Win 7 OpenVPN TUN / TAP adapter in VirtualBox with Ubuntu VM

[HOTDOG]

Hello everyone,

I am a non native English speaking newbie with no computer science background but want to set up OpenVPN in Windows to use the TUN/TAP adapter in VirtualBox. I read tons of threads and manuals to reach the goal on my own but I am not capable with my poweruser knowledge.
Please help me!

1. My actual state:
My Computer has Win 7 Pro 64Bit installed.
I use OpenVPN Client 2.1.4 with --enable-password-save in Windows.
I have VirtualBox 4.0.4 installed with a Ubuntu 10.10 VM 32Bit.

Current working OpenVPN config:
dev tun
fast-io
persist-key
persist-tun
nobind
remote xxx.xxx.com 1194
pull
comp-lzo
tls-client
cert xxx_cert/client.crt
key xxx_cert/client.key
ca xxx_cert/ca.crt
dh xxx_cert/dh1024.pem
cipher AES-128-CBC
verb 3
mute 10
route-method exe
route-delay 2
auth-user-pass xxx_cert/pwd.txt

2. My goal:
If i start my VPN Client i just want to control him in Windows I don’t want to tunnel any traffic for my OS.
I only want to use the Windows TUN/TAP adapter as bridge via VirtualBox settings to use the VPN tunnel in my Ubuntu VM.

3. Please help:
# What must be changed in my OpenVPN configuration?
# Can I use the TUN/TAP adapter in VirtualBox for my goal? (I like it because if I lose VPN connection, than network can’t switch to non-VPN.
# Do I use a TUN or TAP adapter?
# Do I have to change settings for the TUN/TAP adapter in Windows too, and if yes, what?
# What do I have to change in the default Ubuntu network configuration?

For a newbie like me its nearly impossible to get this done correctly without security flaws but for one of you its probably a piece of cake.

I would like to thank everyone for helping me in advance. OpenSource rules!

[janjust]

err, why not simply run openvpn from within the vm? it will be FAR easier to do that.
what you want is actually quite hard to do on windows:
- you'd need to set up forwarding from the virtual box ethernet host device to the tap-win32 device
- you need to set up masquerading/NATtnig so that all traffic coming from the virtual box eth host dev is translated before it enters the tunnel
- you need to massage your windows firewall to make this happen

This has little to do with openvpn but more with natting and firewalling. I'm pretty sure that you will NOT be able to achieve this on windows without third party NATting software.

[HOTDOG]

Thanks for reply janjust,

my reason for planing to do like i said is:
1. I had lots of OpenVPN application crashes in OpenSuse 11.3 and on Ubuntu 10.10 the Gadmin-OpenVPN-Client had issues too. I had not one single successful OpenVPN connection on Linux so far :(
2. OpenVPN on Windows was the only one that worked out of the box for me. Ok after days of problems caused by my provider :)
3. But most important is: If I choose the TUN/TAP adapter as bridge in VirtualBox I probably get no switching to non-VPN network if I have an unexpected disconnect.

You said:
"- you'd need to set up forwarding from the virtual box ethernet host device to the tap-win32 device"
"- you need to set up masquerading/NATtnig so that all traffic coming from the virtual box eth host dev is translated before it enters the tunnel"
I wanted to use the option "Bridged Adapter" because i can select the TUN/TAP adapter directly in VirtualBox. If its easier with a "VirtualBox-Host-Only Ethernet Adapter" I can do that instead.

[janjust]

Hi Hotdog,

a colleague of mine runs openvpn on opensuse without any issues; he uses Knetworkmanager, IIRC. Don't know about Ubuntu but the NetworkManager is not stable on all platforms. Running it from the commandline should always work, however.

[HOTDOG]

My main goal is that the VM inside VirtualBox can only access the OpenVPN network and never the unencrypted one. This design should be 100% reliable but how can I do it?

[janjust]

on windows 7? you can't. not without extensive 3rd party tooling.
It has nothing to do with OpenVPN but with the fact that windows does not have advanced routing/firewalling capabilities built in by itself.

[HOTDOG]

I cant believe it. Is it really impossible to use the TUN/TAP adapter or whatever virtual adapter that has ONLY access to OpenVPN network inside a VirtualBox?