sslvpn full tunnelling fails to connect when installed on VMWare

  • 7003457
  • 05-Jun-2009
  • 26-Apr-2012


Novell Access Manager 3.1 Support Pack 1 SSLVPN Server
Full tunneling mode enabled
OpenVPN client setup on workstation with VMWare installed
OvenVPN server running on VMWare guest OS


ESP enabled sslvpn server installed on a vmware SLES 10 guest machine. This guest host also includes the Admin Console and Identity Server components.

IN parallel, a workstation setup exists where we have physical network connectivity to the Internet, and all Access Manager setup is on a host-only network on a vmware interface.

When full tunneling is enabled for the sslvpn server, the exception host route is added at the client (to allow keepalive packets to get to tomcat) results in keepalive packets being directed to the workstation's default route (to the Internet).

As a result, keepalive packets do not reach the gateway. Furthermore, the open vpn connection itself does not reach the gateway as that is also directed to the Internet rather than local vmware host-only network.


Add a virtual address to the sslvpn gateway. e.g. it's primary address is Add Disconnect physical network so there is no default gateway to the Internet. Manually add a default route e.g. "route add mask metric 5"

Now when the extra route is added to allow keepalives t propagate, the route results in traffic destined for (i.e. keepalive and openvpn traffic) to be sent via the virtual address on the gateway (.141).