VPN server on virtual box, clients can't access LAN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
flimbar
Posts: 5
Joined: Sat Mar 13, 2021 8:04 am

VPN server on virtual box, clients can't access LAN

Post by flimbar » Sat Mar 13, 2021 8:51 am

I have a softether VPN server running on debian linux on a virtualbox guest hosted on OS X Snow Leopard.

The virtualbox guest ethernet adapter is bridged (promiscuous mode) so that the linux virtualbox guest appears on the same subnet as the virtualbox host 192.168.2.0
The virtualbox host has IP address 192.168.2.2 and the virtualbox guest (vpn server) is 192.168.2.3, they both get their IP addresses from the DHCP server/router on my LAN 192.168.2.1 and can both ping any machine on the LAN and both have full internet access via the router.

I have set up the vpn server with a bridge between the virtual hub and the physical ethernet (virtualbox guest adapter).

I have set up port forwarding on my router so that the vpn server ports are forwarded to my server 192.168.2.3

When I connect with vpn client from offsite over the internet, the client gets an IP address 192.168.2.4 from the DHCP server on my LAN.

I can ping the virtualbox host 192.168.2.3 from the client, but nothing else on the 192.168.2.0 network.
if I try to ping the server-side router 192.168.2.1 or any other IP address on the server-side LAN I get "no route to host".

It looks like the layer 2 bridge is working (when I disable the bridge the client DHCP request hangs), but some routing at layer 3 is not working.

When I run the vpn server on a physical machine on the same LAN with the same server config and same client config I have no problems i.e. the remote client can connect to any machine on the LAN via the VPN.

Here is the routing table on my client which is the same for the working(physical machine) and non-working(virtualbox) vpn servers:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1    0.0.0.0         UG        0 0          0 vpn_vpn
92.21.162.189   192.168.1.1     255.255.255.255 UGH       0 0          0 enp0s3
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s3
192.168.2.0    0.0.0.0         255.255.255.0   U         0 0          0 vpn_vpn
192.168.1.0 is the client side LAN
92.21.162.189 is the internet address of my vpn server (not really)
192.168.2.0 is the server side LAN

I can't figure out why it is getting stuck between the virtualbox host and the LAN.

If you are wondering why I want to run the server under virtualbox, it is because my always-on server machine is locked away and if I screw up the networking while setting up a vpn server or whatever then I have to go and physically reset the machine, with a virtual server I can screw it up and just reboot the virtual machine remotely.

solo
Posts: 59
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN server on virtual box, clients can't access LAN

Post by solo » Sun Mar 14, 2021 8:25 am

flimbar wrote:
Sat Mar 13, 2021 8:51 am
I can't figure out why it is getting stuck between the virtualbox host and the LAN.
You have not mentioned anything about the host's firewall. It is the only obstacle between the clients and the LAN.

I have a similar setup. VirtualBox v6.1 in Linux host and a bridged SE server in Windows guest, is working flawlessly. My VB net:
.
VB-NET.png
.
If not the firewall then maybe try a different adapter type, should it have something to do with promiscuous mode issues.
You do not have the required permissions to view the files attached to this post.

flimbar
Posts: 5
Joined: Sat Mar 13, 2021 8:04 am

Re: VPN server on virtual box, clients can't access LAN

Post by flimbar » Mon Mar 15, 2021 4:16 pm

Thanks for the advice.

I've figured out it is something to do with WiFi.

When the virtualbox host is connected to the LAN by wire then it all works regardless of which virtualbox host machine I use (Windows or Mac).

When the host is connected by WiFi then I get the problem of VPN clients not being able to get to the router, even though the virtualbox guest can access the router via the host's bridged WiFi connection.

I can't see any setting I can change on my router. I presume all the firewall settings apply to between the internet and LAN, not between machines on the LAN/WiFi.

I guess the next thing to try is if the server works running on a physical machine on the WiFi. Perhaps running as a guest on virtualbox is a red herring.
I suspect that it is WiFi that's the problem as another post says "Promiscuous mode will not supported on WiFi."

solo
Posts: 59
Joined: Sun Feb 14, 2021 10:31 am

Re: VPN server on virtual box, clients can't access LAN

Post by solo » Mon Mar 15, 2021 9:37 pm

Yes, WiFi is different...
Bridging to a wireless interface is done differently from bridging to a wired interface, because most wireless adapters do not support promiscuous mode. All traffic has to use the MAC address of the host's wireless adapter, and therefore Oracle VM VirtualBox needs to replace the source MAC address in the Ethernet header of an outgoing packet to make sure the reply will be sent to the host interface. When Oracle VM VirtualBox sees an incoming packet with a destination IP address that belongs to one of the virtual machine adapters it replaces the destination MAC address in the Ethernet header with the VM adapter's MAC address and passes it on. Oracle VM VirtualBox examines ARP and DHCP packets in order to learn the IP addresses of virtual machines.
It may be counter-intuitive but in this case try to actually disable promiscuous mode and perhaps then the VB WiFi MAC Address Spoofing will work correctly.

Post Reply