locked
virtual machine proxy through DA RRS feed

  • Question

  • Hello,

    I installed a VMWare Virtual Machine on my laptop with DA copnnectivity. I would need to access the intranet through my VM, but I do not know how to configure this... I guess it is possible to proxy flows coming from my VM so that it be redirected by my laptop to the intranet.I tried to install a socks proxy server on the laptop, but when I use it from the VM, the proxy server is not doing DNS resolution well (when looking for a Intranet hostname, the socks server doesn't know... I guess it does ont look in the NRPT table. How to change this?)

    My VM is not integrated to the domain, and cannot be.

    Thanks

    Thursday, July 3, 2014 9:59 AM

Answers

  • The Linux VM will never get access to the DirectAccess tunnel.

    The Linux VM has a totally seperate TCP/IP stack. It can not leverage the IPSec tunnel on your host machine.

    Friday, July 4, 2014 11:25 AM

All replies

  • Hello,

    As far as I know for security reason I don't think so that you could doing this.

    Regards,


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/

    Thursday, July 3, 2014 2:12 PM
  • On your "host"  machine (e.g. your laptop), do you need to use a proxy to accesss the internet? Or you have a direct connection with no proxy?

    If you need to use a proxy on your host machine, you also need to use the same proxy on your VM. 

    Is the DirectAccess on your laptop setup in Force Tunnel mode?

    Thursday, July 3, 2014 11:24 PM
  • Hello,

    I have no proxy, it is a direct connexion. DA is not in force tunneling mode (I guess I cannot force it from the DA client?).

    Friday, July 4, 2014 7:14 AM
  • Hi There - just to clarify your statement

    I installed a VMWare Virtual Machine on my laptop with DA copnnectivity. I would need to access the intranet through my VM, but I do not know how to configure this... I guess it is possible to proxy flows coming from my VM so that it be redirected by my laptop to the intranet.I tried to install a socks proxy server on the laptop, but when I use it from the VM, the proxy server is not doing DNS resolution well (when looking for a Intranet hostname, the socks server doesn't know... I guess it does ont look in the NRPT table. How to change this?)

    Quote - "My VM is not integrated to the domain, and cannot be."

    Can i refer you to http://technet.microsoft.com/en-us/library/dd637797(v=ws.10).aspx - (although it talks about UAG etc the requirements are still the same) and specifically "DirectAccess client computers that are running Windows 7 Enterprise or Windows 7 Ultimate. DirectAccess clients must be members of an AD DS domain."

    I have seen virtual machines working as DA Clients but if your machine is not a member of the Domain with all the pre-reqs applied such as GPO / Certificates it will not work.


    john davies

    Friday, July 4, 2014 8:12 AM
  • To clarify:

    - my laptop has a working DA connectivity.

    - I installed on this laptop VMWare Player, and I am running an linux host.

    - The linux VM will never be integrated to the domain. However, I need to access the intranet from my linux VM. Considering the fact that DA connectivity is an IPSec tunnel, I could benefit from this tunnel to route all my linux VM flows to the intranet.I just don't know how to implement this.

    Friday, July 4, 2014 8:45 AM
  • The Linux VM will never get access to the DirectAccess tunnel.

    The Linux VM has a totally seperate TCP/IP stack. It can not leverage the IPSec tunnel on your host machine.

    Friday, July 4, 2014 11:25 AM
  • I concur with Matt on this one - this will not be possible for the interaction / connection of a linux machine to the intranet using DirectAccess

    john davies

    Friday, July 4, 2014 11:37 AM