For various reasons, I need to use OpenVPN at the university to be able to connect to the internet when I’m connected to a wired connection.
I don’t like OpenVPN on Windows, primarily because it’s a software created for *nix systems and doesn’t run very well under Windows so it needs a lot of configuration under certain circumstances and so on.
Nevertheless, OpenVPN works by creating an IPv4 Point-to-Point connection using a /30 subnet between the server and the client so, for instance, if the server, on the Point-to-Point connection, has the address 192.168.2.1, the client will have 192.168.2.2, the subnet itself will be 192.168.2.0 and the broadcast address will be 192.168.2.3.
If you’re using Oracle VirtualBox or VMWare Player, you can simply configure the network adapter of the virtual machine to manage a NAT themselves. If the host has internet access, guest operating systems will be able to connect via a NAT hidden to (but usually customizable by) the user.
But what if you’re using Hyper-V? Hyper-V has been designed for datacenter operations on Windows Server, where dedicated physical routers would manage routing, NAT etc.
This brings a lot of really cool features like directly connect a virtual machine to a FCoE SAN or managing virtual switches and other stuffs, as expected from an enterprise-class hypervisor.
Supposing that, like me, you’re running Windows 8 / 8.1 with Hyper-V on a laptop (I need it for the Windows Phone 8 emulator) and you’re connecting using some kind of PtP connection, like OpenVPN or a simple PPPoE modem, you need to configure a NAT on your system.
This despite the fact that you won’t always need it, that will not work for every wireless or wired connection you’re gonna use and that there is a really big problem ahead, but let’s talk about this later.
Creating a NAT for your virtual machines it’s pretty easy.
Just open the Hyper-V management console, create a new virtual switch connected to an internal network (call it “Hyper-V NAT” or something like that), then open the Control Panel, open Network Connection and Sharing Center and enable the Internet Connection Sharing for the PtP connection you’re using and select as the “domestic network” the “Hyper-V NAT” adapter.
By doing this, Windows will enable packet forwarding, will set the IP address of the “Hyper-V NAT” adapter to 192.168.137.1/24 and will enable a DHCP & DNS service on the same adapter.
Virtual Machines connecting via the “Hyper-V NAT” adapter will automatically get their network configuration and will be able to surf the web (and usually download several hundred MBs of updates on their first run).
Seem easy, huh? Well, it is. You can also change the switch to which a VM is connected when it’s running, so if you’re moving to a place when your PtP connection is not needed you can simply connect the VM to another virtual switch.
That’s fine, really fine, until someday you need to share the 3G/4G connection of your Windows Phone 8 with your laptop.
How does it work? Easy. Your WP8 device turns into a wireless router with a built-in DHCP & DNS service.
The Wi-Fi adapter IPv4 address of your WP8 device is set to 192.168.137.1/24 and your laptop will get the network configuration automatically by your phone.
Your wireless adapter is set as the following:
IPv4 address: 192.168.137.2 ( or .3, or .42, etc. automatically assigned by DHCP of your Windows Phone)
Subnet Mask: 255.255.255.0 (or /24, by DHCP)
Default Gateway: 192.168.137.1 (by DHCP)
but your “Hyper-V NAT” adapter is set as the following:
IPv4 address: 192.168.137.1 (automatically set by Windows Internet Connection Sharing service)
Subnet mask: 255.255.255.0 (or /24, always assigned by Windows ICS service)
Gateway: none (or 127.0.0.1, but it doesn’t matter).
That’s not gonna work. What your WP doesn’t know is that it’s telling your laptop to use itself as gateway.
The easy workaround is to disable the “Hyper-V NAT” adapter when you’re tethering your connection to your laptop, and that works.
Or, you can choose to solve this problem, by telling Windows ICS to use a different subnet to share the connection.
Because 192.168.137.0/24 is not really an “exotic” subnet, I decided to use the 172.31.137.0/24 subnet (yes, /24, not that you can select a different netmask anyway).
To change these values, you need to manually edit the Registry’s values located in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters.
Change ScopeAddress, ScopeAddressBackup and StandaloneDhcpAddress accordingly to your needs.
Try to select a subnet you’re almost sure you’ll never use and you should be fine until IPv4 will be deprecated (HAH!).