Two months ago I took on a personal ambition to reduce my power bill. One of my culprits was to shutdown the home server that was a storage server, media streaming server, XBMC media center etc. It was also the internet gateway. I moved the entertainment functions to the MK802 device running android 4.0
The home devices:- phones, MK802 and PS3 had to continue to access the internet.
I chose my working laptop as the gateway sharing the 3G modem internet. The laptop runs windows 7 and it so happens that enabling ICS stops the VPN connections from working. This is a known issue. Windows Internet Connection Sharing (ICS) is not compatible with the VPN client. It produces errors such as:-
- The vpn client agent was unable to create the interprocess communication depot.
- Sometime it seems the tunnel is being established but terminated.
So turning off ICS fixes the error.
ICS was not an option. I turned to RusRoute
which is a router, firewall and Internet gateway solution for Windows. Its very good software but I failed to make VPN client work with it. It has poor documentation. Failed to configure VPN and firewall rules to make VPN work.
I turned to virtualbox. Setup a virtual machine with two interfaces one bridged to the wireless interface and the second Nat’ed. I thought it was going to be a smooth slide. Started out by installing Smoothwall express in virtual machine.
Hosts on the network would receive IP’s, Resolve IP’s but couldn’t access the internet. After some good time and frustration decided to Setup a proxy on Smoothwall, reconfigured clients and they could access the internet. I was not happy with this solution but atleast I could install some android applications on the MK802 for TV but some applications that where not built proxy aware failed to connect. This included failing connecting to the PSN network from the PS3.
If your a gamer, PSN not working is not acceptable at all.
I didn’t want to get dirty with troubleshooting deep why it was not working because setting up a linux or bsd router is quite basics, so if its failing I assumed may be it is the distro that is buggy inside a virtual host.
I chose to try another distro, m0n0wall was the second choice.
Same issue, I started to believe it probably it was me. As a mad scientist I tried all combinations of m0n0wall settings but zilch.
I was not looking forward frustration, downloaded the latest pfsense image. Installed pfsense virtual host.
Same issues. At this point am now sure that something is screwed with virtualbox. All the three distro’s above I have installed them at customer sites previously and just work. So I needed to troubleshoot now. I hate packet level troubleshooting.
Starting with the basics I ran tcpdump on pfsense guest. On the client I pinged pfsense guest, I could see the packets come and go. Perfoming a google.com ping, I could see the dns resolving request and response but the ICMP packets where not reaching the server. This was breakthrough, I now knew the issue wasn’t at all related to the guest OS’s I have been trying, but must be related to virtualbox networking.
Bridging to a wireless interface is done differently from bridging to a wired interface, because most wireless adapters do not support promiscuous mode. All traffic has to use the MAC address of the host’s wireless adapter, and therefore VirtualBox needs to replace the source MAC address in the Ethernet header of an outgoing packet to make sure the reply will be sent to the host interface. When VirtualBox sees an incoming packet with a destination IP address that belongs to one of the virtual machine adapters it replaces the destination MAC address in the Ethernet header with the VM adapter’s MAC address and passes it on. VirtualBox examines ARP and DHCP packets in order to learn the IP addresses of virtual machines.
So it seems my wireless adapter in my laptop (Dell XPS m1530) is the culprit. Its my fault but who reads documentation until stuff just JAMS to work. Switching bridging to the ethernet adapter interface seems to resolve the issue. All Client applications can access the internet.
Something to learn about. Now have to keep AP in ethernet cable distance to the laptop. Yak!!! Yak!!!