So, I do not want the virtual machine to see any other gateways to the internet than through the VPN. The VPN should not have access to the host network at all, except access through the internet where all traffic should go through the VPN.
Is this possible? A while ago, I spent a lot of time trying different network settings and googling, but I didn’t find a way. The virtual machine always “saw” other networking connections and sent traffic through them.
Set your hypervisor to only bridge the VM with the VPN adapter on the host.
Attach your guest to a vlan whose default/only gateway is the VPN? I’d use a multi-nic Linux VM with one interface on the same segment as your guest, with open VPN or some such, to be your vpn ‘router’.
If the built in Windows VPN client pseudo-device doesn’t show up, maybe a third party one will. Give me a few minutes to try something and I’ll get back to you.
Can you create a new VLAN that is segregated from the rest of your network? Put the VM guest on that VLAN then just run the VPN connection from within the VM.
The VPN-connection does not show up in the Virtual Network Editor list of adapters being available to bridge. Only my default LAN-adapter shows up…
Virtual Network Editor: http://i.imgur.com/uEJx2JG.png
Network setup in the host: http://i.imgur.com/ppMKq9L.png
Yeah, it is a problem with the interaction between VMWare and the Windows VPN client. I tried the experiment with the SoftEther VPN client, and I could see the device.
SoftEther is free, but it doesn’t support PPTP unfortunately. If your VPN server allows other protocols, I’d say it is worth a shot to try out. Pretty new but open source and easy to use.
It seems that my router (Linksys E2000) does not support VLAN’s natively, only with DD-WRT, which I don’t have installed. The suggestion from Shadowytroll works for now, though. Thanks.
Ok, last post to my self… promise. I did a further test and confirmed the work-ability of my solution. I created a VMWare adapter then bridged it to the VPN virtual device. Then I connected to a public access VPN server in Indonesia and tried to ping a server in the eastern United States [where I’m from].
It worked like a charm: Tracert screenshot
If you’re posting in /r/networking it’s assumed you have enterprise-grade hardware which would support VLANs.
I tried it, and it worked! Thanks!
My VPN provider’s servers support PPTP, L2TP, and OpenVPN, so that works out fine. It was a bit of a hassle to set up up because I needed settings that were unknown to me (port number, login method, etc), plus SoftEther doesn’t allow you to specify a protocol. I also needed to go through some hoops to prevent that all my traffic went through the VPN. But it worked out in then end.
For reference:
I use an earthvpn.com VPN
Port number: 1194, “Disable NAT-T” unchecked
Auth Type: RADIUS or NT Domain Authentication
Do Not Use TLS 1.0 unckecked.
(Advanced Settings)
Encrypt VPN Session with SSL, and “No adjustment of Routing Table” both checked, the rest unchecked.
