virtualbox.org

I come to you at the end of my tether, been at this all day haha. Recently setup a OpenVPN server on my Windows Server 2008 R2 box and a client on Windows 7 (Both x64) - it has been going swimmingly well.

However tonight, I decided to reformat an old PC laying around and give Virtual Box a go with a Linux distro - setup both Ubuntu Lucid and Fedora 13, everything's been going great. However, this all went down hill when it came time to setup OpenVPN on either of the Linux Guest OS's (Client) to connect to my W2K8 R2 (Server).

I installed OpenVPN from the distro's respected repo - and went ahead and followed a number of different guides around the net to ensure I haven't just screwed up a config setting here or there. I copied the appropriate .key, .crt's and my client.conf across.

Server Config:

local xxx.xxx.xxx.xxx
port 1194
proto udp
mssfix 1400
push "dhcp-option DNS xxx.xxx.xxx.xxx"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
dev tap
ca "ca.crt"
cert "Server.crt"
key "Server.key"
dh "dh1024.pem"
server 192.168.10.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 5
persist-key
persist-tun
status openvpn-status.log
verb 3

Client Config:

client
dev tap
proto udp
remote xxx.xxx.xxx.xxx 1194
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert ovpn_client1.crt
key ovpn_client1.key
ns-cert-type server
comp-lzo
pull
verb 3

Everything is connecting beautifully, I can ping the Server's internal and external IP, and the Server can ping the Client's internal IP. HOWEVER as soon as I try to access external traffic - aka the Internet in general - through Browsers/Pings/Traces I'm get nowhere. It cannot resolve; google.com, loading google within Mozilla is a no go etc

The weird thing is this works PERFECTLY under both my Windows machines (not using VirtualBox) - so this means the Server's NAT'ing is perfectly fine.

I'm thinking it might have something to do with my running how the networking (I have NAT selected FYI) is done in Virtual Box and the way it sets through my Windows 7 host.. I'm at a loss - any help would be GREATLY appreciated.

For good measure, he is my Client log (on Verb 3) -

Tue Jul 27 15:47:58 2010 OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 5 2010
Tue Jul 27 15:47:58 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jul 27 15:47:58 2010 WARNING: file 'ovpn_client1.key' is group or others accessible
Tue Jul 27 15:47:58 2010 LZO compression initialized
Tue Jul 27 15:47:58 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 27 15:47:58 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jul 27 15:47:58 2010 Local Options hash (VER=V4): 'd79ca330'
Tue Jul 27 15:47:58 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Jul 27 15:47:58 2010 Socket Buffers: R=[124928->131072] S=[124928->131072]
Tue Jul 27 15:47:58 2010 UDPv4 link local: [undef]
Tue Jul 27 15:47:58 2010 UDPv4 link remote: SERVER'S PRIVATE IP:1194
Tue Jul 27 15:47:58 2010 TLS: Initial packet from SERVER'S PRIVATE IP:1194, sid=5c66dca4 004f0ea2
Tue Jul 27 15:48:00 2010 VERIFY OK: depth=1, /C=DK/ST=NA/L=REMOVED/O=REMOVED/CN=REMOVED/emailAddress=REMOVED
Tue Jul 27 15:48:00 2010 VERIFY OK: nsCertType=SERVER
Tue Jul 27 15:48:00 2010 VERIFY OK: depth=0, /C=DK/ST=NA/O=REMOVED/CN=REMOVED/emailAddress=REMOVED
Tue Jul 27 15:48:04 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 27 15:48:04 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 27 15:48:04 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 27 15:48:04 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 27 15:48:04 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jul 27 15:48:04 2010 [Sensor-Server] Peer Connection Initiated with SERVER'S PRIVATE IP:1194
Tue Jul 27 15:48:06 2010 SENT CONTROL [Sensor-Server]: 'PUSH_REQUEST' (status=1)
Tue Jul 27 15:48:06 2010 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS SERVER'S DNS #1,dhcp-option DNS SERVER'S DNS #2,redirect-gateway def1,route-gateway 192.168.10.1,ping 10,ping-restart 120,ifconfig 192.168.10.4 255.255.255.128'
Tue Jul 27 15:48:06 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 27 15:48:06 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 27 15:48:06 2010 OPTIONS IMPORT: route options modified
Tue Jul 27 15:48:06 2010 OPTIONS IMPORT: route-related options modified
Tue Jul 27 15:48:06 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 27 15:48:06 2010 ROUTE default_gateway=10.0.2.2
Tue Jul 27 15:48:06 2010 TUN/TAP device tap0 opened
Tue Jul 27 15:48:06 2010 TUN/TAP TX queue length set to 100
Tue Jul 27 15:48:06 2010 /sbin/ip link set dev tap0 up mtu 1500
Tue Jul 27 15:48:07 2010 /sbin/ip addr add dev tap0 192.168.10.4/25 broadcast 192.168.10.127
Tue Jul 27 15:48:07 2010 /sbin/ip route add SERVER'S PRIVATE IP/32 via 10.0.2.2
Tue Jul 27 15:48:07 2010 /sbin/ip route add 0.0.0.0/1 via 192.168.10.1
Tue Jul 27 15:48:07 2010 /sbin/ip route add 128.0.0.0/1 via 192.168.10.1
Tue Jul 27 15:48:07 2010 Initialization Sequence Completed

and an ifconfig from the Client (Guest OS):

eth0 Link encap:Ethernet HWaddr 08:00:27:90:7F:B4
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00fe90:7fb4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9066 errors:0 dropped:0 overruns:0 frame:0
TX packets:4116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7775706 (7.4 MiB) TX bytes:257810 (251.7 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)

tap0 Link encap:Ethernet HWaddr 82:45:49:5E:B6:85
inet addr:192.168.10.4 Bcast:192.168.10.127 Mask:255.255.255.128
inet6 addr: fe80::8045:49ff:fe5e:b685/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:124 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:17954 (17.5 KiB) TX bytes:8513 (8.3 KiB)

route -n:

Destination Gateway Genmask Flags Metric Ref Use Iface
SERVER'S PRIVATE IP 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.128 U 0 0 0 tap0
10.0.2.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.10.1 128.0.0.0 UG 0 0 0 tap0
128.0.0.0 192.168.10.1 128.0.0.0 UG 0 0 0 tap0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0

cat /etc/resolv.conf

# Generated by NetworkManager
nameserver 192.168.1.254

I'm assuming the above is MY Hosts gateway from my Router?

tracepath virtualbox.com:

gethostbyname: Host name lookup failure

tracepath 208.73.210.28

1: 192.168.10.4 (192.168.10.4) 0.081ms pmtu 1500
1: 192.168.10.1 (192.168.10.1) 680.037ms
1: 192.168.10.1 (192.168.10.1) 335.173ms
2: no reply
3: 213.251.130.74 (213.251.130.74) 344.672ms asymm 2
4: 94.23.122.73 (94.23.122.73) 337.954ms asymm 3
5: 4.68.63.105 (4.68.63.105) 345.426ms
6: 4.69.139.97 (4.69.139.97) 349.893ms asymm 5
7: 4.69.137.74 (4.69.137.74) 417.857ms asymm 6
8: 4.69.134.78 (4.69.134.78) 417.758ms
9: 4.69.148.37 (4.69.148.37) 418.292ms asymm 6
10: 4.69.135.185 (4.69.135.185) 488.432ms asymm 8
11: 4.69.134.242 (4.69.134.242) 485.792ms asymm 8
12: 4.69.134.233 (4.69.134.233) 493.467ms asymm 8
13: 4.69.132.10 (4.69.132.10) 487.543ms asymm 10
14: 4.69.144.6 (4.69.144.6) 543.677ms asymm 10
15: no reply
16: no reply
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
31: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500

Dunno about setting up my own server, but OpenVPN client certainly works for me with Ubuntu9/Win2003 guests on 64-Bit Fedora12/13/Ubuntu9 hosts.

You are using Bridged networking I assume, not NAT (which is very likely to confuse the matter!)

As I mentioned Server isn't the problem as I can connect off both of my Windows machines fine.

Under 'Settings' of Virtualbox, under 'Network' it is NAT - I did not change this, simply how I installed - is this incorrect?

And for the record my host is x64, along with the Guest OSs I tested above..

Trident911 wrote:Under 'Settings' of Virtualbox, under 'Network' it is NAT - I did not change this, simply how I installed - is this incorrect?

Yes, NAT is just not the right setting, it needs to be "Bridged Adaptor", otherwise you'll end up double-NAT'ing yourself, and you'll have no chance of your guest being able to reach your host (or internet).

i have no idea why NAT is the default, seems pretty stupid to me.

And you sir and fixed everything!

I cannot thank you enough, or begin to fathom why NAT was selected as default ><.

Why NAT does not ....

Refer to http://forums.virtualbox.org/viewtopic.php?f=1&t=29990

virtualbox.org

OpenVPN not working under Guest OS - Fine under Host.

OpenVPN not working under Guest OS - Fine under Host.

Re: OpenVPN not working under Guest OS - Fine under Host.

Re: OpenVPN not working under Guest OS - Fine under Host.

Re: OpenVPN not working under Guest OS - Fine under Host.

Re: OpenVPN not working under Guest OS - Fine under Host.

Re: OpenVPN not working under Guest OS - Fine under Host.