I have what appears to be a routing problem for traffic originating down an ipsec tunnel trying to gain access to the VM's running on the remote.
The ipsec tunnel is natted on 172.16.129.254 so the machine running vmware (192.168.5.174) sees the remote user as that IP address and from the vmware host I can ping that IP address.
The vmware host runs on subnet 192.168.5.0/24.
The vmware guets o/s is set to share the same network and has a separate IP address on that network.
I added a static route on the guest O/S to send traffic for 172.16.129.254 via 192.168.5.174
I can from the remote IPSEC user ping 192.168.5.50 (the guest) and get a response.
If I try and connect to 192.168.5.50 on port 3389 from the host, it connects.
If I try and connect to 192.168.5.50 on port 3389 from the remote end of the ipsec tunnel, it fails to connect.
A tcpdump on the host o/s shows the inbound SYN from 172.16.129.254 destined for 192.168.5.50 but I get no response from 192.168.5.50.
The guest o/s is Win2k with no firewall installed.
The problem happens with the firewall on the host o/s switched off.
The SYN packet makes it to the host o/s so its not being blocked at the remote end of the ipsec tunnel.
192.175.5.174 (eth0) <- (sit0) <- 172.16.129.254 <- linux-fw <- client
\ |
\ |
v
192.168.5.50
The settings on the VM are set to:
Ethernet, Bridged
Any suggestions as to why this might not work? Is this a vmware issue or just a general linux routing issue? I find it odd that ping works but tcp connection to a port I know is open does work.