OpenVPN running on Host, want only the VM to use it.

Kevman · Post by **Kevman** » 18. Jul 2013, 23:32

I have my VM set up with NAT and I'm running OpenVPN on the host. I would like for the host to bypass the VPN, but for the guest to use it. I'm aware that I could just run OpenVPN inside the VM, but it's preferable to run it on the host.

I believe the way to accomplish this is to set up the hosts routing tables so the VM gets routed to the VPN gateway and the host gets routed to the normal gateway. I'm not sure how to do this, as I don't really understand what I'm looking at when I look at the routing tables. I think I need to find the VM's IP, then add a persistent route to the gateway created by the VPN?

Post by **BillG** » 19. Jul 2013, 06:20

I think that it is unlikely that you will get that to work. By design a VPN link is a point to point connection between two machines, the VPN host and the VPN guest. The connection is usually designed so that this connection cannot be shared. What you want to do goes counter to the design parameters of a VPN connection.

The best idea is to have two NICs in host and reserve one for the host OS and one for the guest OS (from the network properties of the host OS).

Post by **noteirak** » 19. Jul 2013, 08:00

It is technically possible, you need :
- the host to do routing
- use host-only
- enable NAT'ing on the VPN connection
- force forward any packets coming from the VM into the VPN

All of these tasks are very much advanced networking, and have nothing to do with Virtualbox, except for using host-only. And I wouldn't expect this to be a walk in the park to configure in windows, very much not...

Kevman · Post by **Kevman** » 19. Jul 2013, 16:30

Ok, sounds like this is not something which can be done easily. I think another option is to do the following:

Install Tomato firmware on my router.
Set the VM up with bridged networking.
Assign static IP's to both the VM and the host.
Use Tomato's IPtable Rules so only the VM's IP uses the VPN gateway.

There are examples of this method working, but I can't post links yet.

I didn't want to do this at first because I thought it would be harder and for some reason my VPN doesn't work with the newest version of OpenVPN, only 2.2.2. So I was thinking it would be easy to set this up how I was describing it. I guess I'll give this a shot...

Post by **noteirak** » 19. Jul 2013, 18:28

If you can do it in your router, that would be good too, but the same logic apply.
Having iptables is definitly much (much) easier than having to deal with Windows, that's for sure.

virtualbox.org

OpenVPN running on Host, want only the VM to use it.

OpenVPN running on Host, want only the VM to use it.

Re: OpenVPN running on Host, want only the VM to use it.

Re: OpenVPN running on Host, want only the VM to use it.

Re: OpenVPN running on Host, want only the VM to use it.

Re: OpenVPN running on Host, want only the VM to use it.