Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Workaround for using an NFS mount with Vagrant and VirtualBox while connecting to a VPN network restricting local network connections

Fixing NFS disconnecting with Vagrant and VirtualBox on Mac OS

Symptoms and Known Conditions

  • Mac OS host machine (10.6+)
  • VirtualBox (4.1+)
  • Vagrant (1.0+)
  • Connecting via VPN to a remote network
  • Mounting a directory from your host machine to the guest machine using NFS with something like this:
config.vm.share_folder("www-data", project_mount_path, ".", :nfs => use_nfs)

When connecting to VPN, the client and configuration lock down all other local network connections. This causes an NFS mount initiated with Vagrant (1.0) to break. Trying to ls an NFS-mounted directory or interact with any file from within the mount causes the VM to hang.

Solution 1 - Stop using NFS

You can still mount host machine directories to your Vagrant machine without using NFS. Instead it will use vboxfs, VirtualBox's default "shared folder" functionality. This is roughly 2x slower than NFS, and if you are writing lots of files back to disk into this directory from inside the VM it can cause write corruption, but hey, it works under some circumstances.

From your Vagrantfile, change the following line:

config.vm.share_folder("www-data", project_mount_path, ".", :nfs => use_nfs)

and remove , :nfs => use_nfs)

config.vm.share_folder("www-data", project_mount_path, ".")

Now reload your VM:

vagrant reload

If simply reloading doesn't work, destroy the VM and re-provision it:

vagrant destroy
vagrant up

Now try connecting to your VPN, then interacting with your VM's mounted host directory by loading a web page or issuing an ls on the directory itself. The directory should behave as normal.

Solution 2 - Connect to VPN using openconnect instead of your vendor's provided VPN client

Note: This solution may only work if your VPN provider uses Cisco AnyConnect client.

We'll assume you have Homebrew Package Manager for Mac installed. If not, the knowledge to compile packeges from source.

Install openconnect via homebrew.

brew install openconnect

Install tuntap. Be sure to read the caveat notes provided by the homebrew recipe:

brew install tuntap

Using openconnect, connect to your VPN network. You may want to read the openconnect man pages or help menu to read more about its options and the proper connection string for your network:

sudo openconnect [https://your.url.here]

Accept the cert and login using your credentials. You should now be connected without VM conflicts.

The initiated terminal window should not be closed in order to maintain the VPN connection.

Thanks

  • Jim Bouck - original idea and implementation on Linux
  • Chris Escalante - instructions for Mac
  • John Kary - curating and posting this document
@jamesgecko

This comment has been minimized.

Copy link

@jamesgecko jamesgecko commented May 6, 2013

With Vagrant's new configuration syntax, the line that needs to be changed in solution 1 looks something like this:

config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", nfs: true

@rafaelrosafu

This comment has been minimized.

Copy link

@rafaelrosafu rafaelrosafu commented Feb 11, 2014

Thanks a lot, saved me a lot of trouble. A post that helped me setup it up was: https://gist.github.com/moklett/3170636

@travisdetert

This comment has been minimized.

Copy link

@travisdetert travisdetert commented Mar 4, 2015

Buy this guy a CASE of beer. This is the solution I've been looking for to this insanely annoying constraint!

@swimson

This comment has been minimized.

Copy link

@swimson swimson commented Apr 1, 2015

+1 This solution is great.

@Elijen

This comment has been minimized.

Copy link

@Elijen Elijen commented Apr 4, 2015

We seem to have similar symptoms (When connecting to VPN, the client and configuration lock down all other local network connections.) but we are not using NFS (we use rsync). Using openconnect instead of the Cisco client does not help :(

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Apr 4, 2016

For anyone stumbling upon this, I ended up fixing the issue by following this reddit comment: https://www.reddit.com/r/virtualbox/comments/2rqhae/mac_os_x_yosemite_cant_communicate_with_vm_over/cnjhckr

  1. Disconnect from VPN
  2. "vagrant up --no-provision"
  3. Reconnect to VPN
  4. "vagrant provision"
@vijaycs85

This comment has been minimized.

Copy link

@vijaycs85 vijaycs85 commented May 11, 2016

My case I just had to restart the virtual machine network on host machine.

sudo ifconfig vboxnet1 down
sudo ifconfig vboxnet1 up

then

vagrant up

@badcrocodile

This comment has been minimized.

Copy link

@badcrocodile badcrocodile commented Jun 6, 2016

I don't think you need tunetap in any ios newer than 10.6: http://www.infradead.org/openconnect/building.html

@DaVince

This comment has been minimized.

Copy link

@DaVince DaVince commented Apr 8, 2020

For anyone stumbling upon this, I ended up fixing the issue by following this reddit comment: https://www.reddit.com/r/virtualbox/comments/2rqhae/mac_os_x_yosemite_cant_communicate_with_vm_over/cnjhckr

  1. Disconnect from VPN
  2. "vagrant up --no-provision"
  3. Reconnect to VPN
  4. "vagrant provision"

Thanks, this is the most hassle-free solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment