It started out simple enough – install MikroTik RouterOS as a guest OS on ESXi and make the virtual router a VPN endpoint for a site to site VPN.

Here is my setup.  On the left is an MikroTik RB2011 and on the right is a virtual instance of MikroTik RouterOS.

MikroTik Virtual RouterOS

As you can see I have an EOIP tunnel between the two routers and I am bridging the Ethernet interface on the LAN to the EOIP tunnel. This yields a Layer 2 connection between the two LANs and accomplishes my goal. Or does it?  Things were acting strange and I could not ping across the tunnel any time I bridged the Ether to the EOIP on the ESX side. No bridge, no problems. With a bridge, no pings.

I was Skyping my friend Tom Smyth in Ireland about an unrelated subject and threatening to pull my hair out when he said “have you tried the 3 security questions on ESXi networking?  No, I replied”.  So, I tried it and the problem was solved. Now everything worked.  Apparently, ESX doesn’t like it’s virtual router interfaces being bridged.  Here are the settings that fixed it.

MikroTik RouterOS-ESX3 MikroTik RouterOS-ESX2 MikroTik RouterOS ESX1

I could care less about the why, nor do I plan to figure it out. It works, and that’s all I care about.