I have a VPN service (Norton) running on my host computer, set to be permanently on. I have also been running a VPN on my VM's (selectively), but after an experience today I think I am actually double-doing it. My guess is it is a "duh" moment, but can anyone clarify how VPN's on/off from host/VM play together?
Does 2 VPN's running make sense? Does one override the other? Might have a slow-down in connectivity speed on the VM since going through 2. Would love to hear folks experience, thoughts and any "it works this way" kind of feedback.
Using VPN's: Host and VM
-
- Site Moderator
- Posts: 20965
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Using VPN's: Host and VM
I think this may have to do with how the VM's network is connected. See Virtualbox Networks: In Pictures
The available Virtualbox network types that can get internet into a VM are Bridged, NAT, and NAT Network. NAT and NAT Network are fairly close brothers, they behave in the same way.
Bridged puts the VM out on the LAN separately from the host's network stack. This should make the VM have its own channel to the internet for a separate VPN to control, apart from any VPN working on the host. (Note that VPNs tend to rule with an iron hand, and the host VPN may be able to force control over even Bridged VMs. YMMV on this one.)
NAT & NAT Network go through the host's network stack, so it is quite likely that a host VPN will take control of the VM's traffic too, forcing the VM to only communicate through the VPN, or causing the VM to fail to authenticate with the VPN, depending on how the VPN is programmed to handle multiple OS's behind its portal.
So if you are on Bridged, and your VM can get to the full internet while the host is VPN'd, then the VM needs its own VPN connection to reach your host VPN's server.
If you cannot get full internet in the Bridged VM while the host VPN is connected, then the host VPN has full control even of the Bridged VM. I would expect a NAT or NAT Network VM to also be fully controlled by the host VPN.
(One thing to note, this is all theoretical: I have not run a VPN on my Virtualbox host to test this, and different VPNs may have different behaviors.)
The available Virtualbox network types that can get internet into a VM are Bridged, NAT, and NAT Network. NAT and NAT Network are fairly close brothers, they behave in the same way.
Bridged puts the VM out on the LAN separately from the host's network stack. This should make the VM have its own channel to the internet for a separate VPN to control, apart from any VPN working on the host. (Note that VPNs tend to rule with an iron hand, and the host VPN may be able to force control over even Bridged VMs. YMMV on this one.)
NAT & NAT Network go through the host's network stack, so it is quite likely that a host VPN will take control of the VM's traffic too, forcing the VM to only communicate through the VPN, or causing the VM to fail to authenticate with the VPN, depending on how the VPN is programmed to handle multiple OS's behind its portal.
So if you are on Bridged, and your VM can get to the full internet while the host is VPN'd, then the VM needs its own VPN connection to reach your host VPN's server.
If you cannot get full internet in the Bridged VM while the host VPN is connected, then the host VPN has full control even of the Bridged VM. I would expect a NAT or NAT Network VM to also be fully controlled by the host VPN.
(One thing to note, this is all theoretical: I have not run a VPN on my Virtualbox host to test this, and different VPNs may have different behaviors.)
Re: Using VPN's: Host and VM
Thanks for that detailed response, I have a lot to digest and some things to check now, so much appreciated.
One interesting point is that between writing the original post and now I have changed VPN providers, so will need to re-validate my original statements, although would think (but will see) that experience should be roughly the same. Small nuance, though, is that my new VPN (Norton) has some restrictions my prior (NordVPN) did not, so homework to do.
One interesting point is that between writing the original post and now I have changed VPN providers, so will need to re-validate my original statements, although would think (but will see) that experience should be roughly the same. Small nuance, though, is that my new VPN (Norton) has some restrictions my prior (NordVPN) did not, so homework to do.