OpenVPN in a guest machine

Hi all,

On my host I have OpenVPN running and can connect to my work's office no problem.  I setup a guest Server 2008 machine in Virtual Box and have tried to connect using the TAP interface bridged, and have tried my physical interface connecting through OpenVPN in the guest.  Seems to connect with the latter, but am unable to access work resources.

Can someone assist me with getting my guest OS to conenct?
Who is Participating?
cwalter9Connect With a Mentor Commented:
If you only get 1 IP address from work and it seems to be a static address then you won't be able to have both tunnels up at the same time but you seem to be not doing that.

You will need to setup NAT on your host to NAT your 2008 server on Virtual Box.

When in scenario 2 make sure your host doesn't have a firewall that is blocking your guest 2008 machines traffic to work.
Can you provide your routing table. This at first sounds like your missing a route somewhere and the other machines are not finding your host.Are you behind any NAT also?
isz-expertAuthor Commented:
I was natting at first from a Vyatta Router, but I plugged my laptop into my DDWRT Lynksis router, no nat.

 - XP
 - LAN 1
  - IP 192.168.1.XXX
  - Gateway .1.1
 - LAN 2 (TAP)
  - IP 10.0.XXX.YYY
  - Gateway
 - LAN 3 (VirtualBox)
  - Gateway

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

isz-expertAuthor Commented:
Host Table

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\tworden.GT-CVILLE>netstat -rn
Route Table
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x4 ...00 19 d2 d0 52 39 ...... Intel(R) PRO/Wireless 3945ABG Network Connection
 - Packet Scheduler Miniport
0x5 ...00 16 41 e6 db be ...... Intel(R) PRO/1000 PL Network Connection - Packet
 Scheduler Miniport
0x6 ...00 ff ef a2 89 d4 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport
0x7 ...08 00 27 00 14 33 ...... VirtualBox Host-Only Ethernet Adapter - Packet S
cheduler Miniport
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
       20       1       1       30       30       30       1       30       20       20       20       20       20       20       20       20       20       20       20       20       30       20       20       20       20       1       1       1               4       1       1       1
Default Gateway:
Persistent Routes:
C:\Documents and Settings\tworden.GT-CVILLE>

Open in new window

isz-expertAuthor Commented:
That is with OpenVpn connected on the host.
From your 2008 box can you do a traceroute to one of your work systems and also would be helpful to see a trace coming from work back. It seems like work doesn't know to route properly.

What is using as it's default gateway?
Can you only access work from the one system running OpenVPN or from other systems on your LAN also?

The reason I ask is that if work is not routing any of the 192.x.x.x addresses to your 10.x.x.x address you get from OpenVPN then the server will not be able to talk to work via the Host system.

Do you get a static address on your OpenVPN connection to work?
isz-expertAuthor Commented:
Scenario 1:
With my virtualbox 2008 guest machine set to bridged networking to the TAP interface, I start up the virtual machine and see my ipconfig  This shows that I am not connected to the internet.  I would think that the guest would bridge to the VPN connection on my XP host.

Scenario 2:
With my virtualbox 2008 guest machine set to bridged networking to the Inte Pro/1000 interface on my laptop, I start up the virtual machine and see my ipconfig connects to the internet and has an IP of  I installed OpenVPN in the guest thinking that in bridged mode, I should appear like any other machine on this subnet.  When I connect OpenVPN, it says connected (green icon) gives me an IP of, but I can't access any work services, like sql server, etc.  I have also attempted to change the binding order as described here:;en-us;311218

Running tracert results in eventual timeouts.

Scenario 3
This is where I set VirtualBox's network adapter to NAT mode.  Here I get an IP of and a Gateway of  When I connect OpenVPN in the guest, again I connect with the IP, but can't access any work resources.

These last two scenarios I make sure that the host OpenVPN connection is off.

And, just to be clear, I am able to connect and access resources with my host's vpn connection, I just want to be able to get my virtual machine to as well.

isz-expertAuthor Commented:
Nice... that did the trick!

I went to the host virtual interface for OpenVpn, which is called "Tap-Win32 Adapter V8" aka "Local Area Connection 2", right-click > Properties.  Select the Advanced tab, check Allow other network user to connect though this computer's internet connection (Internet Connection Sharing area).  Then in the drop down box, I selected the VirtualBox Host-Only Network.

With this configuration I started OpenVPN on the host, started my virtual machine and was able to access work resources.

Seems like ICS is pretty much the same thing as NAT?  If there is a way to configure NAT specifically in XP, or if you know of a tutorial that would be good to go from, please send my way.

Thanks for the help!!

Nope in XP iCS does the job of NATing the IP addresses so the resources behind that machine or inside that machines VM can talk to outside resources but look like the host.
isz-expertAuthor Commented:
I see... sounds like a masquerade, which I've configured on my Vyatta router, but systems approach things differently.  There appeared to be another 'Advanced' button that provided a pop-up of selectable services, ie DHCP, HTTPS, etc. I imagine I could open up such services from the guest.  But It's a dev machine so it shouldn't be sharing anything.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.