opkg update was not working when I switched adapters as there was no internet
I am using latest virtualbox 6.0 on macos 10.15.5
my router is a netgear ea7500, pretty standard
not sure sophos is the problem because I did manage at one point to create another interface for my VPN provider and had clients connect to the vm-router and have internet, but on a new vm without vpn it doesn't work...
i believe in the past your wan was 'vbox-natted' which we know works... ( but you must have pointed the clients to the laptop's ip? and the lan was vbox-natted too? )
try re-install
then ask about 'macos bridged airport not-working' in the virtualbox forums ( there are many posts about this, mostly from v5 and before )
once you get simple lan bridged opkg update working, we know the subsystems are good to proceed with anything openwrt... you could try changing (vm-lan) back to dhcp to exclude an ip conflict.
all using the VM in the link above, very simple 1 nic, bridged.
all resulted in a working router vm, opkg update working, ping to self, ping to 192.168.1.1 working
all resulted in the same problem of no internet to various clients (including another windows PC) when setting its gateway address to the VM router bridged IP
all clients have working internet when the GW is set to the real router IP and traceroute shows a proper list via the gateway, all client stopped working and traceroute gave nothing once the gw was set to the VPN router
You should probably enable masquerading for the LAN zone as well as disable bridging or set up bridge firewall, otherwise your LAN client traffic may bypass the VM router.
I am now using
eth0 bridged virtualbox adapter DHCP (gets ip from real router)
eth1 host only adpater DHCP (gets ip from virtualbox internal 192.168.56.1)
What is the purpose of the WAN interface?
It has a route which conflicts with the LAN interface.
Moreover, it will likely result in a collision of firewall rules, if you plan to keep WAN and LAN interfaces on the same network but assigned different firewall zones.
I then tried the same tcpdump monitoring on macos host and saw interesting stuff
it does report it, unlike the virtualbox router, but it seems to try to reach the real physical router (192.168.1.1) instead of the virtualbox one . probably why the virtualbox router (192.168.1.56) never gets it. not sure why it does that though
22:42:35.432146 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 55, length 72
22:42:40.637769 IP 192.168.1.35 > 192.168.1.1: ICMP 192.168.1.35 udp port 50439 unreachable, length 36
22:42:40.637957 IP 192.168.1.35 > 192.168.1.1: ICMP 192.168.1.35 udp port 56686 unreachable, length 36
22:42:41.672923 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 56, length 72
22:42:46.032769 IP 192.168.1.12 > 216.58.207.78: ICMP echo request, id 1, seq 57, length 40
22:42:47.430836 IP 192.168.1.12 > 216.58.207.78: ICMP echo request, id 1, seq 58, length 40
22:42:48.938315 IP 192.168.1.12 > 216.58.207.78: ICMP echo request, id 1, seq 59, length 40
22:42:50.424042 IP 192.168.1.12 > 216.58.207.78: ICMP echo request, id 1, seq 60, length 40
22:43:06.994946 IP 192.168.1.35 > 192.168.1.1: ICMP 192.168.1.35 udp port 62221 unreachable, length 36
I got some progress
I added one more adapter a host only adapter to virtualbox, now I get the traffic both on the mac tcpdump and on the vm, no redirection to the original network
ping -w 3 8.8.8.8
21:26:10.891918 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 137, length 40
21:26:11.867244 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 138, length 40
21:26:13.452588 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 139, length 40
21:26:14.887510 IP 192.168.1.12 > 8.8.8.8: ICMP echo request, id 1, seq 140, length 40
21:26:16.379542 IP 192.168.1.56 > 8.8.8.8: ICMP 192.168.1.56 udp port 28359 unreachable, length 149
21:26:16.379552 IP 192.168.1.56 > 8.8.8.8: ICMP 192.168.1.56 udp port 28359 unreachable, length 149
21:26:16.394879 IP 192.168.1.56 > 8.8.4.4: ICMP 192.168.1.56 udp port 28359 unreachable, length 149
21:26:16.394887 IP 192.168.1.56 > 8.8.4.4: ICMP 192.168.1.56 udp port 28359 unreachable, length 149
Your only connection from the Macbook to anything is its single wifi adapter running as a client then? I don't think that can be put in a bridge. A wifi client only holds one MAC / IP address, and that would be taken by OSX.
Probably you can forego OpenWrt and run OpenVPN directly on OSX, then have your other machines on the LAN configured to use the Macbook as their gateway to the Internet.
As mk24 suggested, your problem is not really the host OS (although that might provide some additional hurdles), but your chosen connection to the network. The IEEE 802.11 standards don't support bridging anything, it's simply not in the wireless standards (which only account for three MAC addresses in the frames, while you'd need four for bridging).
Linux and its nl80211 wireless stack has added an extension to the 802.11 standards called 4addr (often dubbed WDS), which does what the name implies - offering the ability to transport a forth MAC address to the wireless frames (via a clever combination of AP and STA interfaces). However this 4addr mode is specific to linux and mainline/ nl80211 based drivers, it's not available for MacOS or Windows (some proprietary wireless vendors have similar, but incompatible, features for their offerings). The easiest solution to your problem would probably to hard-wire the host running the OpenWrt VM via ethernet. If possible, I'd avoid the WDS/ 4addr route for the host networking, as this complicates your situation considerably (but it's possible, running linux on the host - and the main router providing the internet to this host).
thanks for the update and thanks to @vgaetera@mk24 and @slh for really helping out ( pensive looks humbled to me )
never used bridged over wifi before... so suspected something macos related... apologies... will update the wiki with a note regarding this...
@moshem kudos to you also for sticking with it, and providing useful and relevant debugging info... generally you nailed most of this... so I wouldn't be too deterred from this experience... but yeah... wired 'hosts' seem to be the way to go...
fwiw... just for brevvity ( don't suggest you try this, but worth mentioning )... one could theoretically also use vboxNAT mode as a workaround... to overcome this 802.11 limitation... mostly applicable for a 'single lan-service' scenario... i suspect when you said that it was working in the past... this was how...