virtualbox VM host-only interface and vpn interplay issue

1

I'm having some weird connectivity issues when combining a masqueraded virtualbox VM with a connection over a VPN.

The setup: - I have a virtualbox VM on my machine - This VM has connectivity issues when my base OS is connected to a VPN link - The VM has one interface, which is a 'host-only' type - I use an iptables masquerade rule on the host to NAT the connection out of my machine.

Here's what i know:

Without the VPN link:

  • the VM can connect to / download from the internet
  • the host OS can connect to / download from the internet

With the VPN link:

  • the host OS can download from both the internet, and a server on the other end of the VPN link.

  • the VM however can only connect to public internet resources, but connections over the VPN time out. I've used tcpdump on both ends and can see the packets leave over the vpn0 interface of the base OS, and arrive at the other end (the server at the office). They seem to only trickle in though, so at this stage i'm guessing return ACK packets aren't getting back. The source address is the same for this case as for the host OS attempting the same thing (as expected, being NAT is in use) which worked, so i've ruled out routing issues on the VPN link.

  • Here's the weirdness: When i change the VM to use a 'NAT' type interface rather than 'host-only'+masquerade, everything is OK. (this isn't an option for me, i actually need host-only).

  • I've ruled out the host OS firewall, as i cleared it entirely except for the masquerade rule.

Sooooo. My question: What difference is there between host-only + masquerade, as opposed to a NAT interface type which would somehow influence connections for the VM over the VPN ?

Because the source address is the same for 'NAT' interface type or 'host-only' interface +masquerade (as expected) all i'm left with is thinking there's some kind of bug in virtualbox and that's why the ACK packets aren't getting through to the VM ?

I can't for the life of me think of any situation which would affect the tcp stream of the VM but not also affect the host OS, given that NAT is in use, and only manifests when 'host-only' is in use

Any ideas ? I'm just about all out :-(

Other info

Linux host (Fedora 20)

Linux guest (CentOS 6)

Virtualbox-4.3-4.3.14

VPN is to a cisco ASA

Sirex

Posted 2014-08-07T20:16:47.753

Reputation: 10 321

No answers

Asked: 2014-08-07T20:16:47.753

Viewed: 548 times

Active: 2014-08-07T20:16:47.753