Using Guest OS's VPN connection in OS X

Discussion in 'Installation and Configuration of Parallels Desktop' started by AndyE, Jun 24, 2009.

  1. AndyE

    AndyE Bit poster

    Messages:
    2
    Hi,

    I use a VPN connection within the guest OS (in this case, Windows XP) for work with another location from ours. I am wondering if it's possible to share this VPN connection with the host OS, which is OS X...? If so, how might this be done?


    Thanks,
    Andy
     
  2. Elric

    Elric Parallels Team

    Messages:
    1,718
    Yes, it is possible, but requires some untrivial tuning... they could be very complicated for non-it person.. unfortunately, so far there is no easy way to do this task.

    Connect VPN in guest. Then, if your VPN connection have appeared in Windows Network Connections, use kb-article http://kb.parallels.com/en/5557 as a guide. General steps are (following the same logic as in the article):

    1. Add HostOnly network adapter to VM. Start the VM and connect VPN. Invoke cmd.exe and type ipconfig /all. Write somewhere the values of the ip-addr, netmask, DNS-server and DNS-suffix

    2. Configure DHCP

    3. Configure Parallels HostOnly adapter as
    Router: 192.168.0.1
    DNS server: use the same value as for the VPN-connection
    Search Domains: the same as for VPN-connection

    4. Configure Internet Connection Sharing in Windows. (see KB article)

    5. Providing that netmask is 255.255.255.0 and ip is something like 10.20.30.40, Issue the command in the Mac OS X Terminal
    sudo route -n add 10.20.30.0/24 192.168.0.1

    to remove tunnel, just issue on Mac side
    sudo route -n delete 10.20.30.0/24
    and optionally remove dns-settings from the Parallels Host Only adapter. There is nothing required to do in Windows guest.

    if netmask is 255.255.0.0, /24 should be replaced with /16. and for netmask 255.0.0.0 /8 should be used.

    --

    One more special issue exists if VPN connection doesn't appear in Network Connections. But there is also a solution for this...
     
  3. Elric

    Elric Parallels Team

    Messages:
    1,718
    And... it is possible to spend the whole day configuring all these stuff.... just a warning
     
  4. AndyE

    AndyE Bit poster

    Messages:
    2
    Elric,

    Wow, perfect! Thanks very much for helping me with this, I really appreciate it.


    Andy
     
  5. SheldonF

    SheldonF Bit poster

    Messages:
    1
    You mention one more special issue if the VPN client doesn't create an interface.. care to expand on that?

    Currently I have setup:
    Shared Networking for one Parallels adapter.
    Host only for another.

    I can ping both IP address from the OS X side.

    I use the Nortel VPN connection client from windows, and can connect to the VPN no problem

    When running "ipconfig /all" in windows I see both parallels ethernet adapters, and one other - Nortel adapter. But I don't see the Nortel adapter in the windows control panel, so can't share the internet connection..

    Thoughts?
     
  6. Elric

    Elric Parallels Team

    Messages:
    1,718
    I've found this info in one of the blogs:

    Start the regedit.exe and navigate to HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CEBFC1-
    08002bE10318}
    Expand it and find the entry with "Driver Desc" of something like "Nortel". Change value "Charasteristics" to be 1 (just in case, write-down somewhere original value)
    May be you will need to reboot the VM after that
     
  7. MuthuN

    MuthuN Bit poster

    Messages:
    7
    Paralles 5 - Win XP - Nortal - VPN Sharing

    Eric, I really appreciate your post. But I have been struggling to make it work with your instruction. I would really really appreciate if you could post detailed "step-by-step" instruction for "Paralles 5 - Win XP - Nortal" combination. There are lot of people in my organization trying go this route (mac+parallels) if this setup works, I am bit more technical than others but unfortunately I couldn't make any progress on this. So your help is greatly appreciated.

    Thanks
    Muthu
     
  8. Bob Lai

    Bob Lai Bit poster

    Messages:
    4
    Dear all,
    I'm old customer using PD2.
    I had saw the documents for many times.
    and try to setup it in PD5.

    but I am still fail.
    I really need it because of nortel VPN connection issue and I want upgrade it to PD5 if it work.


    does anyone provides more clear steps.

    Thanks a lot
     
  9. Bob Lai

    Bob Lai Bit poster

    Messages:
    4
    Dear all,
    I really need the steps and consider to upgrade to PD5

    does anyone provide more clear steps?

    thanks
     
  10. Elric

    Elric Parallels Team

    Messages:
    1,718
    Could you please describe what step causes troubles? I'll try to clear it.
     
  11. furia

    furia Bit poster

    Messages:
    1
    Elric,

    I'm also having trouble getting this to work. I attempted to follow your instructions, but have not had success.

    I'd like to echo the requests from MuthuN and Bob: would it be possible to provide clearer instructions?

    Thanks!
     
  12. MuthuN

    MuthuN Bit poster

    Messages:
    7
    My current setup and issues I am facing...

    Eric - Thanks for your response. Your help is greatly appreciated! Here is how my current settings look like, obviously I am missing some crucial step and it doesn't work yet. Can you please review these steps and suggest me if there is a correction or anything I am missing. Thanks again.

    1) Windows - Host-only adapter.

    [​IMG]

    2) Windows - Shared Adapter

    [​IMG]

    3) Windows - Internet Sharing

    [​IMG]

    4) MAC - Host only adapter settings

    [​IMG]

    5) Windows ipconfig/all result

    IP Address. . . . . . . . . . . . ..: 10.157.32.43
    Subnet Mask . . . . . . . . . . . : 255.255.248.0
    Default Gateway . . . . . . . . : 10.157.32.43
    DHCP Server . . . . . . . . . . . : 255.255.255.255
    DNS Servers . . . . . . . . . . . : 159.137.225.62
    10.158.83.160
    Primary WINS Server . . . . . . . : 159.137.225.62
    Secondary WINS Server . . . . . . : 10.158.83.160


    6) I issued the following from MAC terminal

    sudo route -n add 192.168.0.0/24 192.168.0.1 ( not sure about this)

    ----------
    Thanks
    Muthu
     
  13. Elric

    Elric Parallels Team

    Messages:
    1,718
    Cool, it is almost ok!

    The command should be (for your case)

    sudo route -n add 10.157.32.0/21 192.168.0.1

    If this doesn't help, please post here (or via private message) the full output of "ipconfig /all" from windows side,

    "ifconfig -a" and "netstat -nr" from Mac OS side.

    PS: We are working on better KB, but no estimation when it will be ready
     
  14. MuthuN

    MuthuN Bit poster

    Messages:
    7
    Elric - Thanks for your response, I just send you a private message with the details you mentioned. Appreciate your help!
     
  15. Elric

    Elric Parallels Team

    Messages:
    1,718
    I'm replying here because by default notifications about private messages are not delivered by email (it should be explicitly enabled in profile)

    There is an oddity in the routing table:
    i.e. for some reason the route was added to en1 instead of vnic1.. I believe that it is because of previous command
    "sudo route -n add 192.168.0.0/24 192.168.0.1"

    The easiest way to fix it is to reboot the Mac OS (if reboot between current moment and previous route-command was not made yet) and repeat the command "sudo route -n add 10.157.32.0/21 192.168.0.1"

    Also, I've just realised that there could be one more problem (after rebooting and entering the correct route) with DNS.. I'm not sure how will behave Mac OS dns-resolver. Theoretically, Mac OS may ignore the entered DNS-server 10.158.83.160..

    after rebooting try execute from terminal command "ping 10.157.24.180". If it will work, then the half of way is done. If the ping works, try to ping some VPNd server by its name (ping some_vpnd_server_name).

    If ping won't work, then we reached the point where I need to do complicated testing in my workplace to be sure (I'm not currently in the environment where I can test this)..

    PS: Thank you for the input. If the KB article (and may be an application to simplify configuration) will be created, this feedback will be invaluable
     
  16. MuthuN

    MuthuN Bit poster

    Messages:
    7
    I'm replying here because by default notifications about private messages are not delivered by email (it should be explicitly enabled in profile)

    There is an oddity in the routing table:

    i.e. for some reason the route was added to en1 instead of vnic1.. I believe that it is because of previous command
    "sudo route -n add 192.168.0.0/24 192.168.0.1"

    The easiest way to fix it is to reboot the Mac OS (if reboot between current moment and previous route-command was not made yet) and repeat the command "sudo route -n add 10.157.32.0/21 192.168.0.1"

    Also, I've just realised that there could be one more problem (after rebooting and entering the correct route) with DNS.. I'm not sure how will behave Mac OS dns-resolver. Theoretically, Mac OS may ignore the entered DNS-server 10.158.83.160..

    after rebooting try execute from terminal command "ping 10.157.24.180". If it will work, then the half of way is done. If the ping works, try to ping some VPNd server by its name (ping some_vpnd_server_name).
    Elric - Again, thanks for your quick response. Its okay if the message appears on the public forum instead of being in private. For some reason it didn't work.

    ----
    sudo route -n add default 192.168.0.1
    add net default: gateway 192.168.0.1
    ~
    02:37:04 $ sudo route -n delete default
    delete net default
    ~
    02:37:22 $ sudo route -n add default 192.168.1.1
    add net default: gateway 192.168.1.1
     
  17. MuthuN

    MuthuN Bit poster

    Messages:
    7
    I can not even ping after establishing VPN "192.168.0.1"

    Hi Elric - One point

    I can ping "192.168.0.1" from OSX terminal before VPN connect established on windows
    02:43:54 $ ping 192.168.0.1
    PING 192.168.0.1 (192.168.0.1): 56 data bytes
    64 bytes from 192.168.0.1: icmp_seq=0 ttl=128 time=0.231 ms
    64 bytes from 192.168.0.1: icmp_seq=1 ttl=128 time=0.298 ms
    64 bytes from 192.168.0.1: icmp_seq=2 ttl=128 time=0.363 ms
    64 bytes from 192.168.0.1: icmp_seq=3 ttl=128 time=0.204 ms
    64 bytes from 192.168.0.1: icmp_seq=4 ttl=128 time=0.295 ms
    64 bytes from 192.168.0.1: icmp_seq=5 ttl=128 time=0.262 ms


    But it fails once I establish VPN
     
  18. Bob Lai

    Bob Lai Bit poster

    Messages:
    4
    Dear all,
    I get the same problem as MuthuN,
    can not find the NIC after nortel connection establish.

    but I find in Eric refer's document (kb-article http://kb.parallels.com/en/5557)
    there are 2 apple script maybe need to apply.
    does it work in snow leopard with PD5 ?
     
  19. Elric

    Elric Parallels Team

    Messages:
    1,718
    The commands are not exactly right... it should be "sudo route -n add 10.157.32.0/21 192.168.0.1" - i.e. route 10.157.32.0/255.255.248.0 to gateway 192.168.0.1. The invalid routing-table entry is
    "10.157.24/21 192.168.0.1 UGSc 0 0 en1"

    If you want, it is possible to schedule WebEx session on next week and look at all this directly on your machine. Let me know if you are ready to try.
     
  20. WojciechB

    WojciechB Bit poster

    Messages:
    1
    Hi Elric,

    I have similar problem. My VPN Subnet Mask is 255.255.255.255

    How should my command for route looks?
     

Share This Page