I'm having problems too. I'm trying to connect to ESXi 4 with vSphere client over SSH tunnel. Forwarded 902, 903, 443 and it won't connect. I have forwarded ports to VM's on that box and I have no problems connecting to them.
When I open those ports in my NAT router I am able to connect.
Use OpenVPN or other VPN instead.
There are too much port to redirect, and also name resolution could be a problem with port forwarding in ssh tunnel.
Since it works when i open the ports in my NAT router, I should not have to forward more ports when SSH tunneling. I have used SSH tunneling without problems before when using the VI client.
Also, OpenVPN or other VPN's are simply not possible in this situation.
Also, unless I miss my guess, name resolution is a moot point here given that I connect to everything using IP.
I also ran into the same problem.
We have several ESXi 3.5s (standalone) behind a firewall in the private IP range, and everything works just fine when SSH-tunneling port 443 and 902 and connecting to localhost.
After upgrading VI client to vSphere I cannot anymore connect to the ESXi's with the upgraded client when usng SSH tunneling. In the error message it mentions the DNS reverse-resolved name of the workstation I'm running vSphere on.
I still can connect to a ESXi which has the 443 and 902 ports open (and NAT'ed). Of course when vSphere client is put on the same subnet as the ESXi's, everything works fine.
1 person found this helpful
I was able to get it to work by adding a line to the C:\WINDOWS\system32\drivers\etc\hosts file:
Hm, an interesting solution, especially given that one of the error messages pops up saying it can't connect to server "localhostname" (where localhostname is the DNS name of the local computer) even though I'm specifically pointing it at 127.0.0.1.
However, this didn't work for me. I assume that your "esxserver" name is actually the dns name of the far server?
Great, worked for me!
Port 902 though still seems to be required for data transfers (VM consoles, datastore etc)
Scratch that, it did work.
The caveat is that you have to connect using the actual DNS name of the server and NOT 127.0.0.1; this is why the "hosts" file works. It also allows you to connect to a vcenter server the same way, not just ESX.
My hosts file:
127.0.0.1 esx1 esx2 vcenter
That allows me to connect to any of them just by moving my tunnel destination around.
Of course, when on the local subnet, it's a good idea to remove or comment out the entries in hosts, otherwise it'll still fail.
You don't need to use a real DNS name.
The thing is that vShere client seems to treat 127.0.0.1 or localhost in a special way, but any other name resolved to 127.0.0.1 works
Instead of using 127.0.0.1 use 127.0.0.2 this way the
connection works without modifing hosts file etc.
The ssh command looks like this:
ssh -L 127.0.0.2:443:@<ssh_server
When using putty add: 127.0.0.2: to the source port.
When the ssh connection is established you can use 127.0.0.2 as the host to connect to using the vSphere client.
Message was edited by: rikske
Say I just tried this with ports 443, 901, and 902 forwarded and it didn't work. When I setup an entry in my hosts file as suggested it worked great with no other changes, not sure why ip doesn't work but hostname does.
Thanks much for the help!
Can't get it to work, even with the hosts change ...
Main problem seems to be that the new VIclient changes "localhost" or 127.0.0.1 to the regular local IP of your machine, thus not going through the tunnel (noticed that by the access shown by my firewall). Also, after changing to something else, like "tunnel", for the console it will still do a lookup based on the VM name, which again messes up the tunnel access ...
I guess I will have to resort to a regular VPN for the site I need access to, as neither the web-based console nor the VIclient seems to work ...
After some test the final solution who full worked for me is :
1) connect to ESXI server with putty with forwarded ports 443 and 902 (see putty ssh tunel procedure on the web) - note port 903 is not necessary.
2) open file C:\WINDOWS\system32\drivers\etc\hosts with text editor.
3) add a name that you want after "127.0.0.1 localhost" on same line and save the file
eg. 127.0.0.1 localhost localvsphere
4) With vSphere Client connect to your esxi server by use nameserve you add on hosts file (eg. "localvsphere")
that all !