23

The need

This question is relevant for all of those who want to bypass their corporate's annoying VPN, and access their work/corporate network from their private computer, especially if the corporate VPN client software can't run on their private computer.

Homework

This question is very similar to this one, which isn't answered :(

The challenge

We can't run the corporate VPN client from the private computer, so we converted the work laptop to a VMWare Virtual Machine. The VPN client works fine inside the guest VM, now we want to share it with the host (the private computer).

The specs:

  • The private computer (host OS) is Mac OS X Lion 64bit
  • The corporate laptop (guest VM) is WinXP 32bit, running in bridged network mode
  • The VPN client on the guest VM is Checkpoint SecuRemote NGX R60 HFA03
  • While the VPN is running in the guest VM, the host can still ping the guest and vice versa
Improve this question
0

3 Answers 3

Reset to default
20

We configure the VM with two network cards, one local to talk to the host, the other to talk to the internet. Then we force the host to use the guest as its router, erasing the old gateway.

1) Configure your VM to start with 2 network adapters, one for bridged access, the other one for Host-only connection. Configure the Host-only connection to have a DHCP server at 192.168.56.100, and to dish out IP addresses 192.168.56.1 (to the host, say) and 192.168.56.2 to the guest. On the host, I assume the interface connected to the guest is called vboxnet0, if not pls change accordingly.

Let me give you a reference on how to do this: see this AskUbuntu excellent answer

2) start your virtual machine, make sure you can connect to the Internet and can ping to/from Host, then connect via the VPN.

3) On the host, change your default gateway to be the guest 192.168.56.2:

     route delete default
     route add default 192.168.56.2 dev vboxnet0

5) Now let us go back to the guest: you find here instructions as to how share your VPN connection with other connections, for Windows.

6) On the host, check that you have connectivity, for instance by means of

    ping -c1 8.8.8.8

If this works, and you can connect to the Internet, you are done. If this works, but you cannot connect to the internet, it means your DNS configuration is broken, it is very easy to correct it, see for instance here.

If however the ping above cannot connect to Google, it means there is a problem on the guest. Possible causes include a restrictive firewall, or some typing error. To diagnose, check your routing tables, on guest and host, or disable the firewall completely.

And thank you for providing an amusing project.

Improve this answer
4
  • 1
    How would I do this if my guest were a Linux and my host were Windows instead?
    – phant0m
    Commented May 24, 2017 at 22:20
  • @phant0m It's similar, but not identical. You should really ask a different question to allow room for a proper answer.
    – MariusMatutiae
    Commented May 25, 2017 at 8:51
  • @MariusMatutiae is it possible to do this without changing the default gateway and just adding a route instead?
    – 13aal
    Commented Jan 11, 2019 at 22:46
  • @13aal Sorry for taking so long to reply, I completely missed your message. Yes, you can do that. Just leave, on the host, the gateway exactly as it is, and add a new route to your routing table via the guest, as follows: suppose you only want to reach the site 1.2.3.4 thru the vpn, do ip route add 1.2.3.4/32 via 192.168.56.2 dev vboxnet0 and you are done, You can do this for networks too, for instance 1.2.3.4/24. Cheers, and apologies for the late answer once again.
    – MariusMatutiae
    Commented Dec 27, 2019 at 19:04
0

The question is to route the traffic from the VM host via the VM guest's VPN (i.e. Checkpoint Secure Remote). NAT & ICS won't work as it is specifically blocked by most cooperate implementations of CSR.

In short: You can set-up a proxy server in your VM Guest and configure the VM host accordingly to use the proxy. As far CSR will be concerned, you traffic originates from inside the Guest VM and happily forward it.

Improve this answer
-1

There's an easier way, if you can host a VM (with the OS and environment of your choice) on the computer with the VPN software. (Instructions below cater to VMWare Player).

In short:

  1. Connect to the VPN on the host.

  2. Bridge the host's vpn adapter to the relevant VM network adapter

    a. This was VMnet0 in my case.

    b. I recommend using vmnetcfg.exe to do this. It comes with VMWare workstation, but is a bit of a manual process to extract it manually. (Find steps for this on SO or SU site).

  3. Setup guest to share (NAT) the host's IP address

See more thorough instructions for steps 1 and 3 at: VM share host's VPN connection

Improve this answer
1
  • 3
    This does not answer the question given the limitations. He already said that the host could not run the VPN software.
    – General Redneck
    Commented Aug 24, 2017 at 13:31

You must log in to answer this question.