Bridge not reaching internal network for OpenVPN Ethernet Bridge in a Ubuntu 22.04 VM on ESXi

ThmX

3/4/24, 10:15 PM

I want to set up OpenVPN Ethernet Bridging. I'm following the steps from https://openvpn.net/community-resources/ethernet-bridging/ and after setting configuring the bridge as described in https://openvpn.net/community-resources/notes-ethernet-bridging-windows-client-linux-server/, I cannot reach any machines from my internal network. (i.e.: ping 10.5.0.2 is only returning Destination Host Unreachable)

Any idea why this is happening?

It is worth mentioning that I set up everything inside a Ubuntu 22.04 VM on ESXi 8.0.0 and promiscuous mode is activated on the vSwitch tried the Ethernet Adapter on both E1000 and VMXNET3.

EDIT: I think it might be an ESXi issue, I tried on a Raspberry Pi with Ubuntu 22.04 and it worked directly without any issue.

182

0 + 7

linux

openvpn

bridge

vidarlo

3/5/24, 11:16 AM

You probably haven't permitted arp spoofing and promiscious mode on the VM in esxi.

vidarlo

3/5/24, 11:50 AM

Besides, are you *certain* that you want bridging? Based on your question I guess you're new to networking - and the answer is usually that you don't want bridging, but perceive it to be tologically simpler. It ain't.

ThmX

3/5/24, 5:46 PM

Thanks for your feedback. As I said, I activated promiscious mode on the vSwitch and PortGroup, isn't it correct? I went for bridging as it provides assigned IP from a dedicated pool of local IPs as I want to have full two-way reachability without needing weird IPs. That being said, even if I could solve my problem without bridging, I would still want to understand why it is not working with ESXi while it worked directly by setting it up on a raspberry pi. I will still give it a try by using a dedicated ethernet port through passthrough to see if that solves the issue.

vidarlo

3/5/24, 6:02 PM

You get full two way reachability with routing. And none of the drawbacks of extending L2 across the internet.

ThmX

3/6/24, 12:10 PM

Oh alright, will give it a try then :) Also, I tried now using a ethernet port with passthrough instead of through ESXi and it works like a charm.

ThmX

3/6/24, 3:34 PM

I have everything running fine with TAP, but cannot make it run with TUN. I can ping the server using its internal IP, but cannot ping any machine from the internal network. I checked with tcpdump and the ICMP echo is received but I never get a reply from the machine. I temporarily deactivated UFW to check but no lock. I guess I need to configure some routing?

ThmX

3/6/24, 4:42 PM

Ok, finally managed to have it working both ways with tun, by following https://community.openvpn.net/openvpn/wiki/BridgingAndRouting I'll write down a better answer to my own question.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Bridge not reaching internal network for OpenVPN Ethernet Bridge in a Ubuntu 22.04 VM on ESXi

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.