The virtualbox guest ethernet adapter is bridged (promiscuous mode) so that the linux virtualbox guest appears on the same subnet as the virtualbox host 192.168.2.0
The virtualbox host has IP address 192.168.2.2 and the virtualbox guest (vpn server) is 192.168.2.3, they both get their IP addresses from the DHCP server/router on my LAN 192.168.2.1 and can both ping any machine on the LAN and both have full internet access via the router.
I have set up the vpn server with a bridge between the virtual hub and the physical ethernet (virtualbox guest adapter).
I have set up port forwarding on my router so that the vpn server ports are forwarded to my server 192.168.2.3
When I connect with vpn client from offsite over the internet, the client gets an IP address 192.168.2.4 from the DHCP server on my LAN.
I can ping the virtualbox host 192.168.2.3 from the client, but nothing else on the 192.168.2.0 network.
if I try to ping the server-side router 192.168.2.1 or any other IP address on the server-side LAN I get "no route to host".
It looks like the layer 2 bridge is working (when I disable the bridge the client DHCP request hangs), but some routing at layer 3 is not working.
When I run the vpn server on a physical machine on the same LAN with the same server config and same client config I have no problems i.e. the remote client can connect to any machine on the LAN via the VPN.
Here is the routing table on my client which is the same for the working(physical machine) and non-working(virtualbox) vpn servers:
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 vpn_vpn
92.21.162.189 192.168.1.1 255.255.255.255 UGH 0 0 0 enp0s3
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn_vpn
92.21.162.189 is the internet address of my vpn server (not really)
192.168.2.0 is the server side LAN
I can't figure out why it is getting stuck between the virtualbox host and the LAN.
If you are wondering why I want to run the server under virtualbox, it is because my always-on server machine is locked away and if I screw up the networking while setting up a vpn server or whatever then I have to go and physically reset the machine, with a virtual server I can screw it up and just reboot the virtual machine remotely.