New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vagrant VMware provider with Cisco AnyConnect VPN tunneling all #5740

Closed
bgronek opened this Issue May 21, 2015 · 3 comments

Comments

Projects
None yet
4 participants
@bgronek
Copy link

bgronek commented May 21, 2015

Re-opening an old issue that is still a problem. Many have posted none have solved this one.

Using the vagrant vmware provider while VPN'd into a network using Cisco AnyConnect, I receive the folllowing error from vagrant up:

The VMware network device 'vmnet1' can't be started because
its routes collide with another device: 'utun0'. Please
either fix the settings of the VMware network device or stop the
colliding device. Your machine can't be started while VMware
networking is broken.

Routing to the IP '[IP address]' should route through 'vmnet1', but
instead routes through 'utun0'.

I've tried "Enable local LAN access' in the anyconnect client. It allowed the setting; however, it didn't make a difference. Has anyone elese encountered this issue?

@sethvargo

This comment has been minimized.

Copy link
Contributor

sethvargo commented May 21, 2015

Hi @bgronek

Thank you for reopening the issue. Unfortunately we do not have access to the Cisco AnyConnect client or its codebase to understand why this conflict might be occurring. Can you please provide the output of the Vagrant run in debug mode? Thanks!

@mitchellh

This comment has been minimized.

Copy link
Member

mitchellh commented Jul 7, 2015

This has been a common problem. I don't have a set solution butif you can find one let me know.

One solution I've heard is to use a subnet with the private network that doesn't collide with the VPN.

Let us know.

@cdwilson

This comment has been minimized.

Copy link

cdwilson commented Nov 10, 2017

I just hit this today as well.

When the AnyConnect VPN is connected, I get a similar error as above:

$ vagrant up --provider=vmware_fusion
Bringing machine 'default' up with 'vmware_fusion' provider...
==> default: Checking if box 'hashicorp/precise64' is up to date...
==> default: Verifying vmnet devices are healthy...
The VMware network device 'vmnet1' can't be started because
its routes collide with another device: 'utun2'. Please
either fix the settings of the VMware network device or stop the
colliding device. Your machine can't be started while VMware
networking is broken.

Routing to the IP '192.168.74.0' should route through 'vmnet1', but
instead routes through 'utun2'.

However, if I vagrant up before I start the VPN, everything works correctly:

$ vagrant up --provider=vmware_fusion
Bringing machine 'default' up with 'vmware_fusion' provider...
==> default: Checking if box 'hashicorp/precise64' is up to date...
==> default: Verifying vmnet devices are healthy...
==> default: Preparing network adapters...
WARNING: The VMX file for this box contains a setting that is automatically overwritten by Vagrant
WARNING: when started. Vagrant will stop overwriting this setting in an upcoming release which may
WARNING: prevent proper networking setup. Below is the detected VMX setting:
WARNING: 
WARNING:   ethernet0.pcislotnumber = "32"
WARNING: 
WARNING: If networking fails to properly configure, it may require this VMX setting. It can be manually
WARNING: applied via the Vagrantfile:
WARNING: 
WARNING:   Vagrant.configure(2) do |config|
WARNING:     config.vm.provider :vmare_fusion do |vmware|
WARNING:       vmware.vmx["ethernet0.pcislotnumber"] = "32"
WARNING:     end
WARNING:   end
WARNING: 
WARNING: For more information: https://www.vagrantup.com/docs/vmware/boxes.html#vmx-whitelisting
==> default: Starting the VMware VM...
==> default: Waiting for the VM to receive an address...
==> default: Forwarding ports...
    default: -- 22 => 2222
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Configuring network adapters within the VM...
==> default: Waiting for HGFS to become available...
==> default: Enabling and configuring shared folders...
    default: -- [redacted]: /vagrant
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.

*** Now connect the VPN ***

$ vagrant ssh
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-29-virtual x86_64)

 * Documentation:  https://help.ubuntu.com/
Last login: Fri Nov 10 09:20:33 2017 from mfg7-gw2.cisco.com
vagrant@precise64:~$ ping google.com
PING google.com (74.125.197.113) 56(84) bytes of data.
64 bytes from 74.125.197.113: icmp_req=1 ttl=128 time=31.8 ms
64 bytes from 74.125.197.113: icmp_req=2 ttl=128 time=32.2 ms
64 bytes from 74.125.197.113: icmp_req=3 ttl=128 time=32.1 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2006ms
rtt min/avg/max/mdev = 31.834/32.099/32.272/0.281 ms
vagrant@precise64:~$ exit
logout
Connection to 127.0.0.1 closed.
$ vagrant halt
==> default: Attempting graceful shutdown of VM...
$

It appears that the only thing that doesn't work when the VPN is active is the initial vagrant up.

If I start a VM in Fusion manually, Fusion has no problem configuring the network adapters correctly while the VPN is active, and NAT works perfectly fine from the VM. It seems like the only thing preventing vagrant up from booting a working VM is Vagrant thinking that the networking is broken and stopping the vagrant up process.

@mitchellh is there any configuration option we can add to the Vagrantfile to force Vagrant to skip the "Verifying vmnet devices are healthy..." step?

(FYI, I had to upgrade to Vagrant 2.0.1 and vagrant-vmware-fusion 5.0.3 for the vagrant ssh and vagrant halt commands to use the 127.0.0.1:2222 address while the VPN was connected. Previous versions of Vagrant were trying to ssh directly to the 192.168.17.130:22 address which didn't work when VPN was connected.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment