I have a VMWare Fusion virtual machine running on a computer to which I am connected by OpenVPN in Tunnel mode. (Let's call the three machines: "MyMac," "Host," and "VM.")
VM has two ethernet adapters.
(Let's wish for the good ol' days and call 'em "eth0" and "eth1." ) eth0 is shared with the Host, and is used for updates and such. eth1 is defined as "bridged, non-autodetect." I have set to the static address '192.1.2.3,' by virtue of [font=courier]/etc/network/interfaces[/i] entries. I know that it works because Host can ping VM and vice-versa.
• MyMac can ping Host, and can also ping a remote system on the Internet to which Host is allowed to connect.
(It can do this, of course, because the VPN configuration file ... on Host, actually ... pushes the necessary route commands to MyMac, routing these IP's through the tunnel.)
• If I telnet or ssh over to Host,
then I can ping VM at 192.1.2.3 and vice-versa.
I can see that VMWare has defined a route, on Host, to accomplish this.)
• So, I proceeded to add a
route to MyMac's OpenSSH configuration, restarted the tunnel, and confirmed that, indeed, 192.1.2.3 is now routed through the tunnel. However, when I attempted to ping 192.1.2.3 from MyMac, I got no response.
... and I really don't know why. Here's my rationale: tell me where I'm going wrong, or if I am, as I would think, at least "tantalizingly close" to success. Here's my notion of how the round trip should be going:
- On MyMac, I ping 192.1.2.3.
- The routing entry on MyMac routes the traffic through the tunnel.
- The traffic emerges from the tunnel, on Host, as having originated from the IP associated with the tunnel.
- The route command set up by VMWare should catch the packet and direct it to the VM.
- The VM should reply to the ping, as it does to a ping originated from Host.
- Static route definitions in the Internet router will catch any replies to the OpenVPN-tunnel address, as it does for any OpenVPN traffic, and successfully route the packet back through the OpenVPN tunnel to MyMac.
So ... where might it be going awry, and what should I do to diagnose the problem? I have "rootly" access to all machines, virtual and otherwise.