165 | | = Caveats with VMs and Bridging = |
166 | | When creating an OpenVPN setup on a virtualized machine, make certain that "promiscuous mode" is enabled for the virtual switches that the OpenVPN server is connected to. Successful use of the bridge-start script and brctl tool requires that the interfaces be in this mode (the lines "ifconfig $t 0.0.0.0 promisc up" in the script.) While your guest (virtual) OS kernel may tell you that "kernel: device eth0 entered promiscuous mode" - the virtual switch it is connected to may be blocking this ability. And blocking it silently, so it is very hard to detect. |
167 | | |
168 | | Taken [http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/ from here]: |
169 | | |
170 | | {{{ The ESXi virtual switch drops promiscous packets by default. To fix it, open the vSphere Client, click on the ESXi host on the left side, click on the “Configuration” tab on the right, click “Networking” in the Hardware box, click on “Properties…” at the top-right of your “Virtual Switch: vSwitch#” graphic. Now on the “Tools” tab of this popup window, select the “vSwitch” and click the “Edit…” button. In this popup, click on the “Security” tab and change “Promiscuous Mode” from “Reject” to “Accept”. Click “OK” then “Close” and you should be all set. |
171 | | }}} |
172 | | |
173 | | ''(I had several days of pulling my hair out, trying to figure out why bridging and proper routing wasn't working, even though all the logs were telling me things were fine. I am putting this here, though it may not be the right place, in the hope that this subtle behavior doesn't burn anyone else.)'' |
174 | | |