VMware Communities
SoftlinkB
Contributor
Contributor

VPN blocked by Fusion on Guest machine

Hi All,

Bit of background. I have Fusion 8, but since working from home I have had issues as my computer is no longer patched into the work server. The VPN to our server works fine on the Mac (host machine), but the guest (Windows machine) had a lot of issues. It would not even run Outlook or load the internet when I finally got it to connect. I thought perhaps the updated version of Fusion would be necessary, so I have been trialing Fusion 11.5 but it is like something is blocking connection to the VPN. I have even created a separate VM with a reinstalled version of Windows - so a blank machine, and have managed to get Outlook synced and the internet running properly but still cannot access the VPN. The Fusion 8 machine will do neither. I have tried calling VMWare Sales to find the answer and after 3 hours there was still no answer! Apparently it should work as I posted on Twitter, but they did not say how?! I have 7 days left of the trial and I want to find out if I can get the VPN on the host machine working. If I can then I will upgrade, if I can't, I shall remain with Fusion 8.

Also, does anybody know if I upgrade to Fusion 11.5 whether I would get any technical support to get the VPN working or if I just pay for the upgrade and am left to figure out the issue myself!

Best regards...and do hope someone has an idea of how to resolve this issue!

Tags (1)
9 Replies
RDPetruska
Leadership
Leadership

Not an answer regarding the version numbers, however -- most VPN software disables other network connections present on the computer when it is connected.  So, if your host Mac is connected to a VPN, it is very likely that the network traffic from your guest(s) attempting to travel over the VMnet virtual network switches will be blocked.

scott28tt
VMware Employee
VMware Employee

"if I upgrade to Fusion 11.5 whether I would get any technical support to get the VPN working"

Fusion and Fusion Pro both come with 18-month email support - either with a new license or as an upgrade:

Screenshot 2020-06-18 at 16.42.49.png


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
SoftlinkB
Contributor
Contributor

Hi RDPetruska,

thank you for clarifying . I had considered that and had disconnected on the Mac side (host side) in case that was the problem, but it made no difference. not sure if restarting the Mac after disconnecting the mac vpn would make a difference.

Reply
0 Kudos
ColoradoMarmot
Champion
Champion

So, a lot depends on how the VPN is configured.  But in most cases if you set the VM to NAT, and only connect to the VPN on the host, the guest will have access to the VPN from the host.  You may have to reboot the guest (and/or do an ipconfig /release ipconfig /renew cycle from a command prompt) after connecting to the host VPN.

If your network admin has the VPN configured in a particular way though, the only option would be to run the VPN both on the host, and separately inside the guest.

SoftlinkB
Contributor
Contributor

Hi dhotka,

i will have another look tomorrow. We had tried the NAT route, also tested on bridged mode/auto/Ethernet/wireless in fusion network settings. But don’t think we did the ipconfig/release.

Is there an article anywhere with instructions on the settings required to get the vpn working on a host machine. I have read so many different threads that have given me ideas to test but no Simple to follow settings. Tried most combinations of settings but if others have got it to work then I’ve missed something.

Reply
0 Kudos
ColoradoMarmot
Champion
Champion

There aren't, both because each VPN differs, and because there's options the admins can set when they deploy it.  I've had (for example) Cisco ASA support NAT to allow guest access, and another  deployment that didn't.

The brute force method is (as long as you have internet in the guest) is to just run the VPN in the guest as well.  It adds a bit of latency and overhead, but is rarely blocked.

SoftlinkB
Contributor
Contributor

Hi And thank you!

Trying your solution of using the hosts vpn is probably working but I cannot test this. When I bought my work computer home, the idea was to get the guest vpn working and then map all the drives and folders through the vpn to the work server. The remapping was not done as there was no vpn connection. However, with all of this ‘fiddling’ I have been able to access the server drives which can be seen on the Mac host but originally not on the pc by shared folders on and adding the Mac mounted drive as a device in Fusion. This wasn’t showing before!

As you pointed out, I was unable to get the separate vpn on the guest to connect, but rather than fusion blocking the vpn, it is more likely the vpn settings that I cannot change.  the error is L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer. Apparently a known issue and one that requires remapping the NAT ports etc which is probably outside my realm of technical know-how.

Reply
0 Kudos
dakharai
Contributor
Contributor

Ok.  Here's what I got.  Be aware, this problem only started for me when I got into the macOS Big Sur beta (Fusion 11.5 or 12 make no difference, the issue still exists.  I use the same VPN software and setup on both, however it could still be a VPN configuration issue).  However, due to the fact that connecting to the VPN using Full Tunnel, using NAT for the VM still provides an internet connection to nowhere, I have to assume it is something about how Big Sur or Fusion handle the network hooks.  I do not have this issue on macOS Catalina using Fusion 11.5.  But hopefully my solution will work for you.  It is sufficient for me so long as you are allowed two simultanious VPN connections.  I am.

1 - establish two connections to your home network.  WiFi x2, ethernet x2, one of each, doesnt' amtter.

2 - Set your macOS network service order.  If you need more thruput on your host, set the ethernet to the primary.  If the guest needs more bandwidth set the host to use wireless.

3 - Set Fusion to Bridged mode using whichever network connection is NOT the primary.  This will make the guest look like a different machine altogether on your home network.

Any combination of Host/Guest VPN status work for me.

Host: None / Guest: none

Host: Split / Guest: Full

Host: Full / Guest: None

and so one and so on.

Again, it requires that you are allowed simultanious network connections.  note that even if your Host is set to Full, your guest will NOT have VPN access because it is seen, by your home netowrk, as a completely different physical machine.

Hope that helps some people who run into this as well.  Again, I have a test setup so I'm not proposing that the cause of my issue is the cause of yours, just giving you a possible solution.

-dak

Reply
0 Kudos
the_mace
Contributor
Contributor

If anyone is running into this issue on VMware Fusion and using NordVPN from inside the VM, the solution was to change from "default" VPN protocol to OpenVPN (I used TCP but UDP works too). For whatever reason the IKEv2 protocol doesn't work from within the VM on Big Sur but does work on the host machine (also Big Sur).

Reply
0 Kudos