Mac – How to share a VPN connection in a VMWare Guest VM with the Host

virtual machinevmware-fusionvpn

The need

This question is relevant for all of those who want to bypass their corporate's annoying VPN, and access their work/corporate network from their private computer, especially if the corporate VPN client software can't run on their private computer.


This question is very similar to this one, which isn't answered 🙁

The challenge

We can't run the corporate VPN client from the private computer, so we converted the work laptop to a VMWare Virtual Machine. The VPN client works fine inside the guest VM, now we want to share it with the host (the private computer).

The specs:

  • The private computer (host OS) is Mac OS X Lion 64bit
  • The corporate laptop (guest VM) is WinXP 32bit, running in bridged network mode
  • The VPN client on the guest VM is Checkpoint SecuRemote NGX R60 HFA03
  • While the VPN is running in the guest VM, the host can still ping the guest and vice versa

Best Answer

We configure the VM with two network cards, one local to talk to the host, the other to talk to the internet. Then we force the host to use the guest as its router, erasing the old gateway.

1) Configure your VM to start with 2 network adapters, one for bridged access, the other one for Host-only connection. Configure the Host-only connection to have a DHCP server at, and to dish out IP addresses (to the host, say) and to the guest. On the host, I assume the interface connected to the guest is called vboxnet0, if not pls change accordingly.

Let me give you a reference on how to do this: see this AskUbuntu excellent answer

2) start your virtual machine, make sure you can connect to the Internet and can ping to/from Host, then connect via the VPN.

3) On the host, change your default gateway to be the guest

     route delete default
     route add default dev vboxnet0

5) Now let us go back to the guest: you find here instructions as to how share your VPN connection with other connections, for Windows.

6) On the host, check that you have connectivity, for instance by means of

    ping -c1

If this works, and you can connect to the Internet, you are done. If this works, but you cannot connect to the internet, it means your DNS configuration is broken, it is very easy to correct it, see for instance here.

If however the ping above cannot connect to Google, it means there is a problem on the guest. Possible causes include a restrictive firewall, or some typing error. To diagnose, check your routing tables, on guest and host, or disable the firewall completely.

And thank you for providing an amusing project.