Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to share Guest VM's VPN Connection with Host

I've found it impossible to find an answer to this amidst the legion of How Tos explaining how to share your wireless connection or how to share a Host's VPN with a Guest.

I have a Guest Windows 10 VM (using VirtualBox) which I set up with a Bridged Connection via the Host (also Windows 10). I used Bridged because I need the host to be able to access the Guest and the Guest to also be able to access the outside world. I have installed VPN software on the Guest which works and enables me to access my company's network from that Guest. Installing the VPN software on the Host is not an option. I am attempting to share the Guest VM's network connection with the Host. Ultimately I want other VMs on the same Host to be able to connect via the Guest's VPN connection. But so far, I'm just trying to get the Host to use it on the basis that the rest should be straight-forward after that.

On the Guest, I see Ethernet 1 which is the network adaptor I configured for it in VirtualBox. I also see Ethernet 2 which is the adaptor the VPN software created when it ran. I tried sharing Ethernet 1 and 2 but that seems to end the VPN connection. I created a second Ethernet adaptor for the Guest in VirualBox. I've tried both Sharing that connection and creating a Bridge between it and Ethernet 1 and 2 (I tried both). None of this seems to have worked and I'm not sure how to progress. Ethernet 3 is currently a Host Only network adaptor as I think that should be all I need.

How can I use the Guest's VPN from the Host and other VMs?

like image 803
JaneDoe Avatar asked Dec 01 '18 17:12

JaneDoe


People also ask

How do I share a host VPN connection with VM instances in Hyper V?

Right-click your VPN connection, select Properties, select the Sharing tab, enable sharing and select your Internal switch: The only thing still missing is to set your VM to use the Internal switch in its VM settings: That's it.

Can virtual machine connect to VPN?

1 Answer. As long as your subnet where the VPN Gateway has been configured and your Subnet(s) where your are VM are located are in the same VNet, it should work.

Does VMWare work with VPN?

VMWare View and OpenVPN SoftwareProvides secure VPN solution based on SSL. Preserves the real-time characteristics of PCoIP. Easy to configure and operate.


1 Answers

I went through k010mb0's steps with a lot of trial and error, and finally I got my windows-only VPN to work on a virtualbox guest Windows 10 and also access it from my Linux (Ubuntu) host machine.

I will only try to elaborate a little bit further. I assume you have already installed virtualbox on your Linux host, you have created a guest virtual machine and you have installed Windows 10 on it.

1. Setup a NAT network adapter for your virtualbox guest Windows

This is required so that your Windows guest virtual machine has access to the internet. In order to do that, you open virtualbox with your guest virtual machine in stoped state, you click on your Windows virtual machine, click the settings button and then navigate to "Network" from the list on your left. Then you'll need to configure something like this:

enter image description here

The reason you see the options grayed out here is because I'm currently running my virtualbox, but, as mentioned earlier, you should do this with your VM stopped.

2. Setup a host-only network on your host machine

This step is host-specific, not guest-specific. This is why you create this network from the global settings menu of virtualbox and not a guest's settings (guest will be configured later).

Go to your virtualbox manager window, click File -> Host Network Manager... Ctrl+H. You'll probably get a screen with an empty list of networks and some buttons among which there's a Create button. Click it and you'll get your first network:

enter image description here

Note that apart from the IP settings, which you can leave as is, there's also a tab for configuring DHCP on this new network. This DHCP is for assigning IPs of the new network's subnet on the guest virtual machines. You can leave the default settings there as we're going to set network settings manually on the guest OS anyway.

3. Enable the host-only network on your guest virtual machine

Now that we have a new network interface on our host machine (Linux), we can go back to the guest virtual machine, again in stopped state, and add a new network adapter, this time pointing to our newly created host-only network.

From the virtualbox manager, select your guest machine, click Settings again, go to Network and switch to Adapter 2 (or 3 or anything other than the first adapter which we configured earlier):

enter image description here

4. Start your guest virtual machine

Now we can start up our Windows 10 guest virtual machine and verify that there are two network adapters configured, by going to the Network & Internet settings:

enter image description here

In my case, the NAT network (adapter 1) appears as Ethernet (first network on the screenshot) and the host-only network (adapter 3) appears as Ethernet 4. Don't mind the numbering, just make sure you remember which Windows network corresponds to which network adapter we've setup from our virtualbox console.

5. Connect to your company's VPN from Windows

This step is completely custom to your needs. Just download any clients, certificates, credentials, etc. provided by your IT administrator and connect your Windows machine to your VPN.

After successfully connecting to your VPN, you will get a new network connection on your Windows settings panel. Go to Network & Internet Settings, then click Network and Sharing Center. You'll see something like this:

enter image description here

In my case, I had two adapters, Ethernet and Ethernet 4. Now that I connected to my VPN, I also got Ethernet 3. You can always click on the network, then Details and see from the IP configuration which connection is which.

6. Share your VPN connection with the host-only network

Still on our Windows guest virtual machine, we now need to share our VPN connection (Ethernet 3 in my case) with the host-only adapter (Ethernet 4 in my case). For that, click on Ethernet 3 connection from Network and Sharing Center (see previous step), go to Properties and then hit the Sharing tab:

enter image description here

Click on Allow other network users to connect... and then select your host-only connection. In my case, that's Ethernet 4. As soon as you do it, you'll get the following warning:

enter image description here

This effectively says that our Ethernet 4 IP settings will be messed up, but that's ok, we'll fix this right afterwards. Click Yes here.

7. Fix host-only IP settings

As mentioned in the previous step, Windows sets an arbitrary IP address to our host only interface: 192.168.137.1. However, on our host's side (Linux), we have configured a 192.168.56.xxx network. If we leave these settings, Linux and Windows won't be able to communicate.

Let's go Ethernet 4 from the Internet & Network Center, click Properties, then Internet Protocol Version 4 (TCP/IPv4), then Properties:

enter image description here

You see this 192.168.137.1 IP there? Change it to 192.168.56.2.

8. Try to ping your Windows guest from your Linux host

Let's go back to our Linux host machine and see if networking is properly setup between the two machines. Open up a terminal and type ping 192.168.56.2. We should get something like this back:

$ ping 192.168.56.2
PING 192.168.56.2 (192.168.56.2) 56(84) bytes of data.
64 bytes from 192.168.56.2: icmp_seq=1 ttl=128 time=0.282 ms
64 bytes from 192.168.56.2: icmp_seq=2 ttl=128 time=0.181 ms
64 bytes from 192.168.56.2: icmp_seq=3 ttl=128 time=0.506 ms
64 bytes from 192.168.56.2: icmp_seq=4 ttl=128 time=0.262 ms
^C
--- 192.168.56.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3067ms
rtt min/avg/max/mdev = 0.181/0.307/0.506/0.120 ms

If you don't get a ping response, you need to repeat some of the previous steps.

9. Try to ping a VPN machine from your Linux box

Now pick an IP that is only accessible from your VPN and let's try to ping it. Usually the IP of your VPN's nameserver will respond to ping.

First try to ping this IP from your Windows box. Let's say the protected IP is 10.0.0.1:

C:\Users\XXX>ping 10.0.0.1

Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=76ms TTL=57
Reply from 10.0.0.1: bytes=32 time=76ms TTL=57

Ping statistics for 10.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 76ms, Maximum = 76ms, Average = 76ms
Control-C
^C

Now that we have verified our VPN connection is up and running on Windows, and that 10.0.0.1 is pingable, let's go back to Linux.

The first thing you'll need to do is add a route so that 10.0.0.1 goes through our host-only network, and not your standard ethernet/wifi adapter:

ip route add 10.0.0.1/32 via 192.168.56.2

There are a few things to note here:

  1. We've used the Windows IP 192.168.56.2 in via. Not the Linux IP 192.168.56.1
  2. In this particular example has a netmask of 32. Other routes you might add later won't necessarily have the same netmask.

Now that you have added the route, you can try to ping your VPN protected machine from Linux:

ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=56 time=78.2 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=56 time=79.3 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=56 time=77.1 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=56 time=77.0 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 76.985/77.896/79.320/0.937 ms

If you see a ping response similar to the above, you can prepare for celebrations. But first make sure you've configured some final stuff first.

10. Setup your VPN's DNS servers on your Linux host

The fact that you have connectivity to your VPN is great news, but that doesn't make everything functional. You'll soon try to open a VPN site on your Linux browser and realize the host name cannot be resolved to an IP. For example if you try to hit someservice.internal.mycompany.com, you'll get a DNS resolution error.

In order to fix that, you'll need to go your VPN connection in the Windows box, open up the Details tab and copy the DNS servers you see there. Then you'll have to go to your Linux box and add those two servers. One way to do it is by adding a nameserver entry for each dns server in your /etc/resolv.conf, but other ways are available.

11. Setup your VPN's routes on your Linux host

Having DNS servers in place allows you to resolve internal VPN domain names to IPs. The last thing left is to tell your Linux box that in order to reach those IPs, it will need to go through the 192.168.56.2 gateway, as we did earlier for our test.

You can print a list of all your VPN's routes on Windows by typing route PRINT.

Then you can use that information to add the same routes (or any subset you need) to your Linux box.

like image 97
Kostas Filios Avatar answered Nov 01 '22 13:11

Kostas Filios