Find the answer to your Linux question:
Results 1 to 8 of 8
I am running redhat 6.2 and have a win 7 KVM. I'm using AT&T to VPN into a companies intranet. My question is..is there a way to connect via the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3

    KVM VPN bridge?


    I am running redhat 6.2 and have a win 7 KVM. I'm using AT&T to VPN into a companies intranet.

    My question is..is there a way to connect via the VPN using the KVM and share that connection to the host machine?

    The reason I ask is to access the repository I need connection to the company network. If the VPN doesn't work on the host machine I'm trying to find a way to connect to the repository using the VPN connection from the KVM.

    Make sense?

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Hi and welcome,

    If the VPN doesn't work on the host machine I'm trying to find a way to connect to the repository using the VPN connection from the KVM.

    Make sense?
    That would make sense only if the VM has its own (physical) network interface installed in the host computer that is used only by the VM and not the host.

    But normally that isnt the case and therefore I don't think that it makes much sense. Surely I don't cover all possible failovers with this, but a VPN connection on the host machine should fail only if the network connection is gone or the network is somehow otherwise down. Since the host machine uses the same physical network interface it most likely will affect the connection of the VM guest in the same manner. For example the network connection of the host may be down because the next switch where it is plugged into is broken and this will surely affect the VM in the same manner, wouldn't it?

    Cheers

  3. #3
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3
    Quote Originally Posted by Kloschüssel View Post
    Hi and welcome,



    That would make sense only if the VM has its own (physical) network interface installed in the host computer that is used only by the VM and not the host.

    But normally that isnt the case and therefore I don't think that it makes much sense. Surely I don't cover all possible failovers with this, but a VPN connection on the host machine should fail only if the network connection is gone or the network is somehow otherwise down. Since the host machine uses the same physical network interface it most likely will affect the connection of the VM guest in the same manner. For example the network connection of the host may be down because the next switch where it is plugged into is broken and this will surely affect the VM in the same manner, wouldn't it?

    Cheers
    Yeah this isn't a physical connection issue. It's the software.

    Here is how it's setup.

    Host machine is running linux and we use AT&T to connect to the companies intranet where the software repository is.

    KVM is win 7 which also has AT&T on it and can vpn into the companies intranet.

    If the AT&T software gets corrupted the host machine can't connect to the repository but I do still have reg internet access. I can still start the KVM and vpn into the intranet. Since the AT&T software on the KVM still works.

    Is there a way to have my KVM connection to allow my host machine to see that VPN connetion as well so I can re-install AT&T from the repository?

  4. #4
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Having a fallback system makes sense. Therefore it makes much more sense to me to duplicate systems in case where a high availability must be guaranteed. Normally this is measured by comparing the costs of such a system against the costs of a possible downtime.

    But I would be much more afraid of hardware malfunction than "software corruption". If the software is set up once and nobody touches it from there on, it shouldn't break unless the hardware breaks. By hardware I mean one of: ISP cuts the internet connection, cables are bitten by rats, a fire burns down the computer responsible for the vpn or simply a disk in that computer gets broken by an earthquake.

    And if you need that piece of software so hard, why don't you make a backup once it is set up? In case the other disk breaks or someone breaks the software you could always just swap the current disk with the backup disk and it is back alive within a jiffy!

    Cheers

  5. #5
    Just Joined!
    Join Date
    Apr 2012
    Posts
    3
    Quote Originally Posted by Kloschüssel View Post
    Having a fallback system makes sense. Therefore it makes much more sense to me to duplicate systems in case where a high availability must be guaranteed. Normally this is measured by comparing the costs of such a system against the costs of a possible downtime.

    But I would be much more afraid of hardware malfunction than "software corruption". If the software is set up once and nobody touches it from there on, it shouldn't break unless the hardware breaks. By hardware I mean one of: ISP cuts the internet connection, cables are bitten by rats, a fire burns down the computer responsible for the vpn or simply a disk in that computer gets broken by an earthquake.

    And if you need that piece of software so hard, why don't you make a backup once it is set up? In case the other disk breaks or someone breaks the software you could always just swap the current disk with the backup disk and it is back alive within a jiffy!

    Cheers
    Yeah the problem is, the company is setting up all the users that work remotely like this so, I'm talking about the client laptops not the server side. If the machine was onsite I would just restore it or as you say swap the drive out or just image the drive.

    I'm trying to find a way for the user who is at a remote location and his AT&T only works via his KVM and we need to access the repository on his main OS where his AT&T doesn't work.

  6. #6
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    890
    Here's what I've come up with. Be warned, I haven't tried this in practice, but I don't see why it wouldn't work.

    Make sure you have two interfaces on your VM. 1, the interface pointed at your corporate VPN, which should be a network bridge of the physical interface. 2, the interface we need for the back end.
    Next, set up internet connection sharing in Windows.


    On the KVM host, set up a static route, to route all traffic for the internet/corporate IP through the virtual adapter.
    Give that a shot. You might have to create some kind of traffic forwarding rules on the Windows machine, but I think the internet connection sharing feature should take care of it.

  7. #7
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Quote Originally Posted by vodkacooler View Post
    Yeah the problem is, the company is setting up all the users that work remotely like this so, I'm talking about the client laptops not the server side. If the machine was onsite I would just restore it or as you say swap the drive out or just image the drive.

    I'm trying to find a way for the user who is at a remote location and his AT&T only works via his KVM and we need to access the repository on his main OS where his AT&T doesn't work.
    *oh* .. ok. Now this makes more sense. Until now I was thinking about a server vpn that connects a branch office with the main office.

    To me it would seem that this premise makes things easier to you! Say to them that if they touch the configuration and it stops working, they get a nice kiss with the fist. *jokingly*

    If these are windows hosts I would try to do the deployment with a small windows installer setup. That allows one to install/uninstall/repair the VPN. Doing the same thing with a VM just creates a lot of overhead with lots and lots additional pitfalls. Against mizzles idea I would rather try to encourage you to keep it small and simple!

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by vodkacooler View Post
    My question is..is there a way to connect via the VPN using the KVM and share that connection to the host machine?
    The default answer is NO. The client side, the one that connects to the office, should always be setup to not allow the interface to talk with nothing but the VPN server. The reason for this is to keep the connection secure and protect the company network from being open to the public.

    The reason I ask is to access the repository I need connection to the company network. If the VPN doesn't work on the host machine I'm trying to find a way to connect to the repository using the VPN connection from the KVM.
    If the VPN doesn't work you should be contacting desktop support so they can fix the issue. you should not be trying to figure out a way to sidestep security.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •