Solved: Re: Networking problems wrt Cisco VPN and Retrospe...

jg167 · ‎10-25-2007

First, is there documentation for fusion? I see the release notes, and the getting started doc, but no reference manual.

Consequently I have not figured out what "host' networking mode is, can someone help with that?

Generally I just defaulted everything to get started and am running fine in the bootcamp partition. Networking is set to NAT

and that seemed to work fine, including being able to use the Mac's Cisco VPN connection when that was running. But

in this mode it can not be found by my backup server so the only way to back it up is to shutdown and backup the partition

from the Mac side, which I don't want to do (as its a hassle and I just won't remember). So I tired bridged networking. That works

fine for my backup server (i.e. it just gets an ip from my dhcp server and all is fine). But this seems to not only not allow

it to use the mac's VPN connection, but it has screwed up the VPN connection all together. Now even with vmware not

running (not just the VM being down but Fusoin not running), my VPN will not work (it connects, but I get no traffic, i.e.

I can't use it despite another machine verifying that the VPN server is up etc). Also I see vmware left two virtual interfaces

around, vmnet1 and vmnet8, but even if I mark those as down my VPN is still hosed (even after rebooting the mac). I need

the VPN for work, so this is a major problem. Note that even after Fusion quiets these interfaces were left UP, which

seems clearly wrong to me (once the app is gone, any mods to the system should be removed and then setup again

when its next started).

This is all on wired ethernet, airport is turned off (for now anway), and is on a MacBookPro 2.2Ghz.

In summary:

1) how can I remove all remnanats of vmwares networking setup to try and get my VPN back (ideally without having

to uninstall Fusion)

2) how to I solve the network dilema of wanting my backup server (on my local LAN which is protected by a NAT firewall

to see the VM, but also let the VM use (let alone not interfere with) the Mac's VPN?

3) What is "host" networking mode?

rcardona2k · ‎10-25-2007

So I'm not sure what happened, but the only answer I'd like from VMware at this point, is an explanation of just what "host" networking mode does.

I'm not from VMware but maybe you will accept my description. All of VMware's hosted products (Workstation, ACE, Player, Server and Fusion), all establish a private network, vmnet8, on which the host the virtual machine(s) are connected to. This is similar to a concept called a loopback adapter.

Host-only networking achieves at least two goals: a connectivity path between the hosts and guest even if there is no other host networking enabled (ethernet, wifi, etc) and establishing a communication path on the same network subnet where no other host can communicate to the guest VMs. Of course VMs can have other network interfaces that are bridged, NAT or custom, but only host-only satisfies the two conditions I described above (at the same time).

View solution in original post

joebaran · ‎10-25-2007

"First, is there documentation for fusion? I see the release notes, and the getting started doc, but no reference manual.

Consequently I have not figured out what "host' networking mode is, can someone help with that?"

Well, I haven't found a reference manual either, but there is a lot in common between Fusion and Workstation 6, so this is helpful:

VMware Workstaiton 6 online library

There is also a writeup on networking in Fusion at this post:

(ARGHHHHHH! the "add link" widget in this forum doesn't seem to work in Safari....)

The actual post is called "How to modify Fusion network settings whitepaper" by DaveP on Aug 9, 2007 3:45 AM - there is a PDF attachment with it.

As far as using NAT vs. bridged and the Cisco VPN client:

I am running a XP SP2 VM and leave it as NAT most of the time, since it then just inherits the Cisco VPN connection (which I use when out of the office). As you have seen, bridged means that it gets it's own IP from DHCP and therefore is not going to route through the VPN in the OS X host.

When in the office, I sometimes change it to "bridged", simply because I get a full speed LAN connection (in this case 100MB) when bridged but it runs slower when NATed for some reason - this does not matter when I am connected remotely over DSL, since the DSL is the limiting factor.

I was pleasantly surprised to find out that I can change between NAT and bridged rather easily, without rebooting the XP client. Just change the Network settings, disconnect & reconnect - Windows just acts as if you pulled the LAN cord and then put it back - it re-acquires a connection (either from the LAN DHCP if bridged or form the internal VMware DHCP if NAT) and off you go.

For your real problem where your Cicso VPN client seems to be hosed, I unfortunately can't be of any real help, except to say that it is possible for it to work. I have not had a problem with it at all - it all worked first time. I did install the Cisco VPN client AFTER installing Fusion, in case that makes any difference.

My setup:

Cicso VPN client for OS X version 4.9.01 (0080)

Fusion 1.0 build 51348

OS X 10.4.10, all current updates

2.33 GHz MBPro 15" boot ROM version MBP22.00A5.B07 (this is the type from October 2006, it is NOT the latest "Santa Rosa" type)

Windows XP PRO client with SP2 (actually, this was originally a Parallels VM, migrated using VMware Converter)

using wired networking (Airport turned off)

Hope some of this helps...

jg167 · ‎10-25-2007

Indeed, the reference to the paper is helpful. Thanks.

Yea it all worked for me too (including XP SP2 using the Mac's VPN) to begin with. Its only when I started

playing with it that I ran into problems! I did try host networking at one point but did not see what it

was doing, maybe that is the issue. i still haven't managed to get my VPN back up

When you say you can switch between NAT and Bridged without rebooting anything but just disconnecting

and reconnecting, what do you mean by 'connecting"? Is that the disconnect/connect in the VPN?

Being able to easily switch back and forth between NAT and bridged would pretty much solve my problem

ala VPN vs backup (since maybe I'd remember often enough to just switch the networking, maybe I could

even script that for just before 2am when my backup server starts looking around).

I may have to try uninstalling Fusion and reinstalling it, that might at least get rid of the vmnet interfaces

which I presume are the issue somehow. Though from looking at the scripts the pdf references, it looks

like vmnet1 and vmnet8 are always created so how its managing to prevent the VPN from working is still

mysterious. An uninstall/re-install shouldn't hurt my bootcamp partition so that won't be tooooo painful

though it might not get rid of the vmnet interfaces either.

Our configurations are essentially identical (just slight different MBPs but identical sw revs).

-jrg

jg167 · ‎10-25-2007

Well I'm somewhat back in business, and I actually can not say for sure if this had anything to do with Fusion or not. The

timing is so coincidental that it seems like it has to have, but...

Uninstalling and reinstalling Fusion is a total no-brainer. It removes all of its stuff (including the vmnet* interfaces)

except its license file containing your serial number so when you reinstall you don't even have to type that back in when

you reinstall. So that was really really painless.

After that my VPN STILL did not work fully, but it did sort of work i.e. I could get to my work systems, but I could not

get to the internet at large (despite of course the VPN going over the net) so I have yet to figure that one out, but I don't

know that it was due to the network setup on my end of things and thus has anything to do with Fusion. I'm also not

sure that this was not the case all along.

So I'm not sure what happened, but the only answer I'd like from VMware at this point, is an explanation of just what

"host" networking mode does.

rcardona2k · ‎10-25-2007

So I'm not sure what happened, but the only answer I'd like from VMware at this point, is an explanation of just what "host" networking mode does.

I'm not from VMware but maybe you will accept my description. All of VMware's hosted products (Workstation, ACE, Player, Server and Fusion), all establish a private network, vmnet8, on which the host the virtual machine(s) are connected to. This is similar to a concept called a loopback adapter.

Host-only networking achieves at least two goals: a connectivity path between the hosts and guest even if there is no other host networking enabled (ethernet, wifi, etc) and establishing a communication path on the same network subnet where no other host can communicate to the guest VMs. Of course VMs can have other network interfaces that are bridged, NAT or custom, but only host-only satisfies the two conditions I described above (at the same time).

jg167 · ‎10-25-2007

Thanks, that makes sense. hmm I might even be able to use that, to get both VPN and backup service

by having the mac share its net connection over the host interface to the VM... but maybe not.

It turns out my VPN problem was name resolution. I've seen this before when screwing around with

networking and starting and stopping the VPN client. It ends up getting confused about the name server

it should use when the VPN is established, and ends up using my local name server (really just my

firewall that forwards such to my ISP) but changes the search domain to the VPN target which is a

private network and hence can not be resolved and crapo. So once I remember how to get that

fixed all will be well. I don't think it really had an explicit Fusion connection, more just that I was

starting and stopping it while playing around with networking experimenting with the Fusion networking

options and... Anyway thanks or the "host" explanation.

All

Networking problems wrt Cisco VPN and Retrospect backup server