Possible firewall problem between OpenVPN and LAN

  • I've got a setup where an OpenVPN tunnel is used to access a second management port on an ESXi host to allow remote administration - pfSense runs as a guest on the host.

    There is a "Pass all IPv4" rule on the LAN and OpenVPN interfaces.

    The ESXi host has been configured to route OpenVPN tunnel traffic back via the pfSense LAN interface.

    With this setup I can ping the ESXi host over the VPN and I can access its web interface at https://host.ip/ui.

    However, I cannot ssh into the ESXi host or access it using the vSphere client.

    Using "Diagnostics / Test Port" I am able to open a connection to the ESXi host on port 22 from the "VPN" source address, but not from the "OpenVPN Server:" source address.

    Any pointers as to what's going on here? Is this some sort of firewall state issue?

  • Found the problem. It was the firewall - the one on the ESXi host! This had been enabled for SSH access, but did not have an "allow" for the VPN tunnel network.

Log in to reply