virtualbox.org

It sounds so simple, but this is killing me.

We have a physical proprietary Linux server with a private IP 192.168.1.5 using rsync in its own way to back up its system and data to a virtual server of the same kind with IP 192.168.1.10. This VM resides on an Ubuntu Mate PC and has a bridged Ethernet interface for its static IP. Both servers are essentially "appliances" because we cannot change much in their configs. The arrangement works fine for backup, failover, etc. on the office LAN.

PROBLEM: We want to move the PC with the backup server VM offsite to any of various employee's homes (and it may move around now and then).

The two servers want to see each other at their respective "local" static IPs, so I think I will need to set up a LAN-to-LAN bridged VPN (IPSec/SSL/etc. with either Mate's Network Manager, StrongSWAN, OpenVPN, etc.) from the Ubuntu host PC to the Netgear FVS336Gv3 router at the office, using NAT-traversal to get through the residential cable firewall/router between them. A simple Host-to-LAN "road warrior" VPN seems to require tunneling through a routed connection, cannot pass traffic from another host (the VM) through it, and creates a virtual network interface that obviously cannot support a VBox bridged interface at all.

QUESTION: The question for this group is what sort of network regime do I need to set up in VBox so that both servers will think the server in the VM never left the local office network?

I am not sure what type of network interface will be created on the host Ubuntu PC for the VPN endpoint, but I am fairly certain it will be something virtual. Regardless, I must present the VM's NIC with full access to the 192.168.1.0/24 remote LAN, because we cannot install VPN software on the server in the VM. I need to know what kind of virtual networking magic needs to be done in VBox to make this happen.

The deeper I get into this, the more I wonder if such a simple concept might still be beyond the capability of the platforms I have chosen to use.

Let's hope there is a simple solution to this (at least for the VBox part of it).

Thanks!

As far as the VirtualBox part you would use bridged. But beware that VPN is not really forgiving because of its security and the network stuff is outside of the scope here. That said it should be doable if you get the VPN configured properly.

Thanks for the reply.

Because the host PC's LAN-to-LAN VPN itself must be bridged, I was thinking that I would have to set up some kind of virtual 192.168.1.0/24 LAN segment in VBox to bridge to its twin in the office. "LAN-to-LAN" does imply a LAN on both sides, so I am curious as to how a VBox bridged Ethernet adapter might work in this case.

Also, by definition, I did not think it was possible to bridge a VM's NIC to a virtual interface on the host (such as a VPN endpoint would create). Ethernet bridging can only be done via a physical interface, right?

As we know, the IP address of the host PC's physical interface is irrelevant, since it will be set automagically by DHCP, so that wouldn't even need mentioning, except to say that it had better be on a different subnet altogether to avoid conflicts.

The LAN segments on both sides of a bridged VPN connection must be identical, so they can share IPs and traffic as if they were one local subnet. Since the VM resides inside the physical PC's imagination, wouldn't I need to create a 192.168.1.0/24 LAN segment internally somehow that will contain the VM's 192.168.1.10 IP address AND bridge to the office network?

QUESTION: How do I create a virtual LAN segment (in VBox?) on a Linux host PC that 1) a VM can connect to, and 2) can be bridged to another LAN using one of the popular Open Source VPN tools?

This is the main reason I posted this in the "Linux host" forum. Linux is very capable, so there may be a way to create a virtual network outside of VBox that might be a better solution. In that case, I would still need to know how to connect a VM to it, which may not be a simple proposition, either.

If anybody besides me has ever tried this, I would love to find out if (and how) they managed it.

VBox may be just one piece of this puzzle, but the VM does have to fit perfectly with everything around it, so perhaps the underlying OS and VPN pieces are not as off-topic as they might seem at first? Every solution exists in a context (which, in this case, is a little weird, and maybe a lot recondite, sorry).

Thanks again!