[SOLVED] One VM, One VPN Client and Multiple Users

[virtus96]

Hi guys,

I need your help. I work for a company which uses frequently Oracle Virtualbox VM's for connecting to different clients through VPN Clients (Fortinet, Cisco, Cisco Anyconnect, ecc..).
Our problem is that each one of us must have one single VM per VPN Client, causing a fact that the most of us have the same VM copied in our personal SSD's having a redundancy of VM's.

My question is: Is it possibile to use one VM with one VPN Client (ex. Fortinet) where each one of us connects to the same VM concurrently with own session and own tunnel without disconnecting the other colleagues using the same VPN Client?

This is a struggling problem 🙁

Thank you in advance and,
Hoping a prompt reply

Best regards

 

[USAFRet]

Not really, no.
A VM inside VirtualBox is mostly the same as an actual hardware PC.
1 user at a time per OS.

The term you're looking for is multiseat. Doesn't matter if is a VM or physical system.

 

[virtus96]

Not really, no.
A VM inside VirtualBox is mostly the same as an actual hardware PC.
1 user at a time per OS.

The term you're looking for is multiseat. Doesn't matter if is a VM or physical system.

Fine, so about multiseating what can you tell me about It? How could it help us avoiding us having same VMs with VPN client in each of our PC?

We would like to use 1 VM with 1 type of VPN client where each one of us can connect concurrently according to VPN users.

Thank you

 

[USAFRet]

Actually, this is one of the benefits of VM's....you can have multiple "PC's" in one physical hardware box.
Trying to multiseat a VM introduces a whole other level of pain.

Think of your VM's as physical PC's.
How do they talk to the VPN?

 

[virtus96]

Please let me do you an example schema:

User 1
- VM 1
--VPN Client Fortinet

User 2

• VM 2
• VPN Client Fortinet

User 3

• VM 3
• VPN Client Cisco

The common thing we have is that we use different VPN users.

Inviato dal mio VOG-L29 utilizzando Tapatalk

 

[USAFRet]

Why different VPN's?

 

[virtus96]

We connect regularly with Hospital networks all over our country and their IT departments grant us access through VPNs, such as Fortinet, Cisco, Cisco Any connect, Global Protect, ecc...

It often happens that more than one of us must conect to the same hospital, using same VPN Client topology but different VPN user. Each one of us has Oracle VirtualBox installed in our own PCs with a set of Windows VMs with a VPN client configured: this means that I have 300 GB of VMs in my PC, another colleague has 200 GB of VMs in his PC and so like that.

We would like to find a system which allows us to use 1 VM per 1 VPN client, where each one of us can connect and start a new VPN connection using our own credentials.


Hope to have been clear

Inviato dal mio VOG-L29 utilizzando Tapatalk

 

[USAFRet]

this means that I have 300 GB of VMs in my PC, another colleague has 200 GB of VMs in his PC and so like that.

Host the VM's on a central server.
One folder for each user.

Of course, this will need a VERY beefy server to run multiple simultaneous VM's.

But, drive space is cheap. 300GB on your system is trivial.

 

[virtus96]

So what OS is the most indicated for allowing us to connect with different VM user and start a single VPN session with multiple VPN users?

Inviato dal mio VOG-L29 utilizzando Tapatalk

 

[USAFRet]

So what OS is the most indicated for allowing us to connect with different VM user and start a single VPN session with multiple VPN users?

Inviato dal mio VOG-L29 utilizzando Tapatalk

Depending on how, exactly, you do this, but at a minimum you'd need multiple Windows Server licenses and CAL.
$$$$

Again, consider each "VM" as a physical PC. The OS for that VM will need to be able to support multiple simultaneous users.

This will NOT be an easy config.
Certainly not worth saving a couple hundred GB on each system in your current configuration.

 

[virtus96]

Oh I see. Couldn't it be possibile to create a specific gateway per VPN client and act through a Route Add?

Inviato dal mio VOG-L29 utilizzando Tapatalk

 

[USAFRet]

Oh I see. Couldn't it be possibile to create a specific gateway per VPN client and act through a Route Add?

Inviato dal mio VOG-L29 utilizzando Tapatalk

We really need a detailed diagram of how things are right now, and how you would like it to be.

 

[virtus96]

Ok, let me think about the best way to represent the situation.
Thank you

Inviato dal mio VOG-L29 utilizzando Tapatalk

 

[virtus96]

I've prepared a schema showing what I've described previously:

ACTUAL SITUATION:

https://documentcloud.adobe.com/link/track?uri=urn:aaid:scds:US:54f43b7c-a574-45df-ace4-ce8679425092

DESIRED SITUATION:

https://documentcloud.adobe.com/link/track?uri=urn:aaid:scds:US:899fd60f-8439-4a2e-bf58-b0662d2f0709


Please let me know,
Thanks

 

[USAFRet]

In your Desired:

1. The VM1 OS will have to be Windows Server (or Linux) to allow multiple simutaneous users.
2. Does the Fortinet VPN allow multiple simultaneous users from a single instance?
3. You now have a single point of failure for all users. If that one physical box has issues, all users are down.

 

[virtus96]

I see. Is it possibile to have 1 VM Linux Server where the Forticlient VPN is installed, have our personal users for VM login and use our personal VPN users for concurrent sessions to same endpoint?

Our clients actually allow concurrent sessions.

Inviato dal mio VOG-L29 utilizzando Tapatalk