error] received, process restarting
2022-08-23 10:20:23 MANAGEMENT: >STATE:1661242823,RECONNECTING,tls-error,
If I dissable the Rule where 25port is created, I can connect to vpn but cannot send or receive email using mailApps. It is so weird or maybe I need to create separate rules? I cant seems to understand why. What I am doing right now or my solution at the moment is to disable the rule smtp25 and connect to openvpn and activate rule smt25 and the openVPN will never be disconnected. But this is really bad.
By the way, The router already open the port 25,443 and 1149 so I think no issue with the router. Please somebody help a newbie like me.
sorry for my english.
I would ssh to ipfire and issue the following command:
tail -f /var/log/messages
this will show you the logs from the server side in real time (control c to exit). Then, with the smpt25 rule activated you connect with openvpn from one of your clients (from the red side) and see if it is openvpnserver to answer the call on the server side.
If you cannot do it in real time, you can always search the logs with this command:
grep openvpnserver /var/log/messages
My hypothesis is that when you activate the rule smtp25, the OpenVPN traffic ends up on your exchange server, for some reason I cannot even guess.
The packets destined to port 1194 are dropped, while there is traffic coming from x.x.229.100 (you should obscure that address by editing your message) in NAT toward your exchange server. Are they from the same source? Do you have any rule activated in the firewall that could justify those packets dropped?
Oh thanks, For some reason that x.x.229.100 I donno where it came from though. Its not even our public address of client or the server. Anyway, These are the rules I created until now. The 3rd one, I created it so I can use anydesk incase Icant connect to vpn.