I have an ubuntu virtual machine running on my local pc via NAT. I can use putty to ssh into my virtual machine(I have some special reason I need to use putty to connect my local running VM).

But when I dial in corporate VPN, putty doesn't work, after some time, it reports time out error. the VM is still running, I can't even ping the VM.

Why it's not working??

Shut down the VM, change the Network to Bridge Mode and then start it up again.

In NAT mode, the VM gets created on a virtual network that is natted to your local PC ip address.

The moment you connect to the VPN, you get a new address and your VM doesn't have communication to it. At the same time, the VPN client receives a list of known networks and default route. The known networks don't include the virtual one that your VM hangs on, so the route disappears.

By putting the NIC in the virtual machine into bridged mode, it will get an ip address on your local PC's network, and this local IP address will not be pulled across the VPN, and as such, will be reachable as part of your "local" subnet.

eg.. home router: .. your PC .. your VM now ... but go to bridged mode.. you might get: (your router) as your local PC, and the vm might get (note the 3rd octet!!)

To easily see the routes.. open a command prompt, and before you connect, do a " netstat -rn "

then connect to your VPN and do another " netstat -rn " this will show you the differences in your routing table, and if you look closely, should see what David Woodward & I are saying.

    Be careful with this one. If you leave the VM in bridged mode and go back into the office it could cause issues. Especially if your office has port security setup on their network. In that case your VM would be detected as a rogue system on the network and trip port security - potentially knocking you completely off the network (VM and host machine). For my work, just having the VM in bridged mode on the home network/VPN will cause drama. Commented Oct 4, 2016 at 11:41
  • You sir, are a life saver! I just changed the random IP i was defining in vagrant file to one something similar. And it worked. At max what i will have to do when i switch networks is to change that IP and restart the vagrant vm. At-least it works. Commented Mar 26, 2018 at 17:41

Your VPN is probably setup as full tunnel rather than split tunnel. In full tunnel no other network connections are allowed to be used (including connections using the virtual NIC between your machine and the VM).

Unfortunately this is probably something beyond your control as it's generally a policy put in place to prevent bad things on other networks from making their way onto the corporate network. What VPN software are you using?

  • I'm using BIG-IP Edge Client
    – Aaron Shen
    Commented Oct 3, 2016 at 8:04
  • Unfortunately I have not been forced to work with that one yet (I kind of despise VPN software). But, I'm pretty confident that full tunneling is your issue. And, even if I knew some hack to work around it, your IT security team would not be happy about it. It'd be best to talk to your VPN admins and see if they're allowed to provide you with a split tunnel connection. Commented Oct 3, 2016 at 8:22

As David mentioned in his answer, probably my vpn is full tunnel, that's why my host can't ssh to my guest by ip address. Because they're in different networks.

But I found a way to still use my host for web surfacing and meanwhile ssh into my guest. I'm using vmware player on my windows host now, so the solution is to do port forwarding and the run vm using NAT network adapter.

  1. edit the vmnetnat.conf file under C:\ProgramData\VMware,

under the [incomingtcp] section, maintain the port you want to forward, I add this line: 9922 = So it will forward whatever coming to my host from port 9922 to my guest port 22.

now, in putty, I maintain the address to 9922, then the connection will be forwarded to my guest.

  • Nice work around. Commented Oct 4, 2016 at 11:45

