Vagrant VirtualBox Cisco AnyConnect routing issues with VPN

Question

So I'm having what I believe is a common issue with Cisco AnyConnect and Vagrant/VirtualBox, i'm using host-only networking so that I can stand up a virtual server at an ip such as 10.10.10.11 and then I can map this in my /etc/hosts to :

# IP to hostname mapping
10.10.10.10 vagrant.dev

And then I can pull a webpage from curl vagrant.dev for example. Real standard stuff.

Things go awry when I connect to my work VPN which makes this nice little dev box kind of useless as I can no longer hit it by hostname or ip any longer. I can still do a vagrant ssh to the box but there is no other way to hit it.

I tried taking a look at the routing table and it appears that my pre-vbox route entry (netstat -rn):

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire

PreVPN

10.10.10/24        link#11            UCS             1        0 vboxnet
10.10.10.11        8:0:27:96:91:84    UHLWIi          1       70 vboxnet   1197

PostVPN

10.10.10/24        link#19            UCS             1        0   utun1
10.10.10.11        link#19            UHW3I           0        4   utun1     62

Route Flag Description

|PRE|POST|           Flag Description                    |
|---|----|-----------------------------------------------|
| U |  U | Route usable                                  |
| H |  H | Host entry (net otherwise)                    |
| L |    | Valid protocol to link address translation    |
| W |  W | Route was generated as a result of cloning    |
|   |  3 | Protocol specified route flag #3              |
| I |  I | Route is assocaited with an interface scope   |
| i |    | Route is a holding reference to the interface |

Question

Is it possible to restore the routes changed by VPN in order to make my vagrant connections work again? And if-so how?

Other Data

Full Route Table (PRE) (IP4 only)

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.2.1        UGSc           23        1     en0
10.10.10/24        link#11            UCS             1        0 vboxnet
10.10.10.11        8:0:27:96:91:84    UHLWIi          1       70 vboxnet   1197
127                127.0.0.1          UCS             0        7     lo0
127.0.0.1          127.0.0.1          UH             11   128344     lo0
169.254            link#4             UCS             0        0     en0
192.168.2          link#4             UCS             0        0     en0
192.168.2.1        68:7f:74:81:8b:b0  UHLSr          27      126     en0
192.168.2.106/32   link#4             UCS             0        0     en0

Full Route Table (POST) (IP4 only)

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            link#19            UCS             9        0   utun1
default            192.168.2.1        UGScI           3        0     en0
10.10.10/24        link#19            UCS             1        0   utun1
10.10.10.11        link#19            UHW3I           0        4   utun1     62
17.158.10.25       link#19            UHW3I           0        1   utun1     62
17.158.10.42       link#19            UHW3I           0       20   utun1     62
17.158.10.46       link#19            UHW3I           0        1   utun1     62
127                127.0.0.1          UCS             0        7     lo0
127.0.0.1          127.0.0.1          UH             15   128507     lo0
128.29.154.114     link#19            UHWIi          31      117   utun1
129.83.20.9        link#19            UHW3I           0       20   utun1     61
129.83.26.209      link#19            UHWIi           2        2   utun1
129.83.100.38      link#19            UHW3I           0       46   utun1     62
169.254            link#19            UCS             0        0   utun1
172.31.160/19      link#19            UCS             0        0   utun1
172.31.163.172/32  127.0.0.1          UGSc            3       67     lo0
192.80.55.9/32     192.168.2.1        UGSc            1        0     en0
192.168.2          link#19            UCS             0        0   utun1
192.168.2.1        68:7f:74:81:8b:b0  UHLSr           7        8     en0
192.168.2.1/32     link#19            UCS             0        0   utun1
192.168.2.106/32   link#4             UCS             0        0     en0
216.58.217.132     link#19            UHW3I           0        2   utun1     59
239.255.255.250    link#19            UHmW3I          0       17   utun1     62

Components

OSX
Cisco Any Connect
VirtualBox 5.0.8

Unfortunately I was told by our IT department i have to disable Cisco (AlwaysOnSuspend) in order to get this to work. Its quite sucky. — Jeef, Jan 22 '16 at 12:40
Maybe this helps getting the firewall issue resolved: http://stackoverflow.com/a/35366673 — cvuijst, Feb 13 '16 at 12:28

score 1 · Answer 1 · answered Mar 02 '17 at 11:38

Unfortunately there is no fix for the issue, only work-around/help I could think of is after disconnecting the VPN, you could use "route -n add" to establish the connectivity back - at least by this way u could save whole reboot of machines.

Ex:

sudo route -n add -net 192.168.56.0/24 -interface vboxnet0

(Try this after disconnecting from VPN - This method wont work when VPN is on)

In your case, something like, "sudo route -n add -net 10.10.10.0/24 -interface vboxnet0" - depends on your subnet obviously !

Also please see Ticket #14293

score 0 · Answer 2 · answered May 28 '19 at 04:28

0

When facing this exact same problem what worked for us is to change the address of the Vagrant box to 11.0.0.100

answered May 28 '19 at 04:28

Wilco

1
1