Hi.
First of all hello, I'm Piotr.
I have some problems with setting my UTM Virtual Appliance.
Here is my situation:
Host PC witch CentOS 8.1 and KVM as hypervisor.
3 virtual machines:
- first is Sophos UTM;
- second is CentOS 8.1 for services;
- third is CentOS 8.1 for games.
Host PC has two network cards. One (lets call it eth2) is for Internet (WAN) access, the other (eth1) is for local LAN.
WAN NIC has random IP set, and LAN had IP from local subnet.
In Sophos virtual machine I have 3 NICs:
- eth1 is connected though bridge0 to eth1 (LAN) on host and has IP address from local subnet
- eth2 - bridge1 to eth2 (WAN) on host and has IP address as given by ISP. MAC is also changed.
- eth5 is added manually and I will come back to it later.
Bridges are set because KVM manager in CentOS said that vmtap (which connects directly to host NICs) sometimes doesn't allow connection with host and it was correct in my case. I could log in on console but was unable to ping my UTM.
This configuration works perfectly when I'm locally connected to network in my house. Problem starts when I want to connect by using VPN, when I'm at work. I can connect to all virtual machines, using their local addresses. I'm unable to contact with host PC. I can log into one of virtual CentOS instances and then to host PC, but I want/need direct access to host.
I can ping host from other VMs and vice versa. The host can't ping UTM but has Internet access. What I can't do is connect to host through UTM SSL VPN.
This is where eth5 appeared. I'm using it for host only network and I can ping host by using this interface. Host can also ping UTM. I called this dedicated network “Management” and added some rules that when something is trying to reach this subnet it should use eth5. With all this set I still can't reach Host PC when I'm connected by VPN.
This is why I'm looking here for help. Please tell me what settings from my UTM do you need and I'll paste it here.
I hope the description is clear enough.
This thread was automatically locked due to age.