One problem that developers, testers, and IT professionals who use Hyper-V on a Windows client system often run into is getting Virtual Machines (VMs) to use the Host PC’s active Virtual Private Network (VPN) connection. Hyper-V’s networking topology usually skips the temporary, virtual networks adapter that the VPN client makes. This means that the guest VM stays connected to the host’s regular, unencrypted network. The purpose is to send the VM’s traffic over the secure VPN tunnel that was set up on the host. This will provide the VM access to the corporate, lab, or geographically restricted internet connections that the host computer can reach. To share the secure tunnel, you need to set up the host in a certain way that uses its built-in networking features.
Networking Scenarios and Switches That Are Needed
The VPN Blind Spot on the External Switch
When connecting a VM to an External Virtual Switch, the network adapter is directly linked to the host’s hardware NIC either through Wi-Fi or Ethernet. The VPN software generates a new virtual network interface once VPN on the host is turned on. This new VPN interface is usually unknown rinVM’s traffic and keeps going through the original physical NIC. Thus, the VM will only be able to see the network that has been there before the VPN was set up.
The Solution: Internal Switch and Connection Sharing
Using an Internal Virtual Switch and Windows’ Internet Connection Sharing (ICS) feature is the best way to make sure that the VM’s traffic goes through the host’s VPN. An Internal Switch connects the VM to the host operating system solely, keeping it separate from the physical network. On this switch’s subnet, the host automatically gives itself a virtual network adapter.
Advanced Workarounds (PowerShell NAT)
If the ICS technique is too simple or causes problems, you can use PowerShell to set up a NAT (Network Address Translation) Virtual Switch as a more complex option. This gives you more control over the IP addressing and is often the best choice in places where ICS is turned off or causes problems. This command-line method are built in providing a strong subnet for VMs which can be routed over the VPN adapter with the use of custom routing or firewall rules.
Final Statement
For a safe and connected virtual testing environment, it is very important to share a host’s VPN connection with a Hyper-V VM. The default External Switch setting isn’t good enough, but using an Internal Virtual Switch with Internet Connection Sharing is a safe and easy way to send guest traffic through the host’s secure tunnel. This lets virtual machines access network resources as safely as the host does, which keeps development and security intact.
Get hands-on — explore Windows tools now!
