How can I make VirtualBox guests share the host's VPN connection?
Solution 1
This will not work in a Bridged Networking setup. From the VirtualBox documentation:
Bridged networking
This is for more advanced networking needs such as network simulations and running servers in a guest. When enabled, VirtualBox connects to one of your installed network cards and exchanges network packets directly, circumventing your host operating system's network stack.
Since your virtual machines are using eth0
directly, they are unaware of the tun0
interface to the tunnel running over it. You will need to use a different virtual networking configuration.
You have (among others) these options:
Network Address Translation (NAT) is by far the simplest solution. VirtualBox will NAT the VMs across whatever internet connection is available to the host. This is fully transparent to the VMs. However this precludes connections from the host to the VMs or connections between the VMs.
Use Host-only Networking to create a proper subnet containing the VMs and the host. This will require no changes in the interface configuration you now have in the VMs, but you will need to set up the host to be the gateway and router, and make it NAT the VMs to the outside (whether across its
eth0
ortun0
).Combine the above: give each VM two interfaces, one gatewaying to the outside world (across VirtualBox's NAT) and the other attached to the Host-Only LAN.
Try VirtualBox's experimental NAT Networking configuration. Update 2019: this feature has since matured: attach to the host's NAT and choose the Paravirtualized network (virtio-net) adapter type.
Solution 2
For VirtualBox with windows host and linux(mint) guest, go to the Network UI tab and set for "Adapter" => "Attached to : NAT" and "Adapter type : Paravirtualized network". After that start your VM and you should be able to use VPN network.
Solution 3
After looking for this solution everywhere, I finally found a working solution that doesn't require a lot of configuration changes and is really simple. Use the default NAT network and type this in the terminal:
VBoxManage modifyvm "VM name" --natdnsproxy1 on
source: https://www.virtualbox.org/ticket/13993
Solution 4
Had the same problem. Here is how I solved it:
- Change the network type of Guest System to be "Host Only"
- Make the default gateway of Guest point to Host's ip
ifconfig vboxnet0
to find it.
Last step is routing the packets coming from vboxnet0 into your VPN.
If you route all traffic through VPN:
iptables -t nat -A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -o tun0 -j SNAT --to-source 10.8.0.5
Where 10.8.0.5
is your tun0 gateway and 192.168.5.0/24
is your vboxnet0 network range.
If you only route certain traffic through VPN:
iptables -t nat -A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -o tun0 -j SNAT --to-source 10.8.0.5
iptables -t nat -A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -o wlan0 -j SNAT --to-source 192.168.43.95
Where 10.8.0.5
is your tun0 gateway and 192.168.43.95
is your wlan0
's gateway and 192.168.5.0/24
is your vboxnet0 network range.
Note: This solution allow Guest OS be treated in same way Host OS is treated. Only IPs configured to go through VPN in Host OS will go through it in Guest.
Solution 5
Here is some useful info for vagrant boxes using host vpn. Basically you need to set natdnshostresolver1 option Note that this will NOT work when using the Vagrant's public_network setting though.
config.vm.provider :virtualbox do |vb|
# ---- other options....
vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
end
http://renier.morales-rodriguez.net/post/90674523562/sharing-host-vpn-with-virtualbox-guest http://blog.geekslikeshinythings.com/2016/05/sharing-host-vpn-with-vagrant-rob-allen.html
Related videos on Youtube
Programster
Updated on September 18, 2022Comments
-
Programster over 1 year
Question
When I start my VPN on my ubuntu desktop computer which acts as a router, the attached subnet loses internet connectivity, but is still accessible (LAN). Ideally, I would like to know how to enable the attached subnet to re-gain internet access by routing through the VPN tunnel when the VPN is active.
Context
I have the following network layout:
subnet 172.16.0.0/20 on eth0 for my VirtualBox virtual machines.
subnet 192.168.0.0/24 on eth0:0 which connects to gateway 192.168.0.1 which has internet access.
This is shown in the /etc/network/interfaces file:
auto lo iface lo inet loopback # This is the subnet dedicated to VB auto eth0 iface eth0 inet static address 172.16.0.1 netmask 255.255.0.0 gateway 192.168.0.164 dns-nameservers 8.8.8.8 # normal DHCP internet auto eth0:0 iface eth0:0 inet static address 192.168.0.164 netmask 255.255.255.0 dns-nameservers 8.8.8.8 gateway 192.168.0.1
The packets on the eth0 are forwarded through eth0:0 with masquerading and normal internet connectivity is fine. However when I start my VPN tunnel on this router, internet connectivity is lost for the VMs on the eth0 subnet (yet remains for the router).
Below is the output of ifconfig when the tunnel is active:
eth0 Link encap:Ethernet HWaddr 00:1f:bc:01:c3:ab inet addr:172.16.0.1 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::21f:bcff:fe01:c3ab/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:165426 errors:0 dropped:0 overruns:0 frame:0 TX packets:182601 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:208264321 (208.2 MB) TX bytes:16660945 (16.6 MB) Interrupt:16 eth0:0 Link encap:Ethernet HWaddr 00:1f:bc:01:c3:ab inet addr:192.168.0.164 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:381963 errors:0 dropped:0 overruns:0 frame:0 TX packets:381963 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:22755054 (22.7 MB) TX bytes:22755054 (22.7 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
I suspect that the solution will have something to do with the routing table. It shows the following when the tunnel is active:
Destination Gateway Genmask Flags Metric Ref Use Iface default 10.8.0.9 128.0.0.0 UG 0 0 0 tun0 default 192.168.0.1 0.0.0.0 UG 100 0 0 eth0 10.8.0.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0 10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0 37.139.23.49 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 128.0.0.0 10.8.0.9 128.0.0.0 UG 0 0 0 tun0 link-local * 255.255.0.0 U 1000 0 0 eth0 172.16.0.0 * 255.255.0.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
and the following when the tunnel inactive:
Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.1 0.0.0.0 UG 100 0 0 eth0 link-local * 255.255.0.0 U 1000 0 0 eth0 172.16.0.0 * 255.255.0.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
Virtualbox configuration for Vms:
One of the VMs
/etc/network/interfaces
file:# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 172.16.0.3 netmask 255.255.0.0 network 172.16.0.0 broadcast 172.16.255.255 gateway 172.16.0.1 dns-nameservers 8.8.8.8
-
Admin about 10 yearsHow are the networks of your VM's configured in VirtualBox?
-
Admin about 10 yearsbridges to eth0 - added info to the question.
-
Admin about 7 yearsI know it's not exactly the answer to your question, but for me it turned out to be easier to set up 2 VPN connections instead: 1 from the host machine, another from the guest machine
-
-
kol almost 8 yearsThe first link had the solution for me. It shows how to turn on the natdnshostresolver1 option for the VM.
-
womp almost 8 yearsThis worked great for me, thanks! Using Ubuntu 16.04LTS as my guest and Windows 10 host, with Virtual Box 5.0.24.
-
murrekatt over 7 yearsBrilliant! This works for my Windows 10 host & VirtualBox (5.0.26) CentOS 7 guest.
-
MrSpock almost 7 yearsAmazing! Should be the accepted answer. Was looking for this solution for ages. Thanks alot!
-
Mike almost 7 yearsbest answer here!
-
Roddy of the Frozen Peas almost 6 yearsWhy the heck isn't this the accepted answer? So easy and correct!
-
Romski over 5 yearsMac 10.14 Host with Ubuntu Mate 18.04 guest in Virtualbox 6.0. Imported openvpn config and was able to connect with these settings - thanks!
-
OldProgrammer about 5 yearsHmm did not work for me with windows 10 RHEL 7.4
-
smwikipedia almost 5 yearsThis works for me though the icon on the Ubuntu taskbar still shows a question mark. And I have to manually set the proxy in my Ubuntu VM's Firefox browser.
-
zwets almost 5 years@MichaelGoldshteyn this isn't the accepted answer because the OP didn't want to wait two and a half years for (a) an answer and (b) a VirtualBox feature that didn't yet exist in Feb 2014. I'll update my answer to mention that the experimental feature has since become available as "paravirtualised network adapter".
-
rince almost 5 yearsAs a clarification, the VM must be off before you can select "Paravirtualized Network" under the Advanced section
-
kiltek about 4 yearsWith this trick my Linux-VM does not loose the internet (browsing google.com and apt-get work) when I connect to the VPN on my Windows 10-Host, however it cant access the company websites,. So I asume it cant use the VPN of Host.
-
shadab over 3 yearswhich terminal?
-
jaggi over 3 yearsThis worked for me with keeping only one network adapter enabled.
-
ruby_object over 3 yearsclarification: On host machine you have to execute command like: VBoxManage modifyvm "ubuntu18.04lts" --natdnsproxy1 on - please remember to replace "VM name" with the name of your VM
-
NeeK about 2 yearsWorked great for me!