Greetings!
I've tried all I can to get this working, and I'm not even sure this is specifically a VirtualBox issue, but thought I would start here and see if anyone can help with the situation.
We have a Mac (with a static IP) running VirtualBox hosting several guest CentOS machines (all of which have static IPs). The networking is setup with Bridged Adapters, and access to these machine works great from within the local network.
We have a Fortinet Fortigate 40C as our router, forwarding the necessary traffic to our OS X Mavericks Server providing VPN services. VPN is running fine, and access to regular computers and even the Host Mac works as expected.
However, we are unable to connect to any of the guest machines from outside the office over VPN. All pings, ssh, web connections just timeout. I've tested changing the Promiscuous mode to all the different settings, switched between the Intel and virtio network drivers, verified IP tables on the guest OSes, etc.
I'm not sure if the issue is in the VirtualBox network adapters not responding correctly, the VPN service not able to connect the outside machines to just the VB guests, or even in the router itself not able to get directly to the guests. If anyone has any help or suggestions, I'd really appreciate it!
nabeards
Access to Guest machines from outside the network over VPN
-
noteirak
- Site Moderator
- Posts: 5231
- Joined: 13. Jan 2012, 11:14
- Primary OS: Debian other
- VBox Version: OSE Debian
- Guest OSses: Debian, Win 2k8, Win 7
- Contact:
Re: Access to Guest machines from outside the network over V
To the following questions :
1) Can you ping the guests from the LAN?
2) Can you ping the guests from the LAN router?
3) Can you ping the guests from the VPN server?
From your description, it seems 1) is already yes. This the only part Virtualbox is handling. The rest is down to your network/routing/firewall configuration.
1) Can you ping the guests from the LAN?
2) Can you ping the guests from the LAN router?
3) Can you ping the guests from the VPN server?
From your description, it seems 1) is already yes. This the only part Virtualbox is handling. The rest is down to your network/routing/firewall configuration.
Hyperbox - Virtual Infrastructure Manager - https://apps.kamax.lu/hyperbox/
Manage your VirtualBox infrastructure the free way!
Manage your VirtualBox infrastructure the free way!
Re: Access to Guest machines from outside the network over V
All answers are Yes. Which tells me that it must be an issue with the VPN server actually routing clients when they connect properly. I'll post any updates if I get them...noteirak wrote:To the following questions :
1) Can you ping the guests from the LAN?
2) Can you ping the guests from the LAN router?
3) Can you ping the guests from the VPN server?
From your description, it seems 1) is already yes. This the only part Virtualbox is handling. The rest is down to your network/routing/firewall configuration.
Re: Access to Guest machines from outside the network over V
Finally found a solution! Just dug back into this today. I needed to create static arp entries on the VPN server in order for remote clients to see these virtual machines.
Our VPN server is Mac, so this was the command I used:
Once you've added all the arp entries you need, be sure to restart the VPN service so it picks up these entries.
Neil
Our VPN server is Mac, so this was the command I used:
sudo arp -S <DNS name or IP address of server> <MAC address from VirtualBox settings for this server>-S will delete any existing entries first, so you may see either of the following as output:
delete: cannot locate <DNS name or IP address of server>
<DNS name and/or IP address of server> deletedThere is no other output, but if you run
arp -anyou should see the entires are saved.
Once you've added all the arp entries you need, be sure to restart the VPN service so it picks up these entries.
Neil