Have Alpine 3.13 installed in an Oracle Virtualbox VM as a guestOS. It was
originally setup with a single bridged LAN interface configured as eth0
with dhcp. However post installation, I had changed the interface settings
to have eth0 setup with static-IP. The guestOS has a second interface (of
type Host-Only, from Virtualbox standpoint) configured as eth1, which I use
to login to the VM.
Later, I realized that from within this guestOS, I needed to access a VPN
setup in the host, and read a FAQ indicating that in such cases, Virtualbox
network type of NAT should be used. However, after I changed the network
type from bridged to NAT, and configured eth0 to take IP/config thru dhcp,
I can no longer get an IP address assigned to eth0.
While I am checking on Virtualbox forums as well, as to what might be
wrong, wondering if anyone here has an idea as to what might be the issue ?
I've made such changes in the past in Alpine 3.12 (which I ran for almost a
year), and had not seen such issues.
--
regards,
Banibrata Dutta
Hi,
On 2/21/21 10:18 AM, Banibrata Dutta wrote:
> Have Alpine 3.13 installed in an Oracle Virtualbox VM as a guestOS. It> was originally setup with a single bridged LAN interface configured as> eth0 with dhcp. However post installation, I had changed the interface> settings to have eth0 setup with static-IP. The guestOS has a second> interface (of type Host-Only, from Virtualbox standpoint) configured as> eth1, which I use to login to the VM.> > Later, I realized that from within this guestOS, I needed to access a> VPN setup in the host, and read a FAQ indicating that in such cases,> Virtualbox network type of NAT should be used. However, after I changed> the network type from bridged to NAT, and configured eth0 to take> IP/config thru dhcp, I can no longer get an IP address assigned to eth0.
I don't think NAT is the right choice for connecting to a VPN server on
the host. Or do you mean to a remote VPN server?
When you said "configured as eth1, which I use to login to the VM.", did
you mean a ssh connection? If yes the same setup and interface that work
fine for the ssh connection should work too for a VPN connection (to the
host). The problem could be your host setup, ¿is the VPN server
listening on that interface? ¿do you have some kind of firewall which
could be blocking INPUT connections to the host?
I will try to go back and restore direct communication between your Host
and guest.
NAT configuration is fine if you want to connect the Guest to the
Internet without manual routing configuration.
Looks like I wasn't very clear. I wasn't referring to a VPN server on host,
but a VPN endpoint on the host, setup by the VPN client running on host.
The VPN server is remote.
regard
On Sun, Feb 21, 2021 at 5:40 PM donoban <donoban@riseup.net> wrote:
> Hi,>> On 2/21/21 10:18 AM, Banibrata Dutta wrote:> > Have Alpine 3.13 installed in an Oracle Virtualbox VM as a guestOS. It> > was originally setup with a single bridged LAN interface configured as> > eth0 with dhcp. However post installation, I had changed the interface> > settings to have eth0 setup with static-IP. The guestOS has a second> > interface (of type Host-Only, from Virtualbox standpoint) configured as> > eth1, which I use to login to the VM.> >> > Later, I realized that from within this guestOS, I needed to access a> > VPN setup in the host, and read a FAQ indicating that in such cases,> > Virtualbox network type of NAT should be used. However, after I changed> > the network type from bridged to NAT, and configured eth0 to take> > IP/config thru dhcp, I can no longer get an IP address assigned to eth0.>> I don't think NAT is the right choice for connecting to a VPN server on> the host. Or do you mean to a remote VPN server?>> When you said "configured as eth1, which I use to login to the VM.", did> you mean a ssh connection? If yes the same setup and interface that work> fine for the ssh connection should work too for a VPN connection (to the> host). The problem could be your host setup, ¿is the VPN server> listening on that interface? ¿do you have some kind of firewall which> could be blocking INPUT connections to the host?>> I will try to go back and restore direct communication between your Host> and guest.>> NAT configuration is fine if you want to connect the Guest to the> Internet without manual routing configuration.>>
On 2/21/21 3:40 PM, Banibrata Dutta wrote:
> Looks like I wasn't very clear. I wasn't referring to a VPN server on> host, but a VPN endpoint on the host, setup by the VPN client running on> host.> The VPN server is remote.>
So do you have some interface like 'tun0' on your host?. Is this
interface acting as default gateway for your host? In that case NAT mode
should work fine and dhcp too. After reconfiguring the interface did you
reload id (ifdown/ifup) or tried to reboot? When you used bridge mode
your DCHP server was the same for your host and guest, probably a
physical router, switching to NAT your host is acting as DCHP server for
your guest using VirtualBox, maybe some VirtualBox is not elabled, or
something is blocking dhcp request. Also you can try to setup manually:
"In NAT mode, the guest network interface is assigned to the IPv4 range
10.0.x.0/24 by default where x corresponds to the instance of the NAT
interface +2. So x is 2 when there is only one NAT instance active. In
that case the guest is assigned to the address 10.0.2.15, the gateway is
set to 10.0.2.2 and the name server can be found at 10.0.2.3." [1]
Try using IP 10.0.2.15/255.255.255.0, gateway 10.0.2.2 and name server
10.0.2.3
Another alternative could be using bridge mode but I am not sure if it
will be properly supported by the tunneling layer. Probably using NAT
you can achieve what you need.
[1]
https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/changenat.html
Thanks much.
Yes, the regular NAT mode is now working fine (chose the
paravirtualized-network i.e. 'virtio-net' driver).
The trick (seems rather obvious, come to think of it) is to have the VPN
tunnel setup prior to starting the VM. What doesn't seem to work (or at
least didn't in my case) is to setup the VPN tunnel in the host, after the
VM is already up and running. In the latter case, doing a restart of the
networking service doesn't help. Also, I had to manually add the VPN-server
specific DNS servers, in the resolv.conf.
Right now struggling to add the private root-CA certificates for a remote
lab network, reachable only over this VPN.
On Sun, Feb 21, 2021 at 9:31 PM donoban <donoban@riseup.net> wrote:
> On 2/21/21 3:40 PM, Banibrata Dutta wrote:> > Looks like I wasn't very clear. I wasn't referring to a VPN server on> > host, but a VPN endpoint on the host, setup by the VPN client running on> > host.> > The VPN server is remote.> >>> So do you have some interface like 'tun0' on your host?. Is this> interface acting as default gateway for your host? In that case NAT mode> should work fine and dhcp too. After reconfiguring the interface did you> reload id (ifdown/ifup) or tried to reboot? When you used bridge mode> your DCHP server was the same for your host and guest, probably a> physical router, switching to NAT your host is acting as DCHP server for> your guest using VirtualBox, maybe some VirtualBox is not elabled, or> something is blocking dhcp request. Also you can try to setup manually:>> "In NAT mode, the guest network interface is assigned to the IPv4 range> 10.0.x.0/24 by default where x corresponds to the instance of the NAT> interface +2. So x is 2 when there is only one NAT instance active. In> that case the guest is assigned to the address 10.0.2.15, the gateway is> set to 10.0.2.2 and the name server can be found at 10.0.2.3." [1]>> Try using IP 10.0.2.15/255.255.255.0, gateway 10.0.2.2 and name server> 10.0.2.3>> Another alternative could be using bridge mode but I am not sure if it> will be properly supported by the tunneling layer. Probably using NAT> you can achieve what you need.>>> [1]>> https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/changenat.html>>
--
regards,
Banibrata
http://www.linkedin.com/in/bduttahttp://twitter.com/edgeliving
On 2/21/21 6:03 PM, Banibrata Dutta wrote:
> Thanks much.> > Yes, the regular NAT mode is now working fine (chose the> paravirtualized-network i.e. 'virtio-net' driver).> > The trick (seems rather obvious, come to think of it) is to have the VPN> tunnel setup prior to starting the VM. What doesn't seem to work (or at> least didn't in my case) is to setup the VPN tunnel in the host, after> the VM is already up and running. In the latter case, doing a restart of> the networking service doesn't help. Also, I had to manually add the> VPN-server specific DNS servers, in the resolv.conf.> > Right now struggling to add the private root-CA certificates for a> remote lab network, reachable only over this VPN.
Maybe the VPN software is overriding some firewall and routing rules and
conflicting with Virtualbox. Respect DNS have you tried with 10.0.2.3 ?
(or 10.0.X.3), theoretically it should redirect to your host DNS and
maybe do some caching.
Thanks again. Everything works now. I've scripted updating /etc/resolv.conf
to point to remote networks recursive DNS servers, when using host's VPN
tunnel.
On Sun, Feb 21, 2021 at 10:53 PM donoban <donoban@riseup.net> wrote:
> On 2/21/21 6:03 PM, Banibrata Dutta wrote:> > Thanks much.> >> > Yes, the regular NAT mode is now working fine (chose the> > paravirtualized-network i.e. 'virtio-net' driver).> >> > The trick (seems rather obvious, come to think of it) is to have the VPN> > tunnel setup prior to starting the VM. What doesn't seem to work (or at> > least didn't in my case) is to setup the VPN tunnel in the host, after> > the VM is already up and running. In the latter case, doing a restart of> > the networking service doesn't help. Also, I had to manually add the> > VPN-server specific DNS servers, in the resolv.conf.> >> > Right now struggling to add the private root-CA certificates for a> > remote lab network, reachable only over this VPN.>> Maybe the VPN software is overriding some firewall and routing rules and> conflicting with Virtualbox. Respect DNS have you tried with 10.0.2.3 ?> (or 10.0.X.3), theoretically it should redirect to your host DNS and> maybe do some caching.>>
--
regards,
Banibrata
http://www.linkedin.com/in/bduttahttp://twitter.com/edgeliving