Host-only Adapter does not work when VPN is connected

[soundbar]

Hi guys,

My host is Windows 7 and I have a Windows Server 2008 Guest and are connected via host-only adapter. Everything works fine until I connect to the corporate VPN, and then connectivity is lost (both ways). I supposed this is because all network traffic is forced to go through the VPN.

Is there anyway I can get around this so that I may be on the VPN and yet have connectivity (between host/guest) simultaneously?

Thanks for the help!

[noteirak]

disabling & re-enabling the host-only interface in the host after connecting to the VPN might work, but it all depends how the VPN software is made - some re-apply the routes after a change in an interface status.

[soundbar]

Hey Noteirak,

Thanks for the tip - it didn't work though. I also tried applying a static route (didn't work either). Guess i'll just have to live with it. Thanks again!

[BillG]

That all seems rather odd to me. A VPN connection on the host can certainly cause havoc with routed traffic, but it should not affect the host only network. The host and guest are directly connected with IPs in the same IP subnet (unless you have changed them from the default), and no routing is involved. They should communicate directly using hardware addressing. It should be a "bullet proof" connection unaffected by other networking. Changing routes anywhere shouldn't change a thing, since no routing is involved.

[noteirak]

Routing is still involved. Routes are automatically created to tell the IP stack that the subnet is connected with the lowest metric when an interface goes up. But VPN software can overwrite these routes (or anything else for that matter).
Typically, they keep the routes that lead to the default gateway, but remove everything else. Once turned off, they add back all the routes that were removed. They also do that in real-time.
Cisco and Juniper VPN clients are the usual culprits.

[BillG]

This isn't really the place to pursue this, but as a long-term networker I can't accept that. As I said, I am well aware of the problems with routing and VPN, but I can't accept your statement that routes (of whatever priority) can affect direct delivery. It violates the first rule of IP routing. Direct delivery is done before the routing table is even looked at.

[noteirak]

I agree, I am only saying that VPN software can change a lot of things to enforce security policy set by administrators, especially on Windows hosts, including this kind of thing.

[manishsingh]

Hi,

I am having same issue, After connecting the VPN i am not able to access my host only adapter in virtual box VM.
Please help me to fix it.

Thanks,
manish

[davidGBG]

And I also have the same issue.

I have a host-only adapter with IP 10.61.250.214/26, and I'm running a VM with IP 10.61.250.213:

Code: Select all

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::3d75:2fc2:96e3:8b4a%18
   IPv4 Address. . . . . . . . . . . : 10.61.250.214
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   Default Gateway . . . . . . . . . :

When in the office, the routing table looks good and I can ping and access my VM:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
    10.61.250.192  255.255.255.192         On-link     10.61.250.214    266
    10.61.250.214  255.255.255.255         On-link     10.61.250.214    266
    10.61.250.255  255.255.255.255         On-link     10.61.250.214    266
===========================================================================

However, when I connect to the corporate VPN, my routing table is automatically changed:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
    10.61.250.192  255.255.255.192         On-link      153.88.48.44      1
    10.61.250.214  255.255.255.255         On-link     10.61.250.214    266
    10.61.250.255  255.255.255.255         On-link      153.88.48.44    256
===========================================================================

Even if try to manually set back the routes, after a few seconds, the routes are changed again and I cannot ping or access my VM.

Any idea how to avoid or counter the problem?

[Martin]

You would need to ask the administrators of your corporate VPN to configure it to allow local networks.

[davidGBG]

You would need to ask the administrators of your corporate VPN to configure it to allow local networks.

Thanks Martin!
I wonder if it's not actually Symantec Endpoint Protection that messes up the route table when connected to my corporate VPN, rather than the VPN client (I've tried with 2 different VPN clients and observed the same behavior). Anyway, I will contact the administrators and see if they can help.

[fromano]

For me in Windows 7 it worked after overriding the rule set automatically by the VPN software.

Steps (my VM was running under IP 172.28.128.3):
- Connect to the VPN
- open cmd window as administrator
- type:
route change 172.28.128.3 mask 255.255.255.255 172.28.128.1 metric 1

In my case the VPN software did not try to revert back again to its own rule