0

I have a particular problem where a piece of software can only be run on Linux but must connect to a remote server through a VPN client that can only run on Windows.

With physical hardware, I assume I could just run an ethernet cable between the Linux box and the Windows box, and a second from the Windows box to the router. (No idea if this would work, but it sounds like it should).

How could I accomplish this on a VMWare ESXi hypervisor using two virtual machines?

I've found a few articles that may help me but would like a bit of expertise on the matter.

Improve this question
9
  • Which VPN client can only run on Windows?
    – harrymc
    Commented Feb 7, 2018 at 16:00
  • @harrymc Barracuda, PulseSecure and one other I can't remember off the top of my head. If they do have Linux clients, I'm not provided them by the client. So you can throw Fortinet and Sonic Wall in their too. Different clients give me different VPNs, but the software I use to do my job only works on Linux. So, I'm forced into this contrivance.
    – NictraSavios
    Commented Feb 7, 2018 at 21:43
  • Almost all vpn have Linux clients. For example barracuda. Wouldn't that be simpler?
    – harrymc
    Commented Feb 7, 2018 at 22:01
  • As I said, usually I can't get the Linux versions. I'm not provided them, and sometimes the downloads are behind paywalls. Even if I did collect them all, any connection problems with the work would be a liability. It wouldn't be on the client, because I didn't follow their instructions.
    – NictraSavios
    Commented Feb 7, 2018 at 22:15
  • But yes, it would be simpler. Trust me, I wouldn't be asking this if I didn't try every simple solution I could come up with.
    – NictraSavios
    Commented Feb 7, 2018 at 22:17

2 Answers 2

Reset to default
1
+50

As much as I agree that this is a bad idea, you seem convinced it's the best solution for your circumstances. Personally I would go with collecting all of the various VPN clients. With that said...

Firstly you need to enable routing and remote access on the windows machine that's running the VPN client. The 'configure lan rounting' link you have should get you to that point.

Then you need to configure a route that will direct traffic for your VPN networks/hosts through the intended interface (the VPN adapter). If you don't know which traffic, you can use a default route which will route all of the traffic. Once you've configured that on your windows box, you'll need to set the default gateway address on the linux box to be the IP address for the LAN adapter on the windows box.

While you can configure routing on windows using the command line, it might be a little easier to start with if you use a GUI tool like Nirsoft NetRouteView:

https://www.nirsoft.net/utils/network_route_view.html

Make sure you run this as administrator otherwise you'll just end up with headaches ;) It will allow you to view/edit/delete existing routes and create new ones. As an FYI, if you have more than one default route (0.0.0.0) the route with the lowest metric is the route that takes priority. So you may have to adjust the metrics of your routes accordingly.

If this is a frequently used/permanent setup you can leave the linux box configured as-is and add additional routes on the windows box to handle traffic to various VPN tunnels. When you make your routes "persistent" they will be saved through a reboot. Routes that aren't persistent are lost when the machine is rebooted. You can also specify the adapter (interface) for the routes when you're configuring them. For example, you could configure routes for VPN-A and VPN-B and when VPN-A is connect and VPN-B is not, the route for VPN-B will essentially be ignored and the traffic will get routed through VPN-A.

Improve this answer
3
  • So, from there I can just tell Linux to use it as a gateway. Awesome!
    – NictraSavios
    Commented Feb 9, 2018 at 3:05
  • Oh, and the reason collecting the clients isn't my solution is because if a client ever gives me a VPN which definitely doesn't have a Linux client, I'm screwed. If a client ever refuses to give me their Linux client and I can't get it myself, I'm screwed.
    – NictraSavios
    Commented Feb 9, 2018 at 3:06
  • Hey man, I'm not here to judge. We've all got our problems and I fully realize that lots of times the circumstances are out of our control. Good luck with your setup and if you need more help shoot me a pm.
    – apocalysque
    Commented Feb 9, 2018 at 3:20
1

The situation encountered by the poster is the requirement to connect to multiple clients of his using VPN. He receives the VPN software from the clients, software almost always intended to be used under Windows. Unfortunately, his program was written on and runs in Linux.

The poster's requested solution is to use a Windows VM to act as the router to the VPN, so running the VPN client under Windows and connecting to it from the Linux host.

This solution will not work in all cases, since many companies have the bad habit of making their VPN compulsory, so that the connected VM will be isolated from the host network and will not be able to route requests. (Luckily no firewall can disconnect the VM's desktop from VMWare running on the host.)

One possible solution is use a Linux client for the VPN. Most VPN clients for Linux are free, but even if not, then the client did pay for the product and so can get you the Linux client if you really insist. This is by far the simplest solution.

A second solution is by inverting the architecture. I suggest getting a Windows computer and installing on it the various VPN clients. The Linux program can then be installed in a Linux VM which will use the host's network. This solution will work even for a compulsory VPN.

A third solution relies on the fact that modern hypervisors now support embedded hypervisors, which is a hypervisor running in a virtual machine. This architecture is a bit far-fetched, involving your Linux hosting a Windows VM with its embedded hypervisor running an embedded Linux VM containing your product. This solution will also work even for a compulsory VPN, but you will have to weight its advantages versus disadvantages. It might force you to use another VMWare product than the one you are currently using. I admit to not knowing if this solution is really feasible.

Improve this answer
7
  • I've already thought of this solution, and it was my "next best" if I couldn't get this to work. It's got a lot of problems sadly, but if its the only solution - then so be it. I can't mark this as correct as it does not solve the question I'm asking and doesn't work for my situation for a lot of reasons. (The least of which being that multiple Linux machines that are already in place need to go through this windows host) But, if you know how to actually solve the question, I'd be grateful.
    – NictraSavios
    Commented Feb 8, 2018 at 20:15
  • Hmm. Maybe its possible to use a Windows Host, A linux VM on top that works like a router, and router the VMs on VMware through it?
    – NictraSavios
    Commented Feb 8, 2018 at 20:20
  • I have incorporated in my answer all the solutions I can see to the problem which take in account compulsory VPN.
    – harrymc
    Commented Feb 8, 2018 at 20:46
  • Alright, thank you. Still doesn't solve my question, but it does give me alternatives should no solution be presented.
    – NictraSavios
    Commented Feb 8, 2018 at 21:38
  • In all fairness, I think that you may be chasing a non-existent problem. It's very likely that the standard OpenVPN client under Linux will work with many (if not all) of your VPNs. Modern routers that support VPN can connect with almost any VPN server in the world, and they are almost all based on Linux. VPN is after all a known standard. You have defined your pet solution which might need much work to implement but that may in the end prove somewhat unusable. I have tried to treat your underlying problem, rather than your solution for it.
    – harrymc
    Commented Feb 9, 2018 at 9:19

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .