A Blog about Thijs de Vries

A blog

Workaround for Connecting to VMWare Guest While Using Cisco VPNClient

Currently I’m working on a project for a company which requires me to be on a VPN in order to access their websites and other resources. I use Cisco VPNClient in order to connect to the IPSec VPN they have. The project requires me to develop an application using Oracle. I am normally a Mac user and Oracle does not supply an OSX version of Oracle XE. My initial solution was to install Oracle XE on an Ubuntu virtual machine which I could than connect to with my Mac. Things were working correctly at first. I pointed my Rails application to the Ubuntu VM’s ip address and was able to connect to the database and run migrations. As soon as I connected to the VPNClient, I was unable to connect to the database using my Mac or network with the Ubuntu VM in anyway. The Ubuntu machine could connect to the internet but any ping I did to it from my Mac timed out.

Upon further research, I found out that VPNClient changes the way networking traffic is routed. Essentially all traffic gets routed to the VPN server that the VPNClient is connected to (I already new this but figured the client would ignore requests to the local network). Knowing that the Ubuntu VM was on a virtual local network I figured enabling ‘Allow Local LAN Access’ would do the trick (you may want to try this solution before taking the steps below). This unfortunately did not solve the problem. Although this option exists, the administrators of the VPN Server can choose to disable this for all users. I tried contacting the administrators and asking if they could enable local networking for me. I was told that it would be impossible to do this without enabling it for everyone and could be a security vulnerability.

I tried changing the routing tables but this too, did not work for me (I might have done it wrong, if this worked for anybody let me know). I also tried connecting to the native Snow Leopard Cisco IPSec VPN. This allowed me to connect to the VPN and connect to my virtual machines but the internet stopped working (I think some of the settings that can be enabled in VPNClient are missing in the Snow Leopard version such as transparent tunneling and using IPSec over UDP).

After reading this article on port forwarding using VMWare Fusion, I wondered if it would be possible to use with the VPN (after all, I’m routing to the localhost, not an external machine). I opened up textmate and opened up the file at:

/Library/Application Support/VMware Fusion/vmnet8/nat.conf

I added the following lines:

# is the ip I use for my VM
#Oracle Web Admin Page
8080 =
#Default Oracle Port
1521 =

ran the command:

sudo "/Library/Application Support/VMware Fusion/boot.sh" --restart

I opened up a brower on my Mac and typed in ‘http://localhost:8080/apex’ and was presented with the Oracle XE web interface login page. I than connected to the VPN and did the same thing to make sure that it would work over the VPN. After being presented with the login screen a second time I rejoiced a bit, and promptly tried connecting directly to the database with my rails app (had to modify the url of course).

This ended up being a good enough workaround to keep me developing in OSX instead of having to resort to using Windows or Ubuntu for this one job. There are probably better solutions out there which will allow VPNClient to recognize the virtual machines as safe (all the traffic from the VMs also get routed through the VPN if using a NAT connection, I’m not sure about bridged though). The irritating part of this workaround is that you have to specify each port you wish to use and make sure that you set static IPs that match the ports specified in the nat.conf file. If anybody has any better solutions, please respond in the comments section.