Windows 8 Client Hyper-V: Internet Access Without 2nd NIC

Having a hypervisor built right into the client operating system is a great thing, especially if it is as fast and stable as Client Hyper-V found in Windows 8. The functionality is very good, too, but a single feature is sorely missing: the ability to share the host’s (internet) network connection.

Hyper-V Networking

Hyper-V networking is OK as it is, but it lacks VMware Workstation’s NAT feature. To recap, Hyper-V virtual switches come in the following three flavors:

  • External: VMs have physical network connectivity only
  • Internal: VMs are not connected to the physical network but can talk to each other and the host
  • Private: VMs are not connected to the physical network. They can talk to each other but not to the host

In a typical lab scenario you want the VMs to be able to talk to each other. You also want to access them from your host. Therefore you need a virtual NIC in each VM that is connected to a virtual switch of type internal. However, with this setup your VMs have no internet access. This can significantly slow down installations and it obviously makes updating and many other tasks unnecessarily difficult.

Internet Access for Your VMs

There are a variety of options for connecting your VMs to the internet.

Second Network Card

The most obvious solution is to add a second NIC to each VM and connect that NIC to a virtual switch of type external.

I do not like this approach very much, though. It adds complexity and makes name resolution much more difficult. But perhaps the most serious caveat is that you need to specify which physical NIC the virtual switch is connected to. If you are using Client Hyper-V on a laptop then you probably sometimes connect via Wi-Fi and sometimes via Ethernet (cable). Your external switch would only cover one of those two use cases. And you certainly would not consider adding two external-facing virtual switches, one bound to the Wi-Fi adapter and the other bound to the Ethernet card, would you?

Internet Connection Sharing (ICS)

A solution that is commonly recommended is to use Internet Connection Sharing (ICS), a kind of NAT service that has been part of Windows for a long time.

I have tried to use this for some time but found it to be very unstable and seriously impacting network throughput.

Proxy Server

Update: I used this for a while until I switched to the RRAS solution suggested by several commenters (details below). Although FreeProxy generally works well enough it did cause problems using VPNs through it: the VPN connection itself would typically be established, but accessing resources over the VPN would sometimes be very slow and at other times not work at all. For your reference I am leaving the original description of how to configure the proxy solution as it was, but I recommend the RRAS setup described below.

I have equipped a single VM (which is running all the time anyway) with a second NIC connected to an external virtual switch. The VM is running the free proxy server appropriately named FreeProxy.

FreeProxy runs as a service and although it is rather old I had no problems getting it to work on Server 2012 R2. It is simple to configure, just make sure you run the configuration utility FreeProxy Control Centre with admin privileges.

My configuration is as follows. Main UI:

FreeProxy main UI

Proxy configuration:

FreeProxy proxy configuration

Of course you still need to configure your other VMs to use the proxy. An easy way to do that for Internet Explorer (and Windows Update) is via Group Policy Preferences if you have that available in your lab.

Windows Server Routing with NAT

I was not aware of the fact that Windows Server comes with a NAT component (thanks Thorsten, Dan and Jay for pointing it out in the comments section below). If you have at least one VM with a server version of Windows this is the solution to implement.

As with the proxy solution described above you need one VM with a second NIC connected to an external virtual switch. In order to be able to easily distinguish between the two NICs rename one to “Internal” and the other to “External”.

Setting up NAT is surprisingly simple if you know where to find it. This is how it works on Server 2012 R2:

  • Bring up the Add Roles and Features Wizard in Server Manager
  • Select the Remote Access role
  • Select the Routing role service. A dialog comes up listing a handful of features that must also be installed for routing to work.
  • Once the installation is finished click Open the Getting Started Wizard:
    Add Roles and Features Wizard
  • Click Deploy VPN only. The Routing and Remote Access management console opens.
  • Right-click your server and select Configure and Enable Routing and Remote Access:
    Configure and Enable Routing and Remote Access
  • Select Network Address Translation (NAT):
    Routing and Remote Access Server Setup Wizard - NAT
  • Select the external (internet-facing) NIC:
    Routing and Remote Access Server Setup Wizard - NIC selection
  • You are done! Of course you need to point the default gateway on your other VMs to the IP address of the internal NIC of the NAT machine.

I am aware that this solution still requires one external virtual switch per network type (Wi-Fi and Ethernet). At least the external NICs are only needed for the VM that is running the proxy. I am currently using this with a single external switch connected to Ethernet.

Hyper-VICSProxy

Comments

Related Posts

Docker (Compose) Cheat Sheet

Docker (Compose) Cheat Sheet
This is a collection of tips and tricks I picked up while learning and working with Docker and Docker Compose on my home server and web server. Container Configuration Environment Variables Where to Define Environment Variables Environment variables are a common way to configure containers. To keep things organized, don’t put them in your Compose file but into dedicated files with the extension env. env_file vs. .env .env file: this “special” file can be used to set environment variable for use in the Compose file. The variables specified in .env are not available in the container. env_file: this section in the Docker Compose file lets you specify files that contain environment variables for use in the container. The variables specified in this section are not available in the Compose file. Bind Mounts vs. Docker Volumes Bind mounts let you control the directory structure. This has the advantage that you know exactly what gets stored where in the host’s file system. It has the disadvantage that you need to create the directory structure before you can start a container. Docker volumes are managed by the Docker engine. They’re stored in /var/lib/docker, “far away” from the Compose file. Personally, I very much prefer bind mounts because of the control they offer. I use subdirectories relative to the Compose file, e.g., ./data:/data. Keeping the container configuration and the container data in one place facilitates backups. Networking Expose vs. Ports Expose serves as documentation which ports a container is accessible on. Note: container ports are always accessible from other containers on the same Docker network. Ports makes container ports accessible to the host. Most of my services are accessible through the Caddy reverse proxy only. Opening ports to the host is, therefore, only rarely necessary. Static IP Address on the Host Network Use the Macvlan Docker network to attach a container directly to the host’s local network. Assign a static IP address by specifying the ip_range parameter in the ipam section of the Docker Compose file. See this configuration for an example. Disable Macvlan Container/Host Isolation Containers on a Macvlan network are isolated from the host. While the container can contact other machines on the local network, communications with the host are blocked. To work around that, create a virtual link with a route that points to the container’s IP address (example). Time Zone Containers should know about your local time zone. To achieve that, make it a habit to pass in /etc/localtime as a read-only volume to every container:
Virtualization & Containers

Latest Posts