I'm using VMware Fusion 12.0.0 (16880131) in macOS Big Sur Beta 10. In macOS (host), I'm connected to a VPN. I want to share the VPN connection with my Windows 10 2004 (guest), but this doesn't work. Internet connection is available but websites which are only available in VPN aren't. The guest network is connected via NAT. How can I archive the sharing or isn't this possible currently?
If you need any further information, please let me know.
@AlishaMahajan , @Longstag unfortunately I have no experience with CiscoAnyConnect, probably it do a different aproach to build up net network part of the VPN. Just installed F12.1.0 and for me the workaround is still working.
My only suggestion to hunt down the problem (but probably you've already done these or at least a part of these...):
1. stop any vpn, vm and check that the vm networking set to 'share with my mac'
2. start ciscoanyconnect vpn
3. start the vm
4. check the NAT rules -> should reset the sharing_v4 anchor so there's should be no any custom added part
5. check ifconfig for any unusual thing 🙂 -> ciscoanyconnect can build a different netinterface than utun or other bridge, than you should change the custom part of the solution
6. check 'netstat -rn -f inet' (this will print the routing table of ip4 addresses) -> to see every route you need is defined or just to see a big table of addresses 😀
7. in the VM check that you can reach the VPN local ip by pinging it (only the local ip could be reachd!) -> if you can't then there is something different than the "basic" case, so it needs an other workaround
8. ping anything from the vm and check 'sudo tcpdump -i bridge100' which gives you a clue about what trafic leaves the vm netinterface. -> should see the outgoing ping
9. ping a behing vpn adress from the vm and check 'sudo tcpdump -i <vpn interface>' which gives you a clue about what trafic goest to the vpn netinterface -> should see the incoming ping source address is the guest's private ip, which is 'wrong'
9. add the custom rule and check from the VM if it can reach anything other than the default routes -> for example: internet, if it's not routed through the VPN
10. check the same tcpdump command to see if anything is changed
Any part fails, or do something unusual, then probably the soulution won't work and need a different approach to make it work or hopefully vmware will found something for you soon. 🙁
This mostly worked for me....
I was able to ping the host in question which is behind our VPN, but when I went to try and use kubectl (kubernetes control cli) I got the following message:
Unable to connect to the server: net/http: TLS handshake timeout
running macOS 11.0.1 Big Sur
guest os Ubuntu 18.0.4
here's my updated rules that I applied on the Mac side (4th line is what I added)
nat on en1 inet from 192.168.2.0/24 to any -> (en1:0) extfilter ei nat on en0 inet from 192.168.2.0/24 to any -> (en0:0) extfilter ei no nat on bridge100 inet from 192.168.2.1 to 192.168.2.0/24 nat on utun2 inet from 192.168.2.0/24 to any -> (utun2) extfilter ei
And this is the new output when I run pfctl...
nat on en1 inet from 192.168.2.0/24 to any -> (en1:0) extfilter ei nat on en0 inet from 192.168.2.0/24 to any -> (en0:0) extfilter ei no nat on bridge100 inet from 192.168.2.1 to 192.168.2.0/24 nat on utun2 inet from 192.168.2.0/24 to any -> (utun2) round-robin extfilter ei
so it added the part with "round-robin" not sure if that matters.
it seems like something else from the VM is not getting passed to the nat ?
What can I do to assist in troubleshooting this?