OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: DavidSte1 on March 31, 2021, 10:18:01 pm

Title: OPNSense on ESXi interfering with other VMs
Post by: DavidSte1 on March 31, 2021, 10:18:01 pm

I've got a strange problem.  I'm running OPN sense on a (standalone) ESXi 6.7 server with two nics. There are a bunch of other Linux VMs also running too.

I can ssh into the OPNSense server from my laptop and i can then ssh from there to the Linux VMs (e.g. keeping in the same virtual switch in ESX)

What I can't do is ssh from my laptop to the either the VMs or  to the host management port (also on the same vswitch as the linux VMs).  I also can't load the management web gui for the host on 443.

I can however ping the Linux VMs from my laptop and I can also get onto the desktop of the VMs using Teamviewer which is luckily installed. I can then ssh between the VMs ok.  I can also browse the web through OPNsense.

I did a packet capture on my laptop and I see acks coming back before getting a reset.

My first thought was IPS/IDS sending the reset packets as the Suricata plugin is installed but I've deactivated it and was only configured for the WAN interface anyway (which is a different vswitch in ESX).  If enable the plugin but stop the Suricata service it makes no difference.

I know it's OPNSense though because when I shut it down, everything suddenly bursts back into life and i have full connectivity.

Could Suricata somehow still be running in the background or is there any other service that might behave the same way (I don't have Sensei installed)

Cheers

Title: Re: OPNSense on ESXi interfering with other VMs
Post by: Nnyan on April 04, 2021, 07:24:37 am

Can't say what is going on with you but I have OPNsense running on ESXi 7 (but until about a week ago it was on 6.7) and I had/have no issues accessing my other Linux/BSD/Windows VM's via SSH.

Title: Re: OPNSense on ESXi interfering with other VMs
Post by: matthew.j.hill on May 02, 2021, 07:21:33 pm

I'm also running OPNsense under esxi, and have no issues.  I have multiple other VMs on that same host, and they all have connectivity to OPNsense, each other, my desktop/laptops, and the Internet.

What does your vswitch setup look like?  I have my management / VM traffic and external traffic segregated onto separate vswitches.  OPNsense is connected to both switches and routes between them, and everything seems fine.

Title: Re: OPNSense on ESXi interfering with other VMs
Post by: chrcoluk on May 03, 2021, 06:20:58 am

No issues here.