Workaround for using an NFS mount with Vagrant and VirtualBox while connecting to a VPN network restricting local network connections

vagrant-nfs-vpn-solution.md

Fixing NFS disconnecting with Vagrant and VirtualBox on Mac OS

Symptoms and Known Conditions

• Mac OS host machine (10.6+)
• VirtualBox (4.1+)
• Vagrant (1.0+)
• Connecting via VPN to a remote network
• Mounting a directory from your host machine to the guest machine using NFS with something like this:

config.vm.share_folder("www-data", project_mount_path, ".", :nfs => use_nfs)

When connecting to VPN, the client and configuration lock down all other local network connections. This causes an NFS mount initiated with Vagrant (1.0) to break. Trying to ls an NFS-mounted directory or interact with any file from within the mount causes the VM to hang.

Solution 1 - Stop using NFS

You can still mount host machine directories to your Vagrant machine without using NFS. Instead it will use vboxfs, VirtualBox's default "shared folder" functionality. This is roughly 2x slower than NFS, and if you are writing lots of files back to disk into this directory from inside the VM it can cause write corruption, but hey, it works under some circumstances.

From your Vagrantfile, change the following line:

config.vm.share_folder("www-data", project_mount_path, ".", :nfs => use_nfs)

and remove , :nfs => use_nfs)

config.vm.share_folder("www-data", project_mount_path, ".")

Now reload your VM:

vagrant reload

If simply reloading doesn't work, destroy the VM and re-provision it:

vagrant destroy
vagrant up

Now try connecting to your VPN, then interacting with your VM's mounted host directory by loading a web page or issuing an ls on the directory itself. The directory should behave as normal.

Solution 2 - Connect to VPN using openconnect instead of your vendor's provided VPN client

Note: This solution may only work if your VPN provider uses Cisco AnyConnect client.

We'll assume you have Homebrew Package Manager for Mac installed. If not, the knowledge to compile packeges from source.

Install openconnect via homebrew.

brew install openconnect

Install tuntap. Be sure to read the caveat notes provided by the homebrew recipe:

brew install tuntap

Using openconnect, connect to your VPN network. You may want to read the openconnect man pages or help menu to read more about its options and the proper connection string for your network:

sudo openconnect [https://your.url.here]

Accept the cert and login using your credentials. You should now be connected without VM conflicts.

The initiated terminal window should not be closed in order to maintain the VPN connection.

Thanks

• Jim Bouck - original idea and implementation on Linux
• Chris Escalante - instructions for Mac
• John Kary - curating and posting this document

We seem to have similar symptoms (When connecting to VPN, the client and configuration lock down all other local network connections.) but we are not using NFS (we use rsync). Using openconnect instead of the Cisco client does not help :(

For anyone stumbling upon this, I ended up fixing the issue by following this reddit comment: https://www.reddit.com/r/virtualbox/comments/2rqhae/mac_os_x_yosemite_cant_communicate_with_vm_over/cnjhckr

1. Disconnect from VPN
2. "vagrant up --no-provision"
3. Reconnect to VPN
4. "vagrant provision"

My case I just had to restart the virtual machine network on host machine.

sudo ifconfig vboxnet1 down
sudo ifconfig vboxnet1 up

then

vagrant up

I don't think you need tunetap in any ios newer than 10.6: http://www.infradead.org/openconnect/building.html

For anyone stumbling upon this, I ended up fixing the issue by following this reddit comment: https://www.reddit.com/r/virtualbox/comments/2rqhae/mac_os_x_yosemite_cant_communicate_with_vm_over/cnjhckr

1. Disconnect from VPN
2. "vagrant up --no-provision"
3. Reconnect to VPN
4. "vagrant provision"

Thanks, this is the most hassle-free solution.