VMware Communities
om3rx
Contributor
Contributor

macOS Big Sur Fusion 12 NAT no internet connection

Hi,

Running latest macOS Big Sur with Fusion 12. Nothing changed in my virtual machine Windows 10 however internet connection is not working

173 Replies
wd123
Enthusiast
Enthusiast

/me grumbles about disappearing messages on this forum.   One more time...

@om3rx Some VPN configurations prevent any other network communications, which may even interfere with VMs being able to communicate.  But that depends on the VPN.

If you want to test whether your connectivity problems lie on the IP layer or name resolution layer, you can try a few steps from a guest VM:

  1. curl 172.217.13.238
    This should return something like:

    <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
    <TITLE>301 Moved</TITLE></HEAD><BODY>
    <H1>301 Moved</H1>
    The document has moved
    <A HREF="http://www.google.com/">here</A>.
    </BODY></HTML>

  2. nslookup www.google.com 8.8.8.8
    This should return something like:

    Server: 8.8.8.8
    Address: 8.8.8.8#53

    Non-authoritative answer:
    Name: www.google.com
    Address: 172.217.15.68
    Name: www.google.com
    Address: 2607:f8b0:4004:80a::2004



  3. nslookup www.google.com
    This should return something like:

    Server: 8.8.8.8
    Address: 8.8.8.8#53

    Non-authoritative answer:
    Name: www.google.com
    Address: 172.217.15.68
    Name: www.google.com
    Address: 2607:f8b0:4004:80a::2004

  4. curl www.google.com
    This should return an HTML document that is mostly JSON.

    ... <snip>
    google.pmc=JSON.parse(pmc);})();</script> </body></html>

 

If you got through step 4, congratulations.  Everything is working fine.
If step 3 was the first to fail, then I suspect that you have the DNS-layer problem described elsewhere. This is VMware's fault.
If step 2 was the first to fail, then you have some IP-layer trouble. Specifically, your network isn't allowing outbound DNS requests. If you have a VPN at play on your host, see this workaround.
If step 1 was the first to fail, then you have IP-layer trouble. Specifically, your network isn't allowing outbound web requests. If you have a VPN at play on your host, see this workaround.

It's hard to point a finger at who is to blame for this mess.  One one hand, Apple apparently changed how NAT networking can be achieved with a virtualization product.  On the other hand, VMware failed to plan-for/test real-world networking configurations.  e.g., What if the host OS has something already listening on port 53 on any interface?  Or what if the host OS has a VPN connection?

Reply
0 Kudos
Zaic
Contributor
Contributor

MaverickAdmin
Contributor
Contributor

@Zaic This is not a solution - its at most a hotfix workaround.

The linked "solution" is required to be done every time the VM is rebooted.

--

There's an underlying problem with how Fusion works on macOS 11 Big Sur. The faster VMware owns up to this fact the better. Judging by the experiences here, and the fact that VPNs on Parallels work, this IS a VMware Fusion issue and NOT a VPN as VMware indicates in their responses.. **** frustrating to say the least. 

michaelw1998
Contributor
Contributor

Well @snobis , a friend of mine also uses a clean installation of VMware Fusion and a Windows guest but he has the same problem. Internet just doesn't want to work. Even when setting a static IP address etc.

I don't use any firewall apps on my Macbook. I tried to Google for it but I can't find much about a firewall from Apple itself. I looked at Preferences -> Security & Privacy -> Firewall and checked the Firewall Configuration. Fusion is set to allow incoming connections.

 

@nancyz How can I privately send my vmware.log to you?

I disabled Windows Firewall as well but that doesn't help either, so it doesn't look firewall related. I think there definitely is an issue with Fusion clean installations.

Reply
0 Kudos
MaverickAdmin
Contributor
Contributor

There's an underlying problem with how Fusion works on macOS 11 Big Sur. The faster VMware owns up to this fact the better. Judging by the experiences here, and the fact that VPNs on Parallels work, this IS a VMware Fusion issue and NOT a VPN as VMware indicates in their responses.. **** frustrating to say the least. 

Zaic
Contributor
Contributor

@MaverickAdmin yes of course, I meant that.

Reply
0 Kudos
nancyz
VMware Employee
VMware Employee

Hi @michaelw1998 

You can attache vmware.log in this thread. BTW, did you connect VPN on your Big Sur host?

Reply
0 Kudos
haagbard
Contributor
Contributor

The strange thing is that the workaround posted already has the correct settings. Running 

sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null

outputs

nat on utun2 inet from 172.16.118.0/24 to any -> (utun2:0) extfilter ei
nat on en0 inet from 172.16.118.0/24 to any -> (en0:0) extfilter ei
no nat on bridge100 inet from 172.16.118.1 to 172.16.118.0/24

 where en0 is my WiFi interface and utun2 is my VPN interface (AnyConnect).

DNS lookups works while using NAT, but no traffic to both internal (VPN) or external (WiFi) works. Bridge mode works when bridging WiFi interface. 
Running Big Sur, Kali as guest and Fusion 12.

Reply
0 Kudos
michaelw1998
Contributor
Contributor

@nancyz I've uploaded my log file to pastebin because I can't upload the log file here ("The file type (.log) is not supported. Valid file types are: jpg, gif, png, pdf, pptx.")

My log file: https://pastebin.com/katwCz8f

I'm not using any VPN on my host or guest. This is a clear Fusion and Windows installation. Manually tried to set IP address but no internet at all. Can't even ping the gateway.

Reply
0 Kudos
MaverickAdmin
Contributor
Contributor

Bumping to the top:


I have same issue, only started after upgrading to Big Sur (macOS 11)

Guest VM (Win10) is unable to use Share Internet (NAT) on Big Sur. Bridged works. 

* Latest AnyConnect 4.9.04xx (Compatible with Big Sur)

* Fusion 12.1

Reply
0 Kudos
michaelw1998
Contributor
Contributor

Upgraded to Fusion 12.1, still no NAT.

I checked ifconfig in macOS:

bridge100: flags=8a63<UP,BROADCAST,SMART,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500

options=3<RXCSUM,TXCSUM>

ether 3a:f9:d3:a3:07:64 

inet 192.168.206.1 netmask 0xffffff00 broadcast 192.168.206.255

inet6 fe80::1c32:737:7d83:a396%bridge100 prefixlen 64 secured scopeid 0x12 

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x0

member: en6 flags=3<LEARNING,DISCOVER>

        ifmaxaddr 0 port 17 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

 

When pinging 192.168.206.1 from mac I get a response, so I can ping from mac to gateway.

In Windows I tried to ping the same IP, but says request timed out. When looking at ipconfig I can see Windows did get a proper IP-address, subnet and gateway IP so that works fine. But it still doesn't have any network connection, even not to the gateway. I disabled the firewall of my mac but that didn't help either.

 

TLDR: I can ping gateway from my Mac (host) but not from my Windows (guest).

Reply
0 Kudos
wd123
Enthusiast
Enthusiast

@michaelw1998 Pinging the gateway IP isn't one of the 4 steps I've outlined for troubleshooting.
https://communities.vmware.com/t5/VMware-Fusion-Discussions/macOS-Big-Sur-Fusion-12-NAT-no-internet-...

C:\Users\test>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet0:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::dc4e:6339:4222:2b55%5
IPv4 Address. . . . . . . . . . . : 172.16.77.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.77.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

C:\Users\test>ping 172.16.77.1

Pinging 172.16.77.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.77.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\test>curl 172.217.13.238
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

C:\Users\test>

Reply
0 Kudos
michaelw1998
Contributor
Contributor

@wd123 Step 1 already fails: C:\Users\Michael>curl 172.217.13.238
curl: (7) Failed to connect to 172.217.13.238 port 80: Timed out

Not using any VPN in the host or guest.

Reply
0 Kudos
wd123
Enthusiast
Enthusiast

@michaelw1998 OK, that's useful.  It appears that there may reasons outside of having a VPN connection on the host that can interfere with VM networking failing at the IP layer.  Assuming that this very same curl command succeeds on your host (also assuming you have curl on your host), do you have anything configured on your host that may be blocking connectivity to/from any of your network adapters?  Like a 3rd-party firewall or something?  Even if you're not aware of anything specific, it's possible that the workaround listed elsewhere will still apply, even if you're not using a VPN.

I wonder if VMware is regretting their decision to drop the use of kexts to achieve VM networking yet?  😀

Reply
0 Kudos
michaelw1998
Contributor
Contributor

@wd123 No I did not use any firewall at all. After I noticed that I didn't get NAT to work I installed Little Snitch to check the network monitor. Fusion doesn't show up at all at the network monitor so it looks like the internet from my VM doesn't reach my Mac at all.

I followed the steps in the workaround, at the step of adding a new rule I entered:

echo "nat on bridge100 inet from 192.168.206.0/24 to any -> (en0) extfilter ei" >>newrules.conf

With result:
nat on en0 inet from 192.168.206.0/24 to any -> (en0:0) extfilter ei
no nat on bridge100 inet from 192.168.206.1 to 192.168.206.0/24

I don't have any VPN, so nu utun device at all.

Reply
0 Kudos
sys7em-adam
Contributor
Contributor

I wrote a python3 script that will build and apply a config to accept NAT to all utun/VPN interfaces.

Can be found at:

https://gitlab.com/-/snippets/2043124

Reply
0 Kudos
fod2
Contributor
Contributor

Today (26.11.2020) my Host "Big Sur" have internet, but virtual "Window 10" used by Fusion 12.1.0 had no internet.

My solution: Changing Network to "Internet-Sharing" AND hardware compatible to "16"

=> Now also the virtual machine have internet!  

My Cost: Too much personal time! This problem must be seen earlier. 

Reply
0 Kudos
DrMMT
Contributor
Contributor

Thank you.

Reply
0 Kudos
rachitb
Contributor
Contributor

Do we have any final solutions coming out for this issues. Its a big impact on work !!!

Reply
0 Kudos
BlazerChad
Contributor
Contributor

Did any of you have Cisco AnyConnect connected when installing Fusion 12? Also, if so, do you think uninstalling/reinstalling with it disconnected could fix the issue?

Reply
0 Kudos