Help: VPN VM-Gateway for other Virtualbox VMs to use

[SkyNett100]

Im trying to use a VM as an OpenVPN gateway for other VM's to pass through.

vpnVM (antiX-17.4_x64-net.iso) is setup with 2 network adapters:

• adapter 1 = NAT (eth0)
  adapter 2 = Internal Network (eth1)

vpnVM can access internet

workstationVM (MXLinux 18.1_x64) (that i want to route through vpnVM) has 1 network adapter:

• adapter 1 = Internal Network (eth0)

no internet & cant even ping vpnVM
Initially neither vpnVM (eth1) or workstationVM (eth0) had an ipv4 address.
I assigned ip to vpnVM using

Code: Select all

sudo ip addr add 192.168.3.1/32 dev eth1

I assigned ip to workstationVM using

Code: Select all

sudo ip addr add 192.168.3.2/32 dev eth0

vpnVM can ping 192.168.3.2 (time seems unusally high tho 26ms)
but workstationVM can NOT ping 192.168.3.1

What am i doing wrong ????

Using Virtualbox 6.0.4
At this stage both ufw are disabled
& vpnVM is not currently running OpenVPN (to eliminate cause of problem)
Once i have both VMs communicating (can ping each other now)
Still no internet for workstationVM routing via vpnVM.
I will then try turn on OpenVPN and see if it routes through VPN properly.

[SkyNett100]

Ok i've fixed half the problem.

by editing /etc/network/interfaces
I was able to assign static IP's

Code: Select all

iface eth1 inet static
address 192.168.3.x
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255

So now vpnVM & workstationVM can ping each other

The problem im currently stuck on is workstationVM still cant access the internet.
This has something to do with routing tables,
but i need some help

[socratis]

None of the questions you had were VirtualBox problems, but OpenVPN problems. I don't know about routing tables too much to help you unfortunately, but I would suggest that you take a look at OpenVPN's forums.

Just because an OS/program that runs in the context of VirtualBox has a problem, it doesn't make it a VirtualBox problem necessarily. You're having an issue that has most probably nothing to do with VirtualBox, so my suggestion would be to treat it as such, as a native problem with the OS or the application of the guest.

[SkyNett100]

the problem you're having an issue that has most probably nothing to do with VirtualBox

I disagree.
This is UNIQUE to virtual box (virtual machines).
I mentioned i have the VPN OFF at this stage.

The problem im having is essentially setting up a network between VMs
I now have the VMs pinging each other over the "internal network"
But i cant get the workstationVM to access the internet via vpnVM's NAT adapter.

Once i have this stage working, then i will be enabling the VPN, at which stage your correct, that would be an issue for the OpenVPN forum.

[andyp73]

I now have the VMs pinging each other over the "internal network"
But i cant get the workstationVM to access the internet via vpnVM's NAT.

That still isn't a VirtualBox problem per se. It is down to the networking configuration in the vpnVM guest to get it to correctly route packets between the two network interfaces.

-Andy.

[socratis]

This is UNIQUE to virtual box (virtual machines).

No, this is not a virtual machine problem. You would have the exact same problem in the following setup:

+-------+                 +-------+             +-----------
|  PC1  | NIC1 <-> NIC2-1 |  PC2  | NIC2-2 ---> |  Internet
+-------+                 +-------+             +-----------

Replacing "PC" with "VM" does not make it instantly a VirtualBox problem, that's all I'm saying, that you got to separate the virtual from the concept, which can also apply to reality.

[SkyNett100]

Ok, i see now this problem could exist with physical machines.
Ive just never seen anyone network internet through another PC before...
I actually expected Virtualbox to automatically do all the NAT between the the adapters & internet.

Using VirtualBox, This is for discussing general topics about how to use VirtualBox.

this seems like a valid discussion of how to use virtualbox?
surely other virtual box users may benefit from a solution if they try configure this type of setup?

[BillG]

Lots of users already use a vm as a router to connect vms to the Internet. It is really no different from using a physical machine as a router. There are even pre-installed VM appliances which will do it for you. My favorite is pfSense.

https://en.wikipedia.org/wiki/List_of_r ... tributions

Your basic config is OK (except the netmask should be 24. A 32-bit mask is all ones), although I fail to see why the router VM has a NAT setting for its "public" NIC. I would expect it to be bridged to your Internet connected device.

Just listing the IP and netmask of the NICs in not much help. The default gateway setting is the important one. The private NIC in the router vm should have no gateway. The only gateway on this device is on the public NIC. The gateway of the devices on the private LAN is the IP of the private NIC on the router vm. (The appliances mentioned above have built-in DHCP servers to do all of that for you.)

Internet
|
public NIC
Router VM
192.168.3.1 DG blank
|
192.168.3.2 DG 192.168.3.1
Workstation VM

[socratis]

I actually expected Virtualbox to automatically do all the NAT between the the adapters & internet.

Oh, but it does. On simple VMs, like the PC2 on my ASCII-art diagram above. But you don't want that, you want a far more sophisticated setup, which VirtualBox has no role, like what's going on between PC1's traffic after it has reached PC2.

this seems like a valid discussion of how to use virtualbox?

Well... not really. See if you can figure where VirtualBox's role stops in the example below:

• I want to do my taxes
  • Using a program like BrokerTurboQuickenTaxOnline
    • On a Windows VM modified installation by specific tools
      • Running VirtualBox on my host

BillG gave you a couple of pointers. Here are a couple more to search for:

• pfSense
• Whonix

[SkyNett100]

For anyone that finds this thread in the future, i got it working.
you can follow this video https://www.youtube.com/watch?v=LEgwowsmSPg

here is the commands

Code: Select all

sudo nano /etc/network/interfaces
	iface eth1 inet static
	address 192.168.3.10
	netmask 255.255.255.0
	network 192.168.3.0
	broadcast 192.168.3.255
	
sudo /etc/init.d/networking restart
sudo nano /etc/sysctl.conf
	(enable ipv4 stuff)
sudo iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -j MASQUERADE
su iptables-save > /etc/iptables
echo "up command iptables-restor < /etc/iptables" >> /etc/network/interfaces
sudo /etc/init.d/networking restart
rm -r /etc/resolve.conf
nano /etc/resolv.conf
	nameserver
	nameserver
chattr +i /etc/resolv.conf
reboot

There are even pre-installed VM appliances which will do it for you. My favorite is pfSense.

thanks, i will check this out even though i got mysetup working as their's is probably more polished.