5

I have a problem with my vpn setup.

  • Im using Cisco AnyConnect to connect to the vpn from my Windows host machine.

  • I have a linux VM on which I'm able to configure vpn split via routing table (half of the traffic go to NAT adapter(with vpn on host machine), the other half goes to bridge (direct internet access)

  • Now I would like to start using WSL (Windows Subsystem for Linux) instead of VM.

  • I'm not able to configure vpn-split on Windows because I'm not able to change routing configuration when VPN is active (non-persisten routes are not added, persistent are ignored)
  • I thought about connecting to vpn only from a VM (with openconnect) and configuring windows to push relevant traffic through this connection.

My questions:

  • is there any obvious problem with that idea?
  • how can I set this up? I know how to configure client routing on Windows. AFAIU my VM would need to expose a gateway to which I have to point traffic. What kind of software is typically used for that kind of thing? Do I have to set up a VPN server on VM (which would have to somehow push the traffic through the next VPN) or is there a simpler solution?

My knowledge is limited to the power user level so I probably lack some understanding from admin PoV. I don't need a full tutorial but for now I don't even know what to google as a next step.

Improve this question

1 Answer 1

Reset to default
2

You can configure the VM with a bridged network adapter. That way it appears like any other physical machine would appear, and you can install the VPN client on the VM and route the traffic you desire from the host to the VM. Many VM hosts also allow special "host only" interfaces that are a direct connection between host and guest on a private network. Despite the name, you can setup routing entries for these interfaces and direct a part or all the traffic to them.

What you have to do is configure the VM to forward the traffic to the VPN. As you will typically only get one IP for the VPN client, that means the VM must use NAT.

Improve this answer
2
  • Thanks. The first paragraph is what I already know and this is quite clear. I have a problem with understanding how to achieve the second part, so how to configure the VM. Do I need to spin up some server software or just configure sth on the system level? I have found techrepublic.com/article/… but can say for sure if its right way to go.
    – Krever
    Commented Aug 22, 2018 at 6:09
  • If your VPN client runs on Linux, you just need an iptables entry. iptables -A POSTROUTING -o vpn_interface -j MASQUERADE. For Windows, there was a feature "connection sharing", but I never used it.
    – RalfFriedl
    Commented Aug 22, 2018 at 6:16

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .