Windows 10 hyper-v default switch problems when VPN turned on

Copper Contributor

Hey I have following problems with my guests VMs:

Host OS:

Windows Pro latest edition: 1903.
Hyper-V on.
I am using Default Switch for my guest VMs.
Its configuration is default; IP is set to:
IP: 192.168.224.241
Netmask: 255.255.255.240
Gateway: empty
DNS: empty
My quest is configured in a following way:
IP: 192.168.224.242
Netmask: 255.255.255.240
Gateway: 192.168.224.241
DNS: 192.168.224.241

This configuration works OK on guest ( I have the Internet access and host connection) until I turn on a corporate VPN.
When the host VPN is turned ON I loose the ability to connect to the Internet on my Hyper-V guest.

What's wrong? I though that the default switch should manage this kind of situation. How I can change the configuration to make it working properly?

 

BR

Tomek

11 Replies
You should create a new Virtual network adapter in Hyper-v virtual switch manager, make it an external one and attach it to your physical network adapter which is connected to your computer and gives you Internet access.
after that go to the Guest OS and give it an static IPv4 address that is on the same subnet as your host, set default gateway to your physical router's IP address and DNS servers to something like: 8.8.8.8-8.8.4.4 (Goolge's) or 1.1.1.1-1.0.0.1 (CloudFlare's).
this method is guaranteed to work, let me know if you have problem setting it up.

@HotCakeX Thanks for your reply. I had gave it a try but instead using google DNS I used the exact same DNS as on my host which is my router gateway address. All was looking OK; the guest had the Internet connection and it was able to ping any web address.

Then I tried to start the VPN (L2TP/IPsec vpn) but the host was not able to connect. I was receiving rejections. I have deleted the external VNIC and I was able to connect to the VPN again. Seems like this configuration is breaking my VPN connection.

The other downside for this configuration is that I am switching the networks quite often; from cable to WIFI, from one WIFI to another and this configuration would require constant changes on my guest. 

I have the same config and it's working fine for me. not sure if it's relevant but I'm on Windows 10 insider 18956.
i'm using custom DNS (cloudflare's) on my host and 3 VMs that i have (Windows server 2019 and Windows 10 pro). they all use the Same external virtual network adapter and they're all on the same subnet as my host, have static IP too which is mandatory for my servers.
my network adapter is a USB WIFI adapter. my VMs all have direct connection to the internet, whether or not my host is using VPN.

when you switch from WIFI to cable you just have to go to virtual switch manger in Hyper-v and attach your other network adapter to the external vNIC.

@HotCakeX Thanks for your fast reply. What kind of VPN do you use? 

The other thing about following:

"when you switch from WIFI to cable you just have to go to virtual switch manger in Hyper-v and attach your other network adapter to the external vNIC." and what about guest network configuration? I would need to change it as well.

You're welcome,
I use IKEv2 and PPTP,
guest VM networks don't need any changes because they all see the same virtual adapter on their ends

@HotCakeX Thanks, I did the configuration one more time and it started to work....more or less:) As this time VMs have access to the Internet when the host VPN is turned on but they do not have access to resources provided by the VPN. Seems like the VM traffic bypasses the VPN.

Whole point of this configuration is to get both for the VMs; resources behind the VPN and access to the Internet.

I haven't explained this well at the first place.

I can confirm that your configuration is fine when VMs do not need access to host VPN.

 

Oh I thought the problem was that you couldn't get Internet in VMs with host VPN on. okay so I just tried it on my PC.
first restarted Windows, connected to my VPN, set Windows 10 enterprise VM to use the default switch, started the VM, then checked and I had both Internet and VPN access on the VM. I use VPN to access a specific website that only lets users from a specific country to access it so that's how I know my VM can use VPN resources.
now i understand you've tried the default switch already and it wasn't successful but try it again like i did and see what happens. by the way on my host i didn't make any changes to the default virtual switch, all i did was to set 1.1.1.1 as my DNS in the VM, no static IP or anything.

if you try all of them and it Still fail to work for you then i think it's related to the new networking system in the Windows 10 insider that I'm using, apparently it doesn't have the previous problems.

so I hope the default switch work out for you but if not then you have 2 options. 1 is to use Windows 10 insider (you can dual boot it if you want) OR you're gonna need to ask your VPN provider to let you login with multiple sessions so then you'll be able to connect directly to your VPN host from each of your VMs as well as your host OS, all at the same time.

@HotCakeX Thanks for your help! I have already tried the approach with installing the VPN on VMs but it was not working for me because of lack of proper packages for this kind of VPN. 

I have followed your walk-through and unfortunately VMs looses the connection upon the host VPN turn on. Could you please check your default-switch configuration on host and post it here? 

So first of all seems like it constantly changes it's IP after host restart...weird.

In the configuration I see that only IP and mask are filled in (no gateway, no dns). I set dhcp on my VMs.

The problem seems like there is no routing from default switch to VPN.

 

I have this same problem. It seems my guest OS shares the VPN connection. I want an independent connection from the Guest OS. When I try to create the External Switch, it breaks my wi-fi connection (Killer WiFi AX1650). Frustrating.

@kapalkatHi I had the same problem and solved it by reducing the MTU of NIC in the guest vm.

 

In the guest vm:

run cmd with admin privileges

netsh interface ipv4 show interfaces

netsh interface ipv4 set  interface "Ethernet" mtu=1300

@HotCakeX that does not do nearly the same thing.

Sure you can set up vms with an external adapter, static or dhcp.

but the Internal net should still get dns when the host is switched to vpn.