Highlighted
Contributor
Contributor

macOS Big Sur Fusion 12 NAT no internet connection

Hi,

Running latest macOS Big Sur with Fusion 12. Nothing changed in my virtual machine Windows 10 however internet connection is not working

54 Replies
Highlighted
Contributor
Contributor

@Zaic This is not a solution - its at most a hotfix workaround.

The linked "solution" is required to be done every time the VM is rebooted.

--

There's an underlying problem with how Fusion works on macOS 11 Big Sur. The faster VMware owns up to this fact the better. Judging by the experiences here, and the fact that VPNs on Parallels work, this IS a VMware Fusion issue and NOT a VPN as VMware indicates in their responses.. **** frustrating to say the least. 

Highlighted
Contributor
Contributor

Well @snobis , a friend of mine also uses a clean installation of VMware Fusion and a Windows guest but he has the same problem. Internet just doesn't want to work. Even when setting a static IP address etc.

I don't use any firewall apps on my Macbook. I tried to Google for it but I can't find much about a firewall from Apple itself. I looked at Preferences -> Security & Privacy -> Firewall and checked the Firewall Configuration. Fusion is set to allow incoming connections.

 

@nancyz How can I privately send my vmware.log to you?

I disabled Windows Firewall as well but that doesn't help either, so it doesn't look firewall related. I think there definitely is an issue with Fusion clean installations.

0 Kudos
Highlighted
Contributor
Contributor

There's an underlying problem with how Fusion works on macOS 11 Big Sur. The faster VMware owns up to this fact the better. Judging by the experiences here, and the fact that VPNs on Parallels work, this IS a VMware Fusion issue and NOT a VPN as VMware indicates in their responses.. **** frustrating to say the least. 

0 Kudos
Highlighted
Contributor
Contributor

@MaverickAdmin yes of course, I meant that.

0 Kudos
Highlighted
VMware Employee
VMware Employee

Hi @michaelw1998 

You can attache vmware.log in this thread. BTW, did you connect VPN on your Big Sur host?

0 Kudos
Highlighted
Contributor
Contributor

The strange thing is that the workaround posted already has the correct settings. Running 

sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null

outputs

nat on utun2 inet from 172.16.118.0/24 to any -> (utun2:0) extfilter ei
nat on en0 inet from 172.16.118.0/24 to any -> (en0:0) extfilter ei
no nat on bridge100 inet from 172.16.118.1 to 172.16.118.0/24

 where en0 is my WiFi interface and utun2 is my VPN interface (AnyConnect).

DNS lookups works while using NAT, but no traffic to both internal (VPN) or external (WiFi) works. Bridge mode works when bridging WiFi interface. 
Running Big Sur, Kali as guest and Fusion 12.

0 Kudos
Highlighted
Contributor
Contributor

@nancyz I've uploaded my log file to pastebin because I can't upload the log file here ("The file type (.log) is not supported. Valid file types are: jpg, gif, png, pdf, pptx.")

My log file: https://pastebin.com/katwCz8f

I'm not using any VPN on my host or guest. This is a clear Fusion and Windows installation. Manually tried to set IP address but no internet at all. Can't even ping the gateway.

0 Kudos
Highlighted
Contributor
Contributor

Bumping to the top:


I have same issue, only started after upgrading to Big Sur (macOS 11)

Guest VM (Win10) is unable to use Share Internet (NAT) on Big Sur. Bridged works. 

* Latest AnyConnect 4.9.04xx (Compatible with Big Sur)

* Fusion 12.1

0 Kudos
Highlighted
Contributor
Contributor

Upgraded to Fusion 12.1, still no NAT.

I checked ifconfig in macOS:

bridge100: flags=8a63<UP,BROADCAST,SMART,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500

options=3<RXCSUM,TXCSUM>

ether 3a:f9:d3:a3:07:64 

inet 192.168.206.1 netmask 0xffffff00 broadcast 192.168.206.255

inet6 fe80::1c32:737:7d83:a396%bridge100 prefixlen 64 secured scopeid 0x12 

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x0

member: en6 flags=3<LEARNING,DISCOVER>

        ifmaxaddr 0 port 17 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

 

When pinging 192.168.206.1 from mac I get a response, so I can ping from mac to gateway.

In Windows I tried to ping the same IP, but says request timed out. When looking at ipconfig I can see Windows did get a proper IP-address, subnet and gateway IP so that works fine. But it still doesn't have any network connection, even not to the gateway. I disabled the firewall of my mac but that didn't help either.

 

TLDR: I can ping gateway from my Mac (host) but not from my Windows (guest).

0 Kudos
Highlighted
Enthusiast
Enthusiast

@michaelw1998 Pinging the gateway IP isn't one of the 4 steps I've outlined for troubleshooting.
https://communities.vmware.com/t5/VMware-Fusion-Discussions/macOS-Big-Sur-Fusion-12-NAT-no-internet-...

C:\Users\test>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet0:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::dc4e:6339:4222:2b55%5
IPv4 Address. . . . . . . . . . . : 172.16.77.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.77.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

C:\Users\test>ping 172.16.77.1

Pinging 172.16.77.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.77.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\test>curl 172.217.13.238
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

C:\Users\test>

0 Kudos
Highlighted
Contributor
Contributor

@wd123 Step 1 already fails: C:\Users\Michael>curl 172.217.13.238
curl: (7) Failed to connect to 172.217.13.238 port 80: Timed out

Not using any VPN in the host or guest.

0 Kudos
Highlighted
Enthusiast
Enthusiast

@michaelw1998 OK, that's useful.  It appears that there may reasons outside of having a VPN connection on the host that can interfere with VM networking failing at the IP layer.  Assuming that this very same curl command succeeds on your host (also assuming you have curl on your host), do you have anything configured on your host that may be blocking connectivity to/from any of your network adapters?  Like a 3rd-party firewall or something?  Even if you're not aware of anything specific, it's possible that the workaround listed elsewhere will still apply, even if you're not using a VPN.

I wonder if VMware is regretting their decision to drop the use of kexts to achieve VM networking yet?  😀

0 Kudos
Highlighted
Contributor
Contributor

@wd123 No I did not use any firewall at all. After I noticed that I didn't get NAT to work I installed Little Snitch to check the network monitor. Fusion doesn't show up at all at the network monitor so it looks like the internet from my VM doesn't reach my Mac at all.

I followed the steps in the workaround, at the step of adding a new rule I entered:

echo "nat on bridge100 inet from 192.168.206.0/24 to any -> (en0) extfilter ei" >>newrules.conf

With result:
nat on en0 inet from 192.168.206.0/24 to any -> (en0:0) extfilter ei
no nat on bridge100 inet from 192.168.206.1 to 192.168.206.0/24

I don't have any VPN, so nu utun device at all.

0 Kudos
Highlighted
Contributor
Contributor

I wrote a python3 script that will build and apply a config to accept NAT to all utun/VPN interfaces.

Can be found at:

https://gitlab.com/-/snippets/2043124

0 Kudos
Highlighted
Contributor
Contributor

Today (26.11.2020) my Host "Big Sur" have internet, but virtual "Window 10" used by Fusion 12.1.0 had no internet.

My solution: Changing Network to "Internet-Sharing" AND hardware compatible to "16"

=> Now also the virtual machine have internet!  

My Cost: Too much personal time! This problem must be seen earlier. 

0 Kudos