Hyper-V switch loses internet everytime I restart computer

[phongle123]

I'm using Hyper-V with an internal virtual switch and every time I restart my host computer and start up the VM I no longer have internet connection. I would have to go back into my Adaptor Options, turn off Internet Connection Sharing, click ok, then turn it back on. 

 

But about 80% of the time when I disable it and click okay or even after I get past the disable and okay part and go to enable it. The Adaptor Options window freezes indefinitely. The only way to fix this is to restart the computer and hope that this time it doesn't freeze when trying to disable and enable the Internet Connection Sharing again. 

 

I don't know if this is how it is supposed to work. Since a restart would disrupt the connection between the host and the VLAN but the VLAN still has the assigned IP address when the Internet Connection Sharing was applied to the VLAN.

[brwainer]

Internet Connection Sharing and Hyper-V virtual switches are not meant to be used together. Why are you trying to use both at the same time? if you only have one ethernet port, then set your hyper-v virtual switch to external with the option to "allow management operating system to share this adapter" checked.

[NelizMastr]

Sounds a bit counter intuitive this. You have an INTERNAL HyperV switch to which you SHARE an internet connection to go EXTERNAL.

 

Why didn't you make the switch external? That way the VM's are directly connected to the internet.

[phongle123]

7 hours ago, NelizMastr said:

Sounds a bit counter intuitive this. You have an INTERNAL HyperV switch to which you SHARE an internet connection to go EXTERNAL.

 

Why didn't you make the switch external? That way the VM's are directly connected to the internet.

I had external at first then it stopped working so I went internal. If I wanted the VM to be more secure in terms of being it own machine to protect the identity of the host machine. Which V.Switch is suited for this situation?

[brwainer]

2 hours ago, phongle123 said:

I had external at first then it stopped working so I went internal. If I wanted the VM to be more secure in terms of being it own machine to protect the identity of the host machine. Which V.Switch is suited for this situation?

using an external switch is the right solution here. With an external switch, the VM will have its own MAC address which everything else on the network will see. It functions the same as if you had a physical ethernet switch that both the host and the VMs are connected to. By doing it internal+ICS, you are turning your computer into a router and the rest of the network will think that both system's traffic is coming from the host.

[phongle123]

3 hours ago, brwainer said:

using an external switch is the right solution here. With an external switch, the VM will have its own MAC address which everything else on the network will see. It functions the same as if you had a physical ethernet switch that both the host and the VMs are connected to. By doing it internal+ICS, you are turning your computer into a router and the rest of the network will think that both system's traffic is coming from the host.

OHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH! Thanks very layman's term. I'll try to troubleshoot the external v.switch.

 

If one of my hardware says "Random hardware addresses are not supported by this adaptor". Then I should NOT be using this hardware for the External V.Switch is that correct? As it would cause a security concern?

[brwainer]

2 hours ago, phongle123 said:

If one of my hardware says "Random hardware addresses are not supported by this adaptor". Then I should NOT be using this hardware for the External V.Switch is that correct? As it would cause a security concern?

That is likely going to cause a hyper-v external switch to fail, yes. What hardware is reporting that, and where are you seeing it?

[phongle123]

4 hours ago, brwainer said:

That is likely going to cause a hyper-v external switch to fail, yes. What hardware is reporting that, and where are you seeing it?

The one that says "Random hardware addresses are not supported by this adaptor" is the PCIe wifi card. The one that did not work before was my MB Wifi but that is fixed now it did not work because one of the internal V.Switches was already using the MB Wifi. Both Wi-Fi Cards can connect to the External V.Switch now.

 

So this means I have 2 Wi-Fi connections the MB and the PCIe. The PCIe is the 1 that says the quote above. I going to be asking some questions if they are dumb, I don't know any better on this topic

1) Does that mean that its more secure for the host computer to use the MB Wifi as the V.Switch since it DOES have Random hardware Addresses?'

2) Is it secure to use the host computer on the Motherboard Wifi and the VM with External V.Switch also on the MB Wifi?

2a) Is it secure to use both the host and VM on the same Wi-Fi SSID (for ex. "SSID #1 2.4Ghz" for both the host and VM)?

2b)Considering I cannot connect to 2 different SSIDs on the same Wi-Fi Card and the SSID that is connected on the host computer is the SSID used for the VM that is being networked through the External V.Switch. I can connect to 2 different SSIDs if I both the MB Wi-Fi and the PCIe Wi-fi Card. Is this what you would suggest? Should I use the PCIe Card for my host which doesn't have Random hardware address and then set up the MB Wi-Fi as the External V.Switch for the VM?

3) When I connect it with an external V.Switch my VMs blue YES/NO Network screen on the right pops up. It's secure to press Yes, I'm afraid this will share information between the VM and the host machine making it unsecure for the host? If I press No I do not get internet connectivity or I still get it?

 

[brwainer]

1 hour ago, phongle123 said:

The one that says "Random hardware addresses are not supported by this adaptor" is the PCIe wifi card. The one that did not work before was my MB Wifi but that is fixed now it did not work because one of the internal V.Switches was already using the MB Wifi. Both Wi-Fi Cards can connect to the External V.Switch now.

 

So this means I have 2 Wi-Fi connections the MB and the PCIe. The PCIe is the 1 that says the quote above. I going to be asking some questions if they are dumb, I don't know any better on this topic

1) Does that mean that its more secure for the host computer to use the MB Wifi as the V.Switch since it DOES have Random hardware Addresses?'

2) Is it secure to use the host computer on the Motherboard Wifi and the VM with External V.Switch also on the MB Wifi?

2a) Is it secure to use both the host and VM on the same Wi-Fi SSID (for ex. "SSID #1 2.4Ghz" for both the host and VM)?

2b)Considering I cannot connect to 2 different SSIDs on the same Wi-Fi Card and the SSID that is connected on the host computer is the SSID used for the VM that is being networked through the External V.Switch. I can connect to 2 different SSIDs if I both the MB Wi-Fi and the PCIe Wi-fi Card. Is this what you would suggest? Should I use the PCIe Card for my host which doesn't have Random hardware address and then set up the MB Wi-Fi as the External V.Switch for the VM?

3) When I connect it with an external V.Switch my VMs blue YES/NO Network screen on the right pops up. It's secure to press Yes, I'm afraid this will share information between the VM and the host machine making it unsecure for the host? If I press No I do not get internet connectivity or I still get it?

 

1. I'm not sure if, or how much, the "random MAC addresses" feature affects computer security. I do think that it would prevent a VM from properly being a part of the network if you used the PCIe wifi because from the adaptor's perspective, the MAC that Hyper-V makes up will be a "random" (meaning arbitrary) one.
2. honestly either way is going to be equally secure assuming that they are joining the same LAN. For simplicity I would just use a single external switch on the MB Wifi.
   2.a. It is identical to two computers being on the same network. It is the same as if you had two wired computers plugged into a switch, or two different wireless devices on the same network. Each operating system has its own MAC, IP, and firewall.
   2.b. do you have two different SSIDs? Is there a reason why you would need the host and the VMs to join different networks via different SSIDs? Unless there is a specific operation requirement for using different SSIDs, I wouldn't recommend it because why introduce unnecessary complexity?
3. Clicking "Yes" puts the firewall into the "Private" mode, which by default allows things like SMB file sharing and such to go through. Clicking "No" puts the firewall into "Public" mode, meaning that all incoming connections are blocked. This is a basic networking concept that applies no matter what other things (like the operating system being inside of a VM) also apply.

The general answer to all of your security questions is that you should just treat the hyper-v virtual switches as if they are real ethernet switches. There isn't any additional security implications added by them that do not apply to a normal network connection.

[phongle123]

13 hours ago, brwainer said:

2.b. do you have two different SSIDs? Is there a reason why you would need the host and the VMs to join different networks via different SSIDs? Unless there is a specific operation requirement for using different SSIDs, I wouldn't recommend it because why introduce unnecessary complexity?

My thought process here was that if both the Host and the VM are on the same SSID it wouldn't be secure for the host computer since they are coming from the same SSID. Though if using SSID #1 and SSID #2, even though they are on the same network it would still be under different SSID therefore more secure from snoopers?

[brwainer]

1 hour ago, phongle123 said:

My thought process here was that if both the Host and the VM are on the same SSID it wouldn't be secure for the host computer since they are coming from the same SSID. Though if using SSID #1 and SSID #2, even though they are on the same network it would still be under different SSID therefore more secure from snoopers?

is your network using WPA or WPA2? Then there is no such thing as snooping on the wireless network, all traffic is encrypted. two SSIDs going to the same LAN is useless.