Hi,
I am running vmware server on a Linux box which is also an OpenVPN server (subnet 10.33.0.x). The virtual machines are all behind vmnet8 (NAT) which has IP 192.168.33.1 (192.168.33.2 to the inside).
I can ping from any virtual machine to an OpenVPN client without adding any special routes to the VMs.
I can not ping, however, from the OpenVPN client to the virtual machines. Using tcpdump, the icmp-echo-requests are routed from tun0 (the OpenVPN interface) to vmnet8 and reach the virtual machine. The icmp-echo-reply packets, however, are making it only back to vmnet8 and then vanish.
If I add a route to the virtual machines via the vmnet8 outside (route add -net 10.33.0.0 netmask 255.255.255.0 gw 192.168.33.1), the OpenVPN client can communicate with the VMs. Putting this route via the actual gw 192.168.33.2 does not work, though.
I do not understand why the virtual machines need a route for answering to incoming VPN traffic, but do not need a route for initiating and maintaining communication to a VPN client. Is there anything that need to be setup (route-wise) within vmnet8? Or any other idea what may be wrong here?
Daniel