Bridged Adapter not working for SSL Certs to connect to Mosquitto broker

[Jordan P]

Hello everyone, I am new to both Virtual Box and using SSL certificates. I currently have an Ubuntu VM running on my MBP and have it set up for the Bridged Network through my Airport channel (en0). I have full internet access on my guest and am able to ping my host without issue.

However, when I try to confirm the SSL certs with the Mosquitto IP, I get "Error: no route to host." I tried just pinging them as well and got the error "Destination Host Unreachable."
Also when trying to run mosquitto, after getting notifications that the listeners are set up, it just stops responding.

I know my certs are fine so Im fairly sure the issue is with the networking setup

As far as I can tell, my guest is unable to connect with any IP outside my network.

Any suggestions?
Let me know if you want to see any photos.

[socratis]

when I try to confirm the SSL certs with the Mosquitto IP

What's a "Mosquito IP", and where do I get one?

I get "Error: no route to host."

You need to provide configurations and IPs. Full details, such as the output of:

• ifconfig -a

from both the host and the guest. And the IP that you're trying to ping.

I know my certs are fine so Im fairly sure the issue is with the networking setup

That's yet to be determined. It may be your networking setup, but that doesn't make it a VirtualBox problem necessarily.

[Jordan P]

The Mosquitto ip is just the ip I am connecting to for my Mosquitto broker (192.168.0.145). This is the one i tried to ping that failed

Code: Select all

ping 192.168.0.145
PING 192.168.0.145 (192.168.0.145) 56(84) bytes of data.
From 192.168.0.104 icmp_seq=1 Destination Host Unreachable
From 192.168.0.104 icmp_seq=2 Destination Host Unreachable

Here is my ifconfig -a,

Code: Select all

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.104  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::446f:ce3a:13d1:7c2e  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:23:b9:3b  txqueuelen 1000  (Ethernet)
        RX packets 1097  bytes 321903 (321.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 734  bytes 91823 (91.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 501  bytes 42578 (42.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 501  bytes 42578 (42.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

My host ip is 192.168.0.103, if I ping that, there are no issues.
As far as verifying my certs goes, he is the input and output from that

Code: Select all

mosquitto_pub --cafile ~/SERV_SSL_PATH/ca.crt -h 192.168.0.145 -t "test" -m "message" -p 8883 -d  --cert ~/SERV_SSL_PATH/client/client.crt --key ~/SERV_SSL_PATH/client/client.key | ts
Error: No route to host

[socratis]

I wanted the host's "ifconfig" output as well, please post it. Can you ping that "Mosquitto" (whatever that is) from your host? Oh, and I'm going to need the output of:

• netstat -nr

from both host and guest.

[Jordan P]

For the host ifconfig

Code: Select all

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether ac:bc:32:c3:39:65 
	inet6 fe80::aebc:32ff:fec3:3965%en0 prefixlen 64 scopeid 0x4 
	inet 192.168.0.103 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 4a:00:04:20:67:f0 
	media: autoselect <full-duplex>
	status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 4a:00:04:20:67:f1 
	media: autoselect <full-duplex>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 0e:bc:32:c3:39:65 
	media: autoselect
	status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	ether 4a:bc:5b:70:01:35 
	inet6 fe80::48bc:5bff:fe70:135%awdl0 prefixlen 64 scopeid 0x8 
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether ae:bc:32:3c:f6:00 
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en1 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 5 priority 0 path cost 0
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 6 priority 0 path cost 0
	nd6 options=1<PERFORMNUD>
	media: <unknown type>
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	inet6 fe80::d8ab:8e36:2246:6f03%utun0 prefixlen 64 scopeid 0xa 
	nd6 options=1<PERFORMNUD>
vboxnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:00 
	inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255

Guest netstat

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.254   0.0.0.0         UG        0 0          0 enp0s3
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 enp0s3
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s3

host netstat

Code: Select all

Routing tables
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.0.254      UGSc          757        0     en0
127                127.0.0.1          UCS             2      150     lo0
127.0.0.1          127.0.0.1          UH              3   149185     lo0
127.0.0.222        127.0.0.1          UHWIi           1        4     lo0
169.254            link#4             UCS             1        0     en0
192.168.0          link#4             UCS             9        0     en0
192.168.0.101      link#4             UHLWIi          1       12     en0
192.168.0.102      link#4             UHLWIi          1        8     en0
192.168.0.103/32   link#4             UCS             2        0     en0
192.168.0.103      ac:bc:32:c3:39:65  UHLWIi          1       22     lo0
192.168.0.104      8:0:27:23:b9:3b    UHLWIi          1       23     en0   1005
192.168.0.105      link#4             UHLWIi          2        0     en0
192.168.0.106      link#4             UHLWIi          1        0     en0
192.168.0.107      34:12:98:ee:8c:be  UHLWIi          1        0     en0    406
192.168.0.145      link#4             UHLWIi          1       31     en0
192.168.0.254/32   link#4             UCS             2        0     en0
192.168.0.254      98:de:d0:87:d0:42  UHLWIir       758     2290     en0   1085
192.168.0.255      link#4             UHLWbI          1      390     en0
192.168.56         link#12            UC              3        0 vboxnet
192.168.56.255     link#12            UHLWbI          1      390 vboxnet
224.0.0            link#4             UmCS            2        0     en0
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          1        0     en0
255.255.255.255/32 link#4             UCS             2        0     en0
255.255.255.255    link#4             UHLWbI          1        3     en0

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     ::1                             UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::aebc:32ff:fec3:3965%en0           ac:bc:32:c3:39:65               UHLI            lo0
fe80::%awdl0/64                         link#8                          UCI           awdl0
fe80::48bc:5bff:fe70:135%awdl0          4a:bc:5b:70:1:35                UHLI            lo0
fe80::%utun0/64                         fe80::d8ab:8e36:2246:6f03%utun0 UcI           utun0
fe80::d8ab:8e36:2246:6f03%utun0         link#10                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%awdl0/32                         link#8                          UmCI          awdl0
ff01::%utun0/32                         fe80::d8ab:8e36:2246:6f03%utun0 UmCI          utun0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%awdl0/32                         link#8                          UmCI          awdl0
ff02::%utun0/32                         fe80::d8ab:8e36:2246:6f03%utun0 UmCI          utun0

Actually I had not tried pinging from my host, I tried and it looks like I cannot reach it from there either. If you see anything wrong with my network info here, please let me know. I'm going to look into some other possible sources of error. Really appreciate the this help

[socratis]

You host and your guest seem to both be on the same IP range: 192.168.0.nnn with an IP of 192.168.0.254 (a little bit unusual, but not unheard of). That means that your guest is set to "Bridged" mode, correct? That would make your guest a peer in your network.

• Can you ping your host from your guest and vice versa?
• Can you "ping 192.168.0.254", "ping 1.1.1.1", "ping download.virtualbox.org" from host and guest?