virtualbox.org

I have a Win 7 host on which are running serveral VMs via NAT. Now I´d like to route all traffic from those NAT VMs through a server to mask my IP.
Unfortunately I didn´t get that far.
Can somebody help me?

How can I route the Traffic of the VMs through a VPN that´s running on the Host. And it should only route the traffic of the VMs.

Your question refers to some quite advanced networking setup that is way beyond the scope of Virtualbox itself...

Few questions for you :

Is your host traffic routed via the VPN already? Do you have a default route to use the VPN?
If not, do you need the VPN connection for the host traffic itself (not counting what you want to do with the VMs)?
If you don't need the VPN for the host, are you willing to create an extra VM that will act as a router and connect to the VPN?

The short answer is that you can't do that.

A VPN is a point to point connection, and by default they are not routable. The VPN server only has a host route back to the VPN client, which means it will only route traffic addressed to the VPN client (which is your host machine). In theory you would think that NAT would work because NAT converts all the traffic to use the NAT host's IP address.

The reason it usually doesn't work is that the VPN connection is not a NIC, and NAT will use the NIC in the host and ignore the VPN connection which you want to use. I don't know of any way to make VIrtualBox use a VPN connection for NAT. NAT will convert all the NAT machine addresses to use the IP of the physical NIC, not the IP of the VPN connection.

Just to clear it up :

BillG wrote:The short answer is that you can't do that.

Yes you can, but he will need another routing entity (hence my question about a new VM to do just that) or he needs all the host traffic to go via the VPN.

BillG wrote:The reason it usually doesn't work is that the VPN connection is not a NIC, and NAT will use the NIC in the host and ignore the VPN connection which you want to use. I don't know of any way to make VIrtualBox use a VPN connection for NAT. NAT will convert all the NAT machine addresses to use the IP of the physical NIC, not the IP of the VPN connection.

- VPN connection DOES have a NIC as endpoint, just not a physical one
- NAT will not use any specific NIC on the host, and he will not ignore VPN connetions. NAT will simply send the network traffic via the host, and any routing rule on the host will apply. If the default route is on a VPN, it will go there.

- VPN connection DOES have a NIC as endpoint, just not a physical one
- NAT will not use any specific NIC on the host, and he will not ignore VPN connetions. NAT will simply send the network traffic via the host, and any routing rule on the host will apply. If the default route is on a VPN, it will go there.

This is not the place to get into an esoteric discussion of networking, but I stand by what I said. Using normal VirtualBox settings, it cannot be done.

I also stand by my statement that a VPN connection is not a NIC. A NIC is a network interface card and a VPN connection is not. This is not restricted to VirtualBox - many software routers will not accept a VPN connection as a NAT public interface.

Yes you can, but he will need another routing entity (hence my question about a new VM to do just that) or he needs all the host traffic to go via the VPN.

Why use another VM? What is the advantage against just using the host? It would be no problem to run a VM as Sever, but i preferred the Host if possible.

NAT will not use any specific NIC on the host, and he will not ignore VPN connetions. NAT will simply send the network traffic via the host, and any routing rule on the host will apply. If the default route is on a VPN, it will go there.

As far as I understand the matter, I tried this with the help of someone who has unfortunately more knowledge with linux. One of the ideas was to route the traffic from Virtualbox (VB) trough the windows routing table to the IP off the VPN. In the End all the running VMs should use the administered IP frrom VB (the virtual Host-Only Ethernet Adapter has as Default 192.168.56.1.)? Should this be possible?
Unfortunately we had some problems with the Win 7 Routing. Although activated and running we couldn´t even route a single IP, but we tried everything short of a reboot (which wasn´t an option at that time).

So would it even be possible to route all the Traffic from the Host Ethernet adapter IP to the assigned IP of the VPN connection?

Why use another VM? What is the advantage against just using the host? It would be no problem to run a VM as Sever, but i preferred the Host if possible.

There are two reasons for this :
1. a VPN is a end-point to end-point connection, which means there can only be one entity at each end talking over the connection. You cannot put several VMs over a single VPN connection directly.
2. the only way to make several entities talk over a VPN is to setup a router and connect that router to the VPN connection and have a NAT setup on that router.

If you want to use the host indeed, then you must route ALL your host traffic and its VM traffic via the VPN.

As far as I understand the matter, I tried this with the help of someone who has unfortunately more knowledge with linux. One of the ideas was to route the traffic from Virtualbox (VB) trough the windows routing table to the IP off the VPN. In the End all the running VMs should use the administered IP frrom VB (the virtual Host-Only Ethernet Adapter has as Default 192.168.56.1.)? Should this be possible?

You do want to route the VM traffic to the VPN yes, but unless you want to also router the host traffic via the VPN, you cannot do it (at least under Windows 7).

Unfortunately we had some problems with the Win 7 Routing. Although activated and running we couldn´t even route a single IP, but we tried everything short of a reboot (which wasn´t an option at that time).
So would it even be possible to route all the Traffic from the Host Ethernet adapter IP to the assigned IP of the VPN connection?

That's normal, you would need to route all your host traffic aswell. The other only way would be packet rewriting but AFAIK you would need linux for that.

Ok then. What would be the Setup if I use a VM as a Server to route all the other VMs traffic to the VPN that are connected to the internet via NAT?
What I have to do?

alllala wrote:Ok then. What would be the Setup if I use a VM as a Server to route all the other VMs traffic to the VPN that are connected to the internet via NAT?
What I have to do?

Guidelines for you :

Put all your current VMs NIC on Internal Networking and specifiy the same network name (More info)
Create a new VM (Linux recommended) - let's call it the router - and create 2 NICs on IT :
- one with Internal Networking, on the same network as the other
- one with bridged networking, on your physical NIC
On the router VM :
- Enable IP routing on the router VM (More info)
- Setup your VPN connection and make sure there is a default route to it if your VPN solution doesn't support it (More info)
- Enable NAT (Masquerade on Linux) with the outside interface as your VPN tun/tap interface and inside interface as your Internal Networking (More Info)

I let your figure out the details of each steps, as this could be a very long post.

Thanks for your time and help. This guide should be enough to find a solution.
I get back here if and how i implemented this.

virtualbox.org

Host Routing of all VMs NAT traffic

Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic

Re: Host Routing of all VMs NAT traffic