route to allow local lan access to vms using hyper-v 'internal' virtual switch

Karezza 96 Reputation points
2021-08-30T02:17:35.627+00:00

My local lan is 192.168.1., I wanted to setup another ip range 192.168.100. in hyper-v using virtual switch so I did the following on windows server 2019:

Via Powershell:
New-VMSwitch -SwitchName "k-dmz" -SwitchType Internal
New-NetIPAddress -IPAddress 192.168.100.1 -PrefixLength 24 -InterfaceAlias "vEthernet (k-dmz)"
New-NetNAT -Name "k-dmz" -InternalIPInterfaceAddressPrefix 192.168.100.0/24

This worked & I can access VMs using the virtual switch from the hyper-v host system, however, as expected it is not possible for systems using the local lan 192.168.1.* to access the VMs. Only the host system running hyper-v can access the VMs.

I've used my local router, and have also tried adding routes on my client systems on the local lan. The traffic destined for 192.168.100.* gets routed to the hosting system running hyper-v but the traffic does not reach the VMs running on the 192.168.100.* subnet.

I set this after finding an article telling me to do so:
Set-ItemProperty -Path HKLM:\system\CurrentControlSet\services\Tcpip\Parameters -Name IpEnableRouter -Value 1

I enabled the service 'Routing and Remote Access' which is disabled by default, after an article told me to do so.

I installed the role 'Remote Access' and when configuring enabled the "LAN" option. I did reboots after performing each technique.

I also tried disabling the firewall completely, without noticing any improvements.

I can actually see the "Incoming bytes" of my Interface increasing when viewing in the Routing and Remote Access console if I try to connect to a VM on the 192.168.100.* subnet. The bytes increase as would be expected when I try to connect to a VM in the network, but the connection is not established.

tracepath shows that from a client system on the local lan the traffic is routed to the hyper-v host and then to the ip of the vm, but any attempt to connect to the vm timesout. Since I can connect to the VM from the hyper-v host system I believe we can eliminate a firewall on the target VM as being the issue.

I must be missing a step. What additional step is required to setup a route to the VMs running on the hyper-v host? I can take care of setting up a route on my router, or adding a route on my client systems, but something seems to be stopping the traffic on the hyper-v host itsself.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,834 questions
Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,764 questions
0 comments No comments
{count} votes

Accepted answer
  1. Karezza 96 Reputation points
    2021-09-01T23:11:51.93+00:00

    I ended up using the two nic technique with a linux vm:

    • disabled the firewall
    • enabled ip_forward
    • set all vms on the subnet to use the two nic vm as their gateway

    Thank you for your help to go with the two nics, seems like there should be an easier way, but this works.


1 additional answer

Sort by: Most helpful
  1. Anonymous
    2021-08-30T02:45:47.497+00:00

    You can configure a dedicated virtual machine to route between the internal and external vSwitches.
    https://www.dell.com/support/kbdoc/en-us/000118763/configuring-windows-server-2012-r2-as-a-router

    --please don't forget to upvote and Accept as answer if the reply is helpful--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.