It started out simple enough – install MikroTik RouterOS as a guest OS on ESXi and make the virtual router a VPN endpoint for a site to site VPN.
Here is my setup. On the left is an MikroTik RB2011 and on the right is a virtual instance of MikroTik RouterOS.
As you can see I have an EOIP tunnel between the two routers and I am bridging the Ethernet interface on the LAN to the EOIP tunnel. This yields a Layer 2 connection between the two LANs and accomplishes my goal. Or does it? Things were acting strange and I could not ping across the tunnel any time I bridged the Ether to the EOIP on the ESX side. No bridge, no problems. With a bridge, no pings.
I was Skyping my friend Tom Smyth in Ireland about an unrelated subject and threatening to pull my hair out when he said “have you tried the 3 security questions on ESXi networking? No, I replied”. So, I tried it and the problem was solved. Now everything worked. Apparently, ESX doesn’t like it’s virtual router interfaces being bridged. Here are the settings that fixed it.
I could care less about the why, nor do I plan to figure it out. It works, and that’s all I care about.