OP wrote: Share VPN from Guest to Host
Hi - I run VirtualBox 4.0.4 on Mac 10.6.8. My guest OS is Windows XP. I have a VPN client on Windows XP that connects to my corporate network. When this >VPN connection is established, I want to share the VPN back to the Mac Host so that applications on the Host can access the corporate network too.
Is this possible on VirtualBox ?
The answer to this from BillG is True, but not neccessarily the whole Truth
>Postby BillG ยป 19. Aug 2011, 06:08
>Most VPN client software is written so that this can't be done, regardless of what OS or what network settings you use. A VPN connection is a point-to-point >connection and these cannot be shared.
BillG is right in that this is what VPN Tunnels are supposed to do, and do actually do, as long as you stay inside the box, don't cross the dotted lines, and firmly believe that if the plastic band says Do Not Cross this Barrier, that you are not allowed to walk around it or otherwise ignore it.
The "Feature" is called split-tunnel (google -> cisco split-tunnel VPN); Check-point tunnels are almost the same. Most corporate admins put them up for a purpose and feel themselves quite secure and happy in the knowledge that you can't route through them. Its sorta like the two big signs on the beach saying "Foreign Armies please invade between sign 'A' and sign 'B' ".
Lets assume you have your base-machine in 10.1.1.10 and your virt-client at 10.1.1.20 and your DSL-Router at 10.1.1.1
The Virt.Client will start the VPN-Tunnel software going out from 10.1.1.20 routed through 10.1.1.1 through your ISP's net to YourCompanysFirewall at 99.555.99.99, where it will pick up a lease inside the Companies-Internal-Network and your Virt-Client is back at work *** _and_isolated_from_your_10.1.1.1/24_Net ***.
It is no longer available via its own 10.1.1.20 address, because the VPN-Tunnel-Software stops any task wanting to listen to that IP for incoming connections. All of this is true, and works for Cisco, Checkpoint and a handful of other "VPN-Tunnel-Products".
What everybody else has forgotten, is that we also have IPv6 on Linux, Mac and Windows (XP and later). (In XP you have to install it; For the other window flavours it's just there and works). So in your case, you can ssh (using IPv6) into the cygwin sshd you've just installed on your window Virt.Client. If you use port-forwarding you can go through the Virt.Client into your Company Net and connect to whatever you wish; You just have to set it up first.
No Smoke, no mirrors, you're not "routing" through your VPN-Tunnel, you're just using your Virt.Client to accept an incoming IPv6-Session and forward it as an IPv4 Session through the VPN-Tunnel to your Corp.Network. This is what you wanted to do, although your admin has gone to considerable lengths to assure himself that you can't.
HOWTO to do this?
Be prepared to do some reading.
1) download and install cygwin on your Virt.Client
2) get & start sshd on your Virt.Client
3) install or configure IPv6 on both Virt.Client & on the real machine
4) You will probably use a tunnel-broker such as
http://www.sixxs.net/main/ or
http://www.he.net/
5) prove to yourself that you can ssh from real.machine to Virt.Client on both IPv4 & IPv6
6) then prove to yourself that when you start the VPN tunnel, your ssh-4 session will hang, but your ssh-6 session will still be alive.
OK, now we're about ready to start on the fun stuff:
ASSuME that you want to connect from your Mac through the VPN-Tunnel to a Mac-at-work, for example to its "Server-Admin" application.
Fire up Virt.Client
start sshd
fire up the VPN-Client
Minimise it, (it only gets in the way)
Get yourself a Mac shell as root. (We'll be using ports below 1024)
ssh -6 -L311:mac-at-work:311 user@IPv6-WIndows-at-Home
# you will now have a useless session on your windows Box; this can be minimised (it only gets in the way)
Note that "mac-at-work" is the IPv4 address as seen from within the company.Net
Now start your local Mac's "Server-Admin" and connect to 127.0.0.1
Guess where it lands: slap-dap in the middle of Server-Admin on Mac-at-work.
If you want to do VNC, you'd remember that you probably have a VNC-listener on your local-mac at 5900, so use something like
ssh -6 -L5999:mac-at-work:5900 user@IPv6-WIndows-at-Home and then connect to vnc://127.0.0.1:5999 to get you to vnc://mac-at-work:5900 so that you're not stepping on your own toes.
That's probably quite a bit for a first post, the main thing to remember is that it can get very boring staying inside the box all day,
and that firewalls were built to keep the bad guys out. If the company spent all that money so that they sleep better at night, then don't disturb them.
One of the nice things about VirtualBox Virt.Clients is that they are very convenient for reducing inconveniencies by bottling them up into appliances.
I have "awindow" for Cisco-VPN-Customers and "bwindow" for Check-point VPN-customers. These Boxes work on 385 to 512 MB.
There are other tricks you can do with ssh port-forwarding, such as "port -v selfupdate" when the target Mac is behind a corporate-proxy which doesn't understand rsync, but that's not exactly a VirtBox problem, just applied laziness
//rhi 20110819