Jump to content

Need help with VM networking + VPN

GionnyBanana
By GionnyBanana
in Networking
 Share
Posted

 EDIT: It turns out the issue was that I was creating "my new wifi" with the apple system preferences tool... When creating it with the terminal like this 

sudo networksetup -createnetworkservice "my new wifi" en0

it works... Maybe the system preferences tool was not binding it to en0. Weird...

Anyway now I have another problem. When the VM activates the VPN, I can see that the host reaches the VM, but its packets never get a response. Is there a solution for this? Not sure if my nat config is not working for the returning packets or if the vpn only allows packets sent from the VM itself... (the vpn is GlobalProtect)

 

Hi forum!

I am tackling a project I know nothing about, I need some help if possible 🙂

Basically, I have a M2 macbook with macOS 15.2 with Parallels, which runs a VM with macOS 15.2.

The VM has access to a VPN that I also need in the host, but I cannot have that same VPN in the host directly for reasons.

I would like to have the host route everything through the VM to get to the internet so that I can take advantage of the VPN in the host too.

Is this achievable? I have been trying to add port forwarding and nat in the vm's pf and set the vm address as the default gateway for the host but nothing has been working for now.

Here is what I tried so far:

  • Setting up port forwarding in the VM with 
sudo sysctl -w net.inet.ip.forwarding=1
  • Setting nat in the vm's pf.conf with 
nat on en0 from <host ip> to any -> (en0)
  • Setting a pass for ping calls in the pf.conf too (I know I shouldn't use any, it was just to see if it was working) 
pass in quick proto icmp from any to any
  • Setting the default gateway in the host as the vm by creating a new network service and setting the gateway 
networksetup -setmanual "my new wifi" <host ip> 255.255.255.0 <vm ip>

At this point I can ping the vm from the host, but as soon as I try to access the internet the ping doesn't work anymore even between host and vm until I restart the connection in the vm. From the vm instead internet works fine.


Hopefully someone can help me out with this!

Thanks.

Link to comment
https://linustechtips.com/topic/1593112-need-help-with-vm-networking-vpn/
Share on other sites
Link to post
Share on other sites
Posted
On 12/20/2024 at 9:34 AM, GionnyBanana said:

I would like to have the host route everything through the VM to get to the internet so that I can take advantage of the VPN in the host too.

Is this achievable? I have been trying to add port forwarding and nat in the vm's pf and set the vm address as the default gateway for the host but nothing has been working for now

You may need a virtual bridged networking adapter.

 

I use Virtualbox for this and during installation, it asks about four times if you want to add virtual adapters.  The bridged one allows exactly what you are trying to do.

 

I use it to route DNS through my virtual machine with pi-hole, and keep the gateway on the host normal, so all dns requests first route to the VM, and then if successful, will be somehow routed back out of the vm, to the host, to the internet to get an ip address for that website.

 

No idea how this works, but it is quite amazing.  I have also used virtual bridged networking mode to try learning various firewall software such as PFsense and IPFire.  I route the host through the ip address of the vm, and the vm then goes back out to the host system somehow, to reach the normal network gateway.

 

It also allows more virtual network ports than you have physically on your system, so there are a lot of possibilities.

: JRE #1914 Siddarth Kara

How bad is e-waste?  Listen to that Joe Rogan episode.

 

"Now you get what you want, but do you want more?
- Bob Marley, Rastaman Vibration album 1976

 

Windows 11 will just force business to "recycle" "obscolete" hardware.  Microsoft definitely isn't bothered by this at all, and seems to want hardware produced just a few years ago to be considered obsolete.  They have also not shown any interest nor has any other company in a similar financial position, to help increase tech recycling whatsoever.  Windows 12 might be cloud-based and be a monthly or yearly fee.

 

Software suggestions


Just get f.lux [Link removed due to forum rules] so your screen isn't bright white at night, a golden orange in place of stark 6500K bluish white.

released in 2008 and still being improved.

 

Dark Reader addon for webpages.  Pick any color you want for both background and text (background and foreground page elements).  Enable the preview mode on desktop for Firefox and Chrome addon, by clicking the dark reader addon settings, Choose dev tools amd click preview mode.

 

NoScript or EFF's privacy badger addons can block many scripts and websites that would load and track you, possibly halving page load time!

 

F-droid is a place to install open-source software for android, Antennapod, RethinkDNS, Fennec which is Firefox with about:config, lots of performance and other changes available, mozilla KB has a huge database of what most of the settings do.  Most software in the repository only requires Android 5 and 6!

 

I recommend firewall apps (blocks apps) and dns filters (redirect all dns requests on android, to your choice of dns, even if overridden).  RethinkDNS is my pick and I set it to use pi-hole, installed inside Ubuntu/Debian, which is inside Virtualbox, until I go to a website, nothing at all connects to any other server.  I also use NextDNS.io to do the same when away from home wi-fi or even cellular!  I can even tether from cellular to any device sharing via wi-fi, and block anything with dns set to NextDNS, regardless if the device allows changing dns.  This style of network filtration is being overridden by software updates on some devices, forcing a backup dns provuder, such as google dns, when built in dns requests are not connecting.  Without a complete firewall setup, dns redirection itself is no longer always effective.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×