PPTP vpn selective port routing

pauliesco

New Around Here
Hi,

I have my own server at home with a ip that changes everynow and again so in my wise wisdom I bought myself a vpn package with dedicated ip and port forwarding. With all my googling I’ve managed to get it 99% working which leaves my with same ip and a bit of security

My one and only problem is I can’t send emails because the vpn won’t allow my to have a reverse ptr record and most servers are refusing my emails so my question is …..
Is it possible to be connected to the vpn but send port 587 over my normal isp connection ?
I’ve do t my best to try and get familiar with iptables etc but I’m struggling with this one, I’m using Ubuntu 20.04

could someone with more wisdom explain in very simple term how to do this.

thanks again

paul
 
Last edited:

eibgrad

Part of the Furniture
Managing ports can be tricky when it comes to selective routing. The easier solution is to bind the mail server's IP(s) to the default gateway w/ static routes.

I'm assuming the PPTP client is on the PC. Let's say the mail server is @ 199.199.199.199. You could bind that IP to the default gateway of your primary router (e.g., 192.168.1.1) w/ the following command.

Code:
sudo ip route add 199.199.199.199 via 192.168.1.1

Or if the server has a domain name and perhaps multiple IPs ...

Code:
sudo route add -host somedomain.com gw 192.168.1.1
 
Last edited:

pauliesco

New Around Here
Managing ports can be tricky when it comes to selective routing. The easier solution is to bind the mail server's IP(s) to the default gateway w/ static routes.

I'm assuming the PPTP client is on the PC. Let's say the mail server is @ 199.199.199.199. You could bind that IP to the default gateway of your primary router (e.g., 192.168.1.1) w/ the following command.

Code:
sudo ip route add 199.199.199.199 via 192.168.1.1

Or if the server has a domain name and perhaps multiple IPs ...

Code:
sudo route add -host somedomain.com gw 192.168.1.1
Thanks for the reply very much appreciated which I will give a try later but would this actually work for me and please correct me if im wrong, the mail server is my machine which is my isps IP so all traffic would then go out other that, thats if im thinking correctly. So would inbound trafffic come via my vpn ip and all traffic go out through my isps out.

Paul
 

pauliesco

New Around Here
Or thinking out of the box here I have a vpn set up on my vps machine would it possible to forward ALL traffic from that?

Paul
 

eibgrad

Part of the Furniture
I thought you were using a PPTP *client* to access a remote mail server, and wanted that routed out the ISP rather than the PPTP connection. Are you saying this is your own PPTP *server* and you're hosting the mail server? And now you've added a VPS to the mix. I'm confused.

There's just too much ambiguity in your description. You need to be more precise about what is what, what is where, and the flow of traffic.

(draw a diagram if it helps)
 

pauliesco

New Around Here
I thought you were using a PPTP *client* to access a remote mail server, and wanted that routed out the ISP rather than the PPTP connection. Are you saying this is your own PPTP *server* and you're hosting the mail server? And now you've added a VPS to the mix. I'm confused.

There's just too much ambiguity in your description. You need to be more precise about what is what, what is where, and the flow of traffic.

(draw a diagram if it helps)
I confuse myself sometimes lol

1. I have my own server at home running virtualmin which works perfectly on my isps ip but that changes on a regular basis.
2. So I got a vpn with a dedicated IP and portforwarding with PPTP on ubuntu (76.1.xx.xx) which works perfectly apart from my home server cant send emails through the vpn connection (A lack of the PTR record and reverse address whcih they dont allow).
3. If could use my isps ip (82.111.xxx.xx) to send email that would fix my problem which why i thought if i could email from port 587 other my isps connection this might work.

Hope that makes a little more sense
Forget the vps that was just another though and another thread further down the line.

Paul
 

eibgrad

Part of the Furniture
Sounds to me like what I said originally still applies.

If your saying you have a PPTP client established to a VPN provider who is allowing you to port forward from his end of the tunnel and back into your home network to gain access to your mail server, and that PPTP client is established on the server itself, then presumably all your outbound traffic from that server is bound, by default, to the VPN too. While it is possible to selectively route port 587 outbound via the default gateway of your ISP using routing policy, that gets complicated to configure. It's just a lot easier to bind the public IP associated w/ that port to the default gateway of the ISP, just so long as that IP is only being used for port 587. IOW, that public IP and port 587 are synonymous, at least for the purposes of a routing decision.

If NOT, and that public IP sometimes has to be used for other purposes (other ports, protocols, etc.) and necessarily routed out the VPN, then that's when you'd need to use port-based policy routing. I'm just trying to avoid it if at all possible to keep things simple.
 

pauliesco

New Around Here
Managing ports can be tricky when it comes to selective routing. The easier solution is to bind the mail server's IP(s) to the default gateway w/ static routes.

I'm assuming the PPTP client is on the PC. Let's say the mail server is @ 199.199.199.199. You could bind that IP to the default gateway of your primary router (e.g., 192.168.1.1) w/ the following command.

Code:
sudo ip route add 199.199.199.199 via 192.168.1.1

Or if the server has a domain name and perhaps multiple IPs ...

Code:
sudo route add -host somedomain.com gw 192.168.1.1
Sorry for the late response just got round to trying this and up to now the emails dont make it to there destination, just while I find more time to mess how do I delete this rule ?

Paul
 

eibgrad

Part of the Furniture
Sorry for the late response just got round to trying this and up to now the emails dont make it to there destination, just while I find more time to mess how do I delete this rule ?

Paul

Same commands, except replace add with del.

P.S. On Ubuntu, these routes are NOT persistent across a reboot. You either need to reapply them on each reboot (which is what I do using a startup script) or manually configure the underlying network config file (there should be plenty of resources available to show you how).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top