utmapp
No route/nat to (split) VPN tunnel on host
I run Tunnelblick (OpenVPN) on host which split tunnels a subnet 100.100/24 to corporate. When using UTM guest using Apple Virtualisation in either NAT or bridged mode, I cannot seem to route over the tunnel. I have a colleague with a very similar setup and he is able to. The underlying problem is that NAT is not happening from the UTM guest subnet over the utun interface created by OpenVPN. I added an explicit rule to pf.conf: nat on utun6 from 192.168.65.0/24 to any -> (utun6) and that appeared to work, but this has two issues (1) I have to hardcode the interface name and that may not be the same for every run of Tunnelblick and (2) this breaks iCloud Private Relay.
Weird thing is, Colima which is used for docker, creates an Apple Virtualised VM (though I'm not sure what network mode - I think NAT), and I'm able to ssh onto the guest VM and then connect to corp VPN tunnel services just fine.
Any assistance would be appreciated.
Configuration
- UTM Version: 4.6.5 (108)
- macOS Version: 15.5 (24F74)
- Mac Chip (Intel, M1, ...): M3 Max
I'm not sure if this is an issue with UTM or Tunnelblick.
As I noted earlier that Colima Ubuntu Guest VM that uses Apple Virtualisation and NAT on the Mac host can see the tunnel fine.
The problem is the Colima guest is not NAT-ing to my tunnel assigned IP (100.100.0.8) -- see in this wireshark:
However, when I tried Viscosity, an alternative OpenVPN client/manager, I was able to connect through the VPN tunnel on my UTM Ubuntu Guest.
So this issue only seems to manifest with Tunnelblick at the moment.