How do I use a VPN on the Virtualbox Host to give access to all the Virtualbox Guest machines?

2

I am creating a lab setup on amazon ec2. I want to rent a 15GB Windows instance and run Virtualbox inside it. This Virtualbox will have a lab setup with multiple machines - Windwos, Linux, Solaris etc.

What I want is for my users to be able to VPN into the Host windows machine and then be able to access the test lab within Virtualbox. Also, I will need support for multiple concurrent users who can VPN in at the same time.

Can someone please guide me on how I can do this?

Dumbo

Posted 2011-10-01T11:38:18.800

Reputation: 21

Answers

2

First, set up a private network between the virtual machines. This is called "host-only" by VirtualBox. The result is that the host and each of the virtual machines gets a private IP in the same subnet.

http://www.virtualbox.org/manual/ch06.html#network_hostonly

Now set up a VPN server on the host to allow your users access to this private network. Here you have two options:

  • Use a Layer 2 (TAP, Ethernet) VPN, and on the server, bridge the virtual VPN's TAP interface with VirtualBox's host-only interface. This will give the users direct Ethernet-level access, equivalent to being attached directly into the private network, like the guest VMs. Each user is given a private IP address in the same subnet as the "host-only" network.

You should only use this approach if you need Layer 2 access to the VMs. It's insecure, as it allows users to issue Layer 2 attacks (see ARP poisoning). Note that Layer 2 access is needed if you want Windows' simple file sharing with automatic detection of hosts.

  • Use a Layer 3 (TUN, IP) VPN. Use a separate (private) subnet for the VPN network (clients, server's TUN interface). Make the host forward packets between the VPN network and the "host-only" network. Users also need a route to the "host-only" network through the virtual VPN TUN interface, and the VMs will need a route to the VPN network through the emulated interfaces of the "host-only" network.

As far as VPN software goes, there are a lot of choices. OpenVPN can do both Layer 2 and Layer 3. For Layer 2, you can also use my own software BadVPN.

Note that Windows is not a good choice for a host OS as far as networking capabilities are concerned. Linux is far more powerful in this respect.

Ambroz Bizjak

Posted 2011-10-01T11:38:18.800

Reputation: 4 265

Basically the Host computer is housing my lab. I only want paying customers to access this lab. The only way I could think of was having my paid customers connect over VPN to my host. Once they are in, they can work on the lab network setup in Virtualbox. – Dumbo – 2011-10-01T11:55:49.887

Sorry, I didn't quite get what you wanted. I've updated my answer now. – Ambroz Bizjak – 2011-10-01T13:09:40.043

-1

Hamachi is an awesome crossplatform program that will allow you to easily create a secure VPN between different computers/virtual machines/locations.

https://secure.logmein.com/products/hamachi/features.aspx

LogMeIn Hamachi Features

LogMeIn Hamachi is a hosted VPN service that securely connects devices and networks, extending LAN-like network connectivity to mobile users, distributed teams and business applications. You can easily create secure virtual networks on demand, across public and private networks. Hamachi is managed and maintained from anywhere via the web, securely.

kobaltz

Posted 2011-10-01T11:38:18.800

Reputation: 14 361

Asked: 2011-10-01T11:38:18.800

Viewed: 10 998 times

Active: 2012-05-06T15:11:32.583