OpenVPN bridge and VMWare ESX 3.5
These days i wanted to add an OpenVPN Server in bridged mode to my Network Infrastructure.
But there was one big problem: the OpenVPN System can’t live on a special Subnet and it cannot be routed through because the Network is maintained by other People which do not want to give me another Subnet and i don’t want to set the OpenVPN Gateway as default gateway in the Network.
So the only solution to this was a bridged OpenVPN Server and i set it up in my VMWare ESX 3.5 the following way:
I can connect to the Server from Outside and get an IP-Address from the OpenVPN Server as specified in “server-bridge …..”
However i can’t connect to the other system’s in the Subnet, with tcpdump i only see a lot of “who-has” requests but it seems that the ARP replies didn’t go back to the Connected VPN Client.
I tried virtually anything and after a day of research i finally got it working. Why? Simple after all :)
- First you need to enable Promisc mode for the Virtual Network, this is a setting of the vSwitch under the “Security” Tab
- Second, ensure you DO NOT connect more than one Network card to the Virtual Switch providing the vSwitch your OpenVPN Server is connected. That was my main problem.
- Third, ensure you enable ip_forwarding -> “echo 1 > /proc/sys/net/ipv4/ip_forward”
- Forth, if you do ping tests and your VPN client is Windows, double, triple-check the firewall is off :)
After removing the other Network cards from the Virtual Switch i could reach my complete Network instantly!
