Highlighted
Contributor
Contributor

macOS Big Sur - VMware Fusion 12 not working anymore when host is connected to VPN

Hello,

I've updated my macOS from Catalina to Big Sur and since then i also had to upgrade from the VMware fusion 11 to VMware fusion 12.

I've been using expressVPN for couple of months and usually i connect the host machine to the VPN and then i'm also able to have my guest machines under the VPN, but it's happening that now every time i connect to the VPN the guest machines simply can't access the network anymore. Any idea how to solve this issue?

Vmware machines network configurations:

  • I've tried my network adapter using the default configuration (Share with my MAC - NAT)
  • I've also tried with custom vmnet
47 Replies
Highlighted
Contributor
Contributor

@agilez Yes. Parallels Desktop setup is with NAT.

For the VMware Fusion i got access to the VPN by setting up the VPN manually using the L2TP/IPSec (tutorial is on ExpressVPN support page). But seems like the internet on the virtual machines are a bit slower than usual and i can't access some hosts like dnsleaktest website.
Setting up manually like that don't give the lock network feature.

0 Kudos
Highlighted
Contributor
Contributor

I'm having the same problem... tried everything everyone else on this thread has tried... even with the latest version of Cisco AnyConnect.  Still nothing.  This all worked just fine on Catalina/Fusion 11... I tried both Parallels and VirtualBox - they both worked fine.  So for now, I am letting Big Sur and AnyConnect off the hook... VMWare Fusion seems to be the culprit.  Once I connect to my corporate VPN, my guest is hosed from all network communication.  The only thing that brings it back is to disconnect from the VPN and completely restart Fusion on the host.

-Chris

0 Kudos
Highlighted
Contributor
Contributor

We did get this and still having the problem on the VMWare 12 side.  NAT internet connection not working, so even with the new Cisco AnyConnect it wouldn't work.

0 Kudos
Highlighted
Contributor
Contributor

UPDATE: Submitted a ticket to VMWare.  Will post back if I get this resolved.

Highlighted
Contributor
Contributor

Unless you need access to specific assets on the other side of the VPN, then it doesn't work, even if the VPN on the Mac is set to "all traffic".

0 Kudos
Highlighted
Contributor
Contributor

I can't find support for Pro right now, very frustrating.

0 Kudos
Highlighted
Contributor
Contributor

I have discovered if I create a VPN in the client (Windows 10 VM on Fusion 12) The connection works fine. This is the case even if the Mac host is connected to the VPN at the same time. The Client is not actually sharing the Mac connection via NAT or the Mac is ignoring that ALL traffic is supposed to go over the VPN. Not sure which is the issue, but suspect it lies in there somewhere.

0 Kudos
Highlighted
Contributor
Contributor

I'm not sure that I understand this.  I could see this working IF you have NAT working, but, otherwise I can't even connect to the internet shared connection from the host, let alone connect to the VPN within the VM.  If I switch to Bridge mode in the VM, then I can absolutely execute the VPN from within the VM and use it that way.  But, I want to use a NAT connection from within VMWare in a Windows 10 VM on Fusion 12 with Big Sur as the host. This is the problem I am having.

0 Kudos
Highlighted
Contributor
Contributor

Hi All

Had the same issue, I just installed anyconnect on the win 10 VM and it looks like it's working for me now. So under big sur, fusion is not directing traffic from the vm through the VPN on the host. 

Hope this helps.

0 Kudos
Highlighted
Contributor
Contributor

Highlighted
Contributor
Contributor

Per VMware support they mentioned:

"Thank you for your Support Request.

Changes have been brought up with Fusion 12 as per the changes in functionality of the new MAC OS Big Sur and all MAC based softwares are required to do the same.

The mentioned issue was acknowledged and reported with Apple as a bug and they have clearly stated that the VPN software vendor(s) need to either come up with an updated patch to accommodate the new MAC OS Big Sur or need to share any specific configuration one needs to set-up for the same.

Hence, we will suggest you to contact the VPN vendor for the change in behavior. 

Alternatively, you can install the VPN software inside the VM and keep the network adapter mode to 'bridged' to make it work.

Please let me know if you have any further queries for us."

I have went with their workaround and am using ExpressVPN inside the VM to get this working on MX Linux.

0 Kudos
Highlighted
Contributor
Contributor

I am using the standard Windows VPN connection to our VPN work router and everything works now except that I can't map any drives to the work servers.

Is anyone experiencing the same issue? Is a major problem for us

0 Kudos
Highlighted
Enthusiast
Enthusiast

Thank you @whirlwinds for working with them.

Unfortunately, their statement is horrifically unclear. The only thing that is clear is that they believe it is the VPN vendor's fault. 

Was there any detail about which changes in Big Sur they are referring to? Any Apple documentation we can provide to Express VPN to determine if this statement is valid? Does this have to do with Apple's proposed move away from kernel extensions which was originally going to be a part of Big Sur but was eventually delayed? 

0 Kudos
Highlighted
Contributor
Contributor

Nope, what you see is all I received. I asked about why the NAT was not functional no response yet.

0 Kudos
Highlighted
Contributor
Contributor

Same problem here.

I was using the native Win10 vpn client. It use to work until Big Sur / Fusion 12 upgrade.

0 Kudos
Highlighted
Contributor
Contributor

I did.  They're blaming Apple.  See below:

 

hank you for your Support Request.

I understand after upgrading the Mac to Big Sur and VMWare Fusion to 12 you are unable to use VPN with the guest operating system.

What is the Network Adapter selected for the VM?

We understand you are facing this issue post the Big Sur Update. Fusion 12 has made changes in compliance with Big Sur requirements and is using System extensions.

The issue you are facing is only when the VPN is on the host and the VM is using NAT? 

We have already noticed some of these uses case and had an extensive discussion with Apple to understand if anything could be changed.

We recognize that while no changes would be made on Fusion or Apple for this , since it affects some of our use case scenario for customer we are planning to document this in our release notes too.

If it's a IT provided VPN please do get in touch with your IT to engage the VPN vendor.

Alternatively if allowed can install VPN in the VM with VM in Bridged mode.

0 Kudos
Highlighted
Enthusiast
Enthusiast

Interesting. To me, that response is also very unclear. I can't figure out if they are blaming Apple or not.

Also, I find it interesting they say they are using a System Extension. Can't you see the System Extensions in System Preferences -> Extensions? I don't have one listed there for VMWare.

0 Kudos
Highlighted
Contributor
Contributor

I told him to show the developers this.

Highlighted
Enthusiast
Enthusiast

I also followed back up with Express VPN and asked that they include this thread in these notes to their developers. 

0 Kudos
Highlighted
Contributor
Contributor

> What is the Network Adapter selected for the VM?

The network adapter selected is "Share with my MAC - NAT".

The issue you are facing is only when the VPN is on the host and the VM is using NAT? 

No, the vpn is defined on the guest machine (is the native windows 10 vpn client). I'm not using vpn on the host.

> Alternatively if allowed can install VPN in the VM with VM in Bridged mode.

OK, I'll try.

Many thanks

 

0 Kudos