Page 1 of 1
VPN tunnel in Windows guest not working
Posted: 10. Oct 2011, 20:39
by asheiner
Hi,
I'm running VirtualBox 4.1.4 in OSX Lion.
My guest OS is Windows XP and
I have set networking to bridged en0: ethernet.
When I start my Windows guest it get an IP from my DHCP server and I have a connection to the internet.
Then I start my VPN client on the guest which is configured to UDP-Encapsulate Port:501
The connection is established as expected but I can't reach any IP within the VPN network.
When I run excatly the same guest on a Windows host the VPN tunnel is working perfectly, therefore I'm sure it won't be a setting on my router or it's firewall.
So, I assume it has to be setting in OSX.
But which and where ????
BTW: I have no firewall running on host system.
Anyone who can help ???
Thanks,
Andreas
Re: VPN tunnel in Windows guest not working
Posted: 10. Oct 2011, 23:57
by Sasquatch
Did you check the logs of both Windows Event Viewer and the VPN server? That should tell you what is going on. I've tested four types of VPN myself from a VM: IPSec, L2TP, IPSec over L2TP and PPTP. Only the latter works with Bridged, the others work with NAT as well. Since Windows XP only has L2TP and PPTP support natively, and I'm sure they work, you might want to explain what kind of VPN you have and what the end-point has to say in it's logs.
Re: VPN tunnel in Windows guest not working
Posted: 11. Oct 2011, 18:01
by asheiner
I'm not that specialist, but I can find in the windows event viewer log is nothing regarding this problem.
The VPN server log is not visible to me as the server is maintainend by my customer.
I can only see the log from the VPN client, which looks normal to me, besides that there are no bytes transferred.
Code: Select all
********************************************************************
10/11/11 17:34:46 IKE/IKE Started Enable Secure Access to TEP: Azzzzzzzzzzzz RA (xxx.xxx.191.254) for user heinerst
17:34:47 IKE/IKE Source IP Address, Port for IKE : 192.168.1.232, 1843
17:34:47 IKE/IKE Contacted VPN gateway (xxx.xxx.191.254)
17:34:47 IKE/IKE User Authentication Successful.
17:34:48 IKE/IKE Tunnel Parameters received from gateway are:
Encryption : TRIPLE DES Authentication : SHA1 Compression : LZS
Tunnel transport method: UDP-Encapsulated on Port 501
Authentication Timeout: 1440 Minutes
Heartbeat Interval: 60 Seconds
Internal IP for local presence :xxx.xxx.192.176
Pri. DNS :xxx.xxx.192.13 Sec. DNS :xxx.xxx.102.199
Pri. WINS :0.0.0.0 Sec. WINS :0.0.0.0
HostList: *
Tunnel administrator does not allow you to save password
Orig Pri. WINS : Orig Sec. WINS :
Firewall Policy: Block All Clear Text Traffic
10/11/11 17:34:48 IKE/IKE IPSec SA SPIs: Inbound: 0x 2b84, Outbound: 0x 1013279f
10/11/11 17:34:48 IKE/IKE Successfully established VPN Tunnel to TEP xxx.xxx.191.254 for User heinerst
********************************************************************
10/11/11 17:37:48 IKE/IKE Lost connectivity to Tunnel <Alcatel-Lucent RA>. Heartbeat timeout..
17:37:48 IKE/IKE 17:37:48:: Traffic statistics for the tunnel: Bytes Sent 0, Bytes Received 0.
As I said the interesting thing is that on my Windows host running the same WIndows VM everything works fine.
So I still believe it's the OS X that's making the difference.
Also on my routers firewall I can see dropped packages only when I run this VM on my OS X host.
Code: Select all
Oct 11 17:35:02 XENON kernel: DROP IN=vlan1 OUT= MAC=00:0f:66:90:3a:9d:00:1a:4f:b8:a7:d2:08:00:45:00:00:48 SRC=xxx.xxx.191.254 DST=192.168.178.100 LEN=72 TOS=0x00 PREC=0x00 TTL=246 ID=58643 PROTO=ESP SPI=0x2b84
Don't know if Virtualbox has a different way of handling this.
But what really confuses me is that I always thought that after my VPN tunnel is established the communication goes directly between the VPN client and the VPN server.!?!
Re: VPN tunnel in Windows guest not working
Posted: 11. Oct 2011, 21:03
by Sasquatch
Looks like your router is at fault here. Somehow, it doesn't like things when VB is bridged on your Mac. You have to investigate this. You can try it with setting the VM to NAT, but then again, the protocol dropped is ESP, something NAT does not support (it only supports TCP and UDP). To really get to the bottom of this, run a network analyser on the Host, Guest and router and monitor the connection timespan of the VPN on the Mac and other system, so you see any differences between the working and not-working system.