UTM: Host VPN Connection doesn't reach the Guest

Configuration

  • UTM Version: 2.3.1 (38)
  • OS Version: macOS Big Sur 11.6.1
  • Intel or Apple Silicon? Apple Silicon

config.plist.zip

I’m using Kali Linux arm version on UTM (kali 5.14 arm64, installed Kali’s 2021.3 version) and I have no internet connection when using a VPN on the host. My Network configuration on UTM is Shared (I doubt Bridged would solve it) and Emulated Network Card is virtio-net-pci, I’m not sure if it’s a a misconfiguration, a bug or something else… but since I can’t install Mobile Access Portal natively on Kali (no arm64 version) I really need my host’s VPN connection to get to the guest inside UTM.

Looking for some help here, since I didn’t find a related issue. Many thanks in advance!

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 23 (8 by maintainers)

Most upvoted comments

Have you tried the emulated VLAN network mode? If any, that one would definitely go through the VPN since it’s emulated in userspace. The other modes use macOS Virtualization features that might not respect the host’s VPN settings.

+37
conath on Nov 3, 2021

@ghost @conath Here workaround for apple.virtualization:

  1. dump current rules using:
sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null > newrules.conf

(it should look like this:)

$ cat newrules.conf
nat on en0 inet from 192.168.64.0/24 to any -> (en0:0) extfilter ei
no nat on bridge100 inet from 192.168.64.1 to 192.168.64.0/24
  1. Add your vpn interface (for me it is utun5, check in ifconfig) and vpn CIDR
echo "nat on utun5 inet from 192.168.64.0/24 to 10.0.0.0/8 -> (utun5) extfilter ei" >> newrules.conf
  1. Reload pfctl rules
sudo pfctl -a com.apple.internet-sharing/shared_v4 -N -f newrules.conf 2>/dev/null

ref: https://communities.vmware.com/t5/VMware-Fusion-Discussions/Share-host-VPN-with-guest/m-p/2810095/highlight/true#M170151

+4
patryk4815 on Nov 27, 2022

It works @conath ! Thank you so much!!

+3
goncalolalmeida on Nov 5, 2021

I solved this issue like this:

Network: Bridge

nano /etc/resolv.conf nameserver 8.8.8.8

+2
MeiAnd on Sep 12, 2023

@dylan-gluck Don‘t use ping to check internet connectivity in UTM VMs, it‘s not supported (at least in emulated VLAN mode, see #530)

Instead perform a DNS lookup like dig @1.1.1.1 DuckDuckGo.com. If it times out, no connection. Otherwise you’re connected.

+2
conath on Feb 1, 2022

@bradyap did you ever find a solution?

+1
Moulick on Nov 3, 2022
Read more comments on GitHub
← UTM: GPU compatible display cards do not work in Linux (virtio-gpu-gl-pci/virtio-ramfb-gl)
UTM: JIT broken on iOS 14.4 and later →