• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2145
  • Last Modified:

OpenVPN in a guest machine

Hi all,

On my host I have OpenVPN running and can connect to my work's office no problem.  I setup a guest Server 2008 machine in Virtual Box and have tried to connect using the TAP interface bridged, and have tried my physical interface connecting through OpenVPN in the guest.  Seems to connect with the latter, but am unable to access work resources.

Can someone assist me with getting my guest OS to conenct?
0
isz-expert
Asked:
isz-expert
  • 6
  • 4
1 Solution
 
cwalter9Commented:
Can you provide your routing table. This at first sounds like your missing a route somewhere and the other machines are not finding your host.Are you behind any NAT also?
0
 
isz-expertAuthor Commented:
I was natting at first from a Vyatta Router, but I plugged my laptop into my DDWRT Lynksis router, no nat.

Host
 - XP
 - LAN 1
  - IP 192.168.1.XXX
  - Gateway .1.1
 - LAN 2 (TAP)
  - IP 10.0.XXX.YYY
  - Gateway
 - LAN 3 (VirtualBox)
  - 192.168.56.1
  - Gateway

 
0
 
isz-expertAuthor Commented:
Host Table

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
 
C:\Documents and Settings\tworden.GT-CVILLE>netstat -rn
 
Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 19 d2 d0 52 39 ...... Intel(R) PRO/Wireless 3945ABG Network Connection
 - Packet Scheduler Miniport
0x5 ...00 16 41 e6 db be ...... Intel(R) PRO/1000 PL Network Connection - Packet
 Scheduler Miniport
0x6 ...00 ff ef a2 89 d4 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport
 
0x7 ...08 00 27 00 14 33 ...... VirtualBox Host-Only Ethernet Adapter - Packet S
cheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.218       20
         10.7.0.0    255.255.255.0        10.8.0.57       10.8.0.58       1
         10.8.0.1  255.255.255.255        10.8.0.57       10.8.0.58       1
        10.8.0.56  255.255.255.252        10.8.0.58       10.8.0.58       30
        10.8.0.58  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255        10.8.0.58       10.8.0.58       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0     192.168.56.1    192.168.56.1       30
      192.168.1.0    255.255.255.0    192.168.1.218   192.168.1.218       20
    192.168.1.218  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.218   192.168.1.218       20
     192.168.25.0    255.255.255.0     192.168.25.1    192.168.25.1       20
     192.168.25.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.25.255  255.255.255.255     192.168.25.1    192.168.25.1       20
     192.168.56.0    255.255.255.0     192.168.56.1    192.168.56.1       20
     192.168.56.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.56.255  255.255.255.255     192.168.56.1    192.168.56.1       20
    192.168.126.0    255.255.255.0    192.168.126.1   192.168.126.1       20
    192.168.126.1  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.126.255  255.255.255.255    192.168.126.1   192.168.126.1       20
        224.0.0.0        240.0.0.0        10.8.0.58       10.8.0.58       30
        224.0.0.0        240.0.0.0    192.168.1.218   192.168.1.218       20
        224.0.0.0        240.0.0.0     192.168.25.1    192.168.25.1       20
        224.0.0.0        240.0.0.0     192.168.56.1    192.168.56.1       20
        224.0.0.0        240.0.0.0    192.168.126.1   192.168.126.1       20
  255.255.255.255  255.255.255.255        10.8.0.58       10.8.0.58       1
  255.255.255.255  255.255.255.255    192.168.1.218   192.168.1.218       1
  255.255.255.255  255.255.255.255     192.168.25.1    192.168.25.1       1
  255.255.255.255  255.255.255.255     192.168.56.1               4       1
  255.255.255.255  255.255.255.255     192.168.56.1    192.168.56.1       1
  255.255.255.255  255.255.255.255    192.168.126.1   192.168.126.1       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
C:\Documents and Settings\tworden.GT-CVILLE>

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
isz-expertAuthor Commented:
That is with OpenVpn connected on the host.
0
 
cwalter9Commented:
From your 2008 box can you do a traceroute to one of your work systems and also would be helpful to see a trace coming from work back. It seems like work doesn't know to route 192.168.56.1 properly.

What is 192.168.56.1 using as it's default gateway?
Can you only access work from the one system running OpenVPN or from other systems on your LAN also?

The reason I ask is that if work is not routing any of the 192.x.x.x addresses to your 10.x.x.x address you get from OpenVPN then the server will not be able to talk to work via the Host system.

Do you get a static address on your OpenVPN connection to work?
0
 
isz-expertAuthor Commented:
Scenario 1:
With my virtualbox 2008 guest machine set to bridged networking to the TAP interface, I start up the virtual machine and see my ipconfig 169.254.247.238.  This shows that I am not connected to the internet.  I would think that the guest would bridge to the VPN connection on my XP host.

Scenario 2:
With my virtualbox 2008 guest machine set to bridged networking to the Inte Pro/1000 interface on my laptop, I start up the virtual machine and see my ipconfig connects to the internet and has an IP of 192.168.1.208.  I installed OpenVPN in the guest thinking that in bridged mode, I should appear like any other machine on this subnet.  When I connect OpenVPN, it says connected (green icon) gives me an IP of 10.8.0.58, but I can't access any work services, like sql server, etc.  I have also attempted to change the binding order as described here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;311218

Running tracert vpn.myworkplace.com results in eventual timeouts.

Scenario 3
This is where I set VirtualBox's network adapter to NAT mode.  Here I get an IP of 10.0.2.15 and a Gateway of 10.0.2.2.  When I connect OpenVPN in the guest, again I connect with the 10.8.0.58 IP, but can't access any work resources.

These last two scenarios I make sure that the host OpenVPN connection is off.

And, just to be clear, I am able to connect and access resources with my host's vpn connection, I just want to be able to get my virtual machine to as well.


0
 
cwalter9Commented:
If you only get 1 IP address from work and it seems to be a static address then you won't be able to have both tunnels up at the same time but you seem to be not doing that.

You will need to setup NAT on your host to NAT your 2008 server on Virtual Box.

When in scenario 2 make sure your host doesn't have a firewall that is blocking your guest 2008 machines traffic to work.
0
 
isz-expertAuthor Commented:
Nice... that did the trick!

I went to the host virtual interface for OpenVpn, which is called "Tap-Win32 Adapter V8" aka "Local Area Connection 2", right-click > Properties.  Select the Advanced tab, check Allow other network user to connect though this computer's internet connection (Internet Connection Sharing area).  Then in the drop down box, I selected the VirtualBox Host-Only Network.

With this configuration I started OpenVPN on the host, started my virtual machine and was able to access work resources.

Seems like ICS is pretty much the same thing as NAT?  If there is a way to configure NAT specifically in XP, or if you know of a tutorial that would be good to go from, please send my way.

Thanks for the help!!

0
 
cwalter9Commented:
Nope in XP iCS does the job of NATing the IP addresses so the resources behind that machine or inside that machines VM can talk to outside resources but look like the host.
0
 
isz-expertAuthor Commented:
I see... sounds like a masquerade, which I've configured on my Vyatta router, but systems approach things differently.  There appeared to be another 'Advanced' button that provided a pop-up of selectable services, ie DHCP, HTTPS, etc. I imagine I could open up such services from the guest.  But It's a dev machine so it shouldn't be sharing anything.

Thanks!
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now