So for clarification I am running a Lab within VMware behind OpenVPN, 1 NIC with direct internet access (WAN vswitch) and another NIC with a leg inside a LAN vswitch. (This obviously houses my VM's away from the public net and allows me to use larger subnets).
I was struggling with getting to my VM's inside the LAN when connected to OpenVPN, I could always ping the address assigned to the LAN NIC on the VPN server (192.168.100.1) but nothing else. After much troubleshooting and reading online I saw the option to enable traffic forwarding form sysctl, this however still didn't work. Finally after some more web browsing and frustration I found you need to enable promiscuous mode on the switch. I did this and hey presto it worked. Chuffed..
My questions are however, can someone explain what is really happening with promiscuous mode enabled once the packets (Frames?) hit the LAN NIC of the OVPN server? (In layman terms if possible network warriors). Were they just dropped before due to source address differences?
Would the configuration explained above be best way or best practice for this sort of LAN/LAB environment? Is it safe and secure to leave promiscuous mode enabled as such?
