libvirt strategy question

mikudo · 03-21-2019, 09:12 AM

Maybe I am trying to do something impossible, but I ideally want my vm's to share my vpn.

I don't think I'm getting that far though, I can't get the guest to talk with the host at all. Maybe the vpn makes it simply so that libvirt can't get to the eth interface at all?

debian os
libvirt manager gui v 1.4
no network manager
static ip from router
using vpn tun0 with 10. address

First, if there was no vpn and the default bridge never worked and I just want to add a new bridge, do I make virtmanager distribute an ip over dhcp and then bridge that address to eth0? Or routed mode?

I would prefer if my vm would get an ip from the router itself so that dhcp requests were just routed to the router. But that won't happen if the interface is in a vpn because the interface doesn't even see the router right?

Ideally libvirt would give an ip address that just routed all requests dns and otherwise out the vpn just like it was the host.

I don't get understand the transport stuff enough to know if that would ever work.

Any tips or thought appreciated thanks.

mostlyharmless · 04-16-2019, 12:21 PM

Just a suggestion: get your vm communicating with the router and host like any other computer on the network first, then arrange traffic through the vpn afterwards. There are any number of tutorials in setting up networking for a vm; I use a bridge over the host adapter, with the router assigning IP addresses to host and VM independently via DHCP. A separate machine serves as the VPN host. Each machine, virtual or otherwise, then needs a vpn client.

berndbausch · 04-16-2019, 07:42 PM

Without seeing your network topology, not much can be said.

By default, libvirt sets up a bridge named virbr0, runs a DHCP server (dnsmasq) and arranges for NAT. Again by default, VMs are connected to virbr0 and get an IP address from a range like 192.168.124.1/24 (that's the range on my PC). Thanks to NAT, they can dial out, and they can be reached from the virtualization host.

Instead of this default NAT arrangement, you can create your own bridge, plug the virtualization host's NIC into the bridge and tell libvirt to use this bridge for connecting the VMs.
Something like this:

Code:

       VM1   VM2
        |     |
      Your bridge
           |
          eth0
           |
      The Internet

In this case, VMs are connected to the same network as that NIC, and it's your responsibility to provide an IP address to VMs, either by configuring static addresses on the VMs or by running your own DHCP server.

If you use the virtmanager wizard to create a new VM, step 5 has an option Network Selection. The attached screenshot shows the networking options on my PC; the first one, br1, is such a bridge. Virtual network 'default': NAT is virbr0.

My suggestion: Ensure that VMs can be networked at all, using NAT or your own bridge. Once you have an understanding how that works, approach the VPN question.