Possible firewall problem between OpenVPN and LAN
-
I've got a setup where an OpenVPN tunnel is used to access a second management port on an ESXi host to allow remote administration - pfSense runs as a guest on the host.
There is a "Pass all IPv4" rule on the LAN and OpenVPN interfaces.
The ESXi host has been configured to route OpenVPN tunnel traffic back via the pfSense LAN interface.
With this setup I can ping the ESXi host over the VPN and I can access its web interface at https://host.ip/ui.
However, I cannot ssh into the ESXi host or access it using the vSphere client.
Using "Diagnostics / Test Port" I am able to open a connection to the ESXi host on port 22 from the "VPN" source address, but not from the "OpenVPN Server:" source address.
Any pointers as to what's going on here? Is this some sort of firewall state issue?
-
Found the problem. It was the firewall - the one on the ESXi host! This had been enabled for SSH access, but did not have an "allow" for the VPN tunnel network.