Monday, June 4, 2012

Getting my VM to talk to the office

Admittedly, without putting too much thought into this I expected to be able to configure a VM located on my home machine to connect to a work computer through an already established VPN tunnel without too much hassle.

Well, I ran into a couple bumps getting this system up and running. To be specific I needed sessions to be initiated from both directions (from work to the local VM, and from the local VM to work).

So, basically, the configuration looked like this: There's a VPN tunnel established between work and my home computer. On the home computer there's a VM that needs to reach a system at work, and the system at work needs to reach the VM at home.

Or similar to the illustration below:



So, I guess why I found this interesting is that it wasn't as simple as I initially thought. First stab was to set up the VM and bridging the network on the VM to the host systems interface. But the bridged VM ended up getting the dhcp advertised default route from my home router and therefore packets would not travel through the VPN tunnel. The routing table on the VM looks like (where 10.0.1.1 is the IP of my home router): 

root@debian:~# ip route
10.0.1.0/24 dev eth0  proto kernel  scope link  src 10.0.1.48 
default via 10.0.1.1 dev eth0


Which ended up sending packets out to my home router, rather than over the VPN tunnel.

Now I want packets to routed over the VPN tunnel from my VM. The next shot was to set up the VM with a NATed interface--this should let the packet that leaves the VM access the hosts routing table and therefore be directed over the VPN tunnel. 

root@debian:~# ip route
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15 
default via 10.0.2.2 dev eth0


And in fact that's what happens (I suppose the Virtual router is the 10.0.2.2 address). The packet is NATed by the VM container, and then the packet is routed by the hosts routing table towards the VPN tunnel.

All is good.

Except that traffic originated from the lab (work located) system will still be unable to reach my local VM due to the NATed interface. I suppose if I had more control over my NATed configuration (VirtualBox) I could set this up to do the right thing.

That leaves my last option (but I know this will work) left which is to set up a VPN tunnel directly from the VM to work's network.
Posted by Michael Larson at 9:40 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)