I'm trying to set up a Linux box that runs multiple Windows guest systems in VMware, all of which connect through the host internet connection through NAT, but each guest using its own VPN connection.

To reiterate: each guest is supposed to connect to the internet as a VPN client through its own VPN server outside of the local network - if possible while using just one port for all connections.

I've found some posts that claimed the VMware NAT doesn't support this, others that claimed it does, but you need a router that supports it with PPTP GRE47 support, and yet others that claim it works using a bridged connection instead of NAT.

What would be the ideal (read: most functional / logical / efficient) setup to do this?

Edit: It seems that a DD-WRT router with latest version would be the best option. Does anyone have experience with this setup? Multiple VPN connections on one router?

  • If you want each VM to use its own VPN conenction, configuring the connection on the guest side would be far easier. Possibly not as elegant, though.
    – Bob
    Commented Mar 10, 2013 at 0:54
  • I thought that was implied in my description of the problem: "each guest using its own VPN connection"?
    – awfm9
    Commented Mar 10, 2013 at 3:12

2 Answers 2


My solution to this: On each Windows guest, setup an OpenVPN server. Each guest should listen on different ports from each other: Ex., guest 1 listens on port 1501, guest 2 on port 2501, and guest 3 on 3501. On your internet facing router and linux box, you have to configure port forwarding. On your internet facing firewall/router, configure the VPN ports to forward to your linux boxes ip address, and on your linux box (that should have iptables installed), configure traffic coming in on it's internet connection on those ports to forward to their various guests. Some info on iptables port forwarding is here, it's not exhaustive though.

This is a fair amount of work, especially if you've never worked with any of these technologies, but it's certainly possible and after one guest is working fine the rest are just copies. I do recommend that

1)The interface of your linux box that connects to the internet has a static IP
2)All your guests have a static ip on the host only network (All 4 of these machines are servers and should be treated as such.
3)You have some decent firewall such as pfsense in place between your host and the internet.
  • Hello and thank you for your reply. IPtables is a given. I don't really understand why I would set up the guests as VPN servers, though? I am trying to connect each guest as a client to the internet, through its own VPN connection to a server hosted by a VPN provider. I am also rather looking for a way to make this work with just one outbound port - if at all possible.
    – awfm9
    Commented Mar 10, 2013 at 3:16
  • @awishformore you didn't indicate if these machines would be vpn clients or not. Have you tried setting these machines up and connecting them to the VPNs? people connect to different vpns behind nat everyday, I don't see why this would be any different.
    – MDMoore313
    Commented Mar 10, 2013 at 5:05

After finally finding some good links on the topic and reading about it in detail, I have the following answer to my own question. Excuse me for getting some things mixed up initially.

The issue seems to be with the VMware NAT implementation, which apparently doesn't support PPTP passthrough properly and seems to have issues when handling multiple VPN connections, even when they are directed to a different VPN server. This should not be the case, as even with PPTP passthrough that erroneously handles ConnectIDs, NAT should work fine due to the different destination addresses. I will report back after I got the machine set up and did some testing.

A solution that probably always works, even when several guest systems connect to the same VPN server, would be to use the VMware bridged network adapter instead of the NAT one and have a router that properly supports PPTP passthrough. The issue is then handled on the hardware router level and not on the level of the VMware software NAT. This of course requires one local IP per VMware guest system.

  • I will leave the question open until I had the time to properly test all different configurations on the system once I get the hardware (~2 weeks). If anyone has a better approach or feedback until then, please share.
    – awfm9
    Commented Mar 10, 2013 at 12:21
  • So, I'm assuming that the VPN servers are using PPTP then? that's important, because not every VPN uses it, just FYI.
    – MDMoore313
    Commented Mar 10, 2013 at 22:18
  • 1
    The VPN servers are all from major providers - and will rarely be a case where two clients connect to the same server. Even then, I serously doubt any major player on the VPN market would not have their servers set-up in a way where more than one client can connect from the same IP - there are many big networks (i.e. work) who require this.
    – awfm9
    Commented Mar 11, 2013 at 1:06
  • Just curious, why do you have to use NAT?
    – MDMoore313
    Commented Mar 13, 2013 at 13:32
  • I don't have to use NAT, it would just be easier to set up & maintain, since I wouldn't need to manually set up an IP for each VM I create.
    – awfm9
    Commented Mar 14, 2013 at 16:15

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .