12

I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built.

My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize.

I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem.

Any idea why the host can use this interface, but the VM can't?

Sean Edwards
  • 221
  • 1
  • 2
  • 6
  • "Can't do the same thing" means your VM can't open a OpenVPN connection from within itself OR that the VM can't get an IP from the DHCP server over the VPN connection established by the host? – gtirloni May 13 '11 at 18:26

3 Answers3

7

Here's my solution:

Windows 7 Home Premium 64bit Host. Virtual Box Ubuntu 12.04 64 bit.. Internet through VPN over OpenVPN

In Virtual Box set the adapter to Host-Only Network

OpenVPN on Win 7 (host). Connection established with OpenVPN GUI on TAP-Win32 Adapter V9. (Filesharing and all protocolls but IPv4 deactivated)

This adapter is then shared with VirtualBox Host-Only Network via the rightclick - properties - internet connection sharing dialog.

In Ubuntu (client) manually configure the network adapter to be in the same subnet as the "VirtualBox Host-Only Network" on the host and set the host ip as gateway/dns.

e.g: HOST VirtualBox Host-Only Network set to IP 192.168.137.1 Subnet:255.255.255.0 CLIENT Network Adapter set to IP 192.168.137.2 Gateway:192.168.137.1 DNS 192.168.137.1 Subnet 255.255.255.0

Thus the VB-Client Ubuntu will ALWAYS use the VPN, and if no vpn connection is established will not use anything else.

The host can chose between VPN and direct Internet by setting network adapter priority.

Marcel
  • 71
  • 1
  • 2
  • 1
    Thanks, that helped. Was not very clear, that I should share the actual adapter from the "Network and Sharing Center" in Windows settings. I was looking in VMs configuration for a looong time before realizing that. – Wiseman Oct 23 '14 at 08:36
  • Thank you for your answer, but from the client if I try to do a ping to google.com, it stays lock for a couple of seconds. I tried changing the DNS to 8.8.8.8 but it does not work – Edenshaw Apr 27 '16 at 15:38
  • to be clear, this solution effectively makes the host act as a router between the host-only network and the VPN. It's not the same as bridging the VM to the VPN – 0cd Dec 21 '18 at 22:08
  • This solution worked with ExpressVPN as well. Thanks a lot. Don't forget to share your Host's ExpressVPN adapter with your Host's virtualBox adapter. It's done from Properties >> Sharing >> select VirtualBox Host-only Network . – Reza Taba Jun 17 '21 at 12:53
2

You're going to have to clarify your configuration if you want a good answer.

  • Are you trying to connect to the VPN using the Windows Host? (hint: this is more complicated)
  • Are you trying to connect to the VPN using the Linux VM? (hint: this is probably what you want)
  • Are you trying to connect both at the same time? (hint: this probably won't work)

Without knowing these answers, plus more about how the VM networking and VPN connectivity is configured, I can only make general suggestions.

If you're wanting to connect via OpenVPN from the Windows host, and then run things from your VM host, you're likely going to have to configure connection sharing on the Windows host to forward that traffic through the VPN. Depending on on your network configuration, you will probably also have to make sure you have your VM configured to route it's traffic towards the VPN.

The way you probably want to configure this, however, is to use the Windows host for general network connectivity only (not VPN), and configure OpenVPN on the Linux VM, letting the VM make the VPN connection. That should simplify your setup (as I understand it, based on your question), and give your Linux VM much more direct connectivity via the VPN.

Christopher Cashell
  • 9,128
  • 2
  • 32
  • 44
  • Agreed - Having the VM establish the VPN connection is a MUCH better route if possible. If the trouble is that the VM can't seem to initiate the connection, try configuring VirtualBox networking for Bridged instead of NAT (or vice versa). OpenVPN can also be configured for different transports, UDP is typically the default though you may find that TCP is more reliable from a VM. – Goyuix Apr 30 '12 at 16:36
0

This is pretty old question, but for those with this issue:

  • Host: Make sure OpenVPN is running and you are connected to your VPN.
  • Guest Network Settings: Change network adapter to NAT and be sure the "Cable connected" option is ticked.

Virtual Box should be able to route the guest traffic through your host VPN connection. Suffice it to say that when you disconnect your host system from the VPN, your guest system won't use it.

One simple way of checking if routing is working as expected: Open your guest system browser and check the reported Internet IP, if it reports the VPN IP instead of your own Internet IP, you should be set.

Security: It should work, however this isn't the standard way of routing traffic through a VPN, use at your own risk.

Fábio Antunes
  • 125
  • 2
  • 10
  • 1
    "Virtual Box should be able to route the guest traffic through your host VPN connection." - how would VirtualBox choose which host interface to route the traffic through, the VPN vs. the physical wireless or Ethernet interface? – Dan Dascalescu Dec 17 '17 at 10:30