Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can't access ESXi host from inside over OpenVPN on the virtual lan

Posted on 2014-01-03
2
Medium Priority
?
2,622 Views
Last Modified: 2014-01-03
This is a bit of a weird one and will take a bit of explaining so bear with me.

We have a VMWare ESXi host in the office. It runs half a dozen VMs that provide various business services.

The host's network is configured so that there's an internal network that all the VMs share. It is separate from the rest of the office outside of the host.

One of the VMs is a pfSense Router Distro. Basically, this VM provides the router and a NAT gateway that connects the internal virtual network to the outer office network.

The host has two management IP addresses - one for the outer office network, and one for the internal virtual network.

pfSense is running an OpenVPN Server, and staff connect to the internal virtual network from home over the internet using the OpenVPN client.

The staff who use the VPN are often NOT on the outer office network. They're usually at home working remotely.

------

Internal virtual network
         192.168.7.0/24
         pfSense router:   192.168.7.0
         ESXi management IP:    192.168.7.3

Outer office network:
         192.168.0.0/24
         ESXi management IP:    192.168.0.3

OpenVPN network:
         10.0.8.0/24
         OpenVPN gateway:   10.0.8.5

------

Here's the problem:

- When I connect to the network from the Internet via OpenVPN, I cannot ping or communicate with 192.168.7.3.
- I CAN communicate with everything else on the internal virtual network
-  Virtual machines on the internal virtual network CAN communicate with 192.168.7.3


I'm confident that OpenVPN is working properly... the firewall is completely opened up and everything else is accessible. There's nothing to specifically deny this one IP address.

I have also tested that pfSense CAN ping the ESXi host on 192.168.7.3.... when it pings using it's network adapter connected to the internal virtual network.

pfSense CANNOT ping the ESXi host on 192.168.7.3 when it pings from the OpenVPN network adapter. pfSense CAN ping everything else on the 192.168.7.0/24 subnet via the OpenVPN network adapter, though.

---------

So my conclusion from all of this, is that there appears to either be a problem with pfSense, or there's a problem with the network configuration on the ESXi host.

Perhaps the issue is that the ESXi host is rejecting connections that come from a separate subnet (the 10.0.8.0/24 subnet that OpenVPN assigns IPs on)? Is there some kind of firewall in ESXi that I don't know about?


Any help would  be greatly appreciated.
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 2000 total points
ID: 39753948
I know this is going to sound really silly, but have you checked the default gateway of the management network?  It should be the pfSense 192.168.7.x IP, right?  

~Jon
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 39753959
*facepalm*

That was it - the default gateway for the management network was set to 192.168.0.1 and it needed to be set to 192.168.7.1 .

Thank you, Jon!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question