Linux – Accessing VirtualBox guest via VPN

linuxopenvpnroutevirtualbox

I've searched and tried a few suggestions but I haven't been able to get this to work, yet…

My host is running Ubuntu. I installed VirtualBox, created a host-only adapter, set the host IP to 192.168.15.1, and I switched off the adapter's DHCP server. Then I created the guest (Win XP), and set the IP to 192.168.15.101/24 and set the DG to 192.168.15.1 I can ping from the Host to the Guest and vice versa.

Then I installed OpenVPN on the host. Created my own CA, server certs/key and client cert/key. Set the OpenVPN server conf to PUSH the 192.168.15.0/24 route to any VPN clients. I set my router to forward UDP 1194 to the OpenVPN server and tested the connection.

The OpenVPN client is Debian running on another laptop. Once the VPN tunnel is established the VPN Client (10.8.0.6) can ping the VPN Host (10.8.0.1) and vice versa. The Client can also ping the Hosts 'host-only' IP at 192.168.15.1 with no issues.

My problem is getting the Open VPN Client (10.8.0.6) talking to the VM Guest (192.168.15.101). I don't think the VM Guest (XP) is aware that the VPN Client exists, it has no way to route traffic/responses to 10.8.0.6.

Can you 1) tell me what step(s) I'm missing and 2) how to fix this?

Thanks.

IPTABLES output from the OpenVPN server / VirtualBox host…

root@xxxxxxxxxxxx:~# iptables -L -nv
Chain INPUT (policy ACCEPT 48 packets, 53304 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 35 packets, 2992 bytes)
 pkts bytes target     prot opt in     out     source               destination

SOLUTION
The missing piece was ip forwarding. I needed to edit /etc/sysctl.conf and change this:

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

to this

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Thanks Hauke Laging!

Best Answer

You have to check whether the firewall configuration allows forwarding:

iptables -L -nv

But it is not enough to configure the firewall to allow routing. The routing feature itself must be enabled in the kernel. If the kernel does not even try to route then it does not matter whether the firewall would let the packets through or not. You can check the routing state with

cat /proc/sys/net/ipv4/ip_forward

That returns either 1 (routing enabled) or 0 (routing disabled) with the latter usually being the default. You can change this setting with

echo 1 >/proc/sys/net/ipv4/ip_forward

A permanent change can be made e.g. via /etc/sysctl.conf.

Related Question