Every now and then you need to give a set of lab VMs access to Internet but still keep them on a separate, isolated network.
In this scenario, instead of relying on the physical host platform (Hyper-V / VMware), you use a virtual machine with multiple network adapters to do the routing. One benefit of doing that is that this works the same no matter what virtual platform you are using, and obviously that you don't need to change the host network configuration (something that can be challenging/scary when remoting into a lab server in another city, like I do 🙂 ).
Back in 2012 I wrote a guide on how to set up either a Linux-based router (still the most stable one) as well as with a Windows Server 2012 router, manually. That post is available via the below, together with video.
Using a virtual router for your lab and test environment
PowerShell cmdlets for Routing and Remote Access (RRAS) in Windows Server 2012 and Windows Server 2012 R2
Installing a router manually may be fun, but doing it using PowerShell is much more fun (and smarter too). Anyway, I though it was about time to write a post on how to setup a virtual router using PowerShell. The prerequisites for this guide is that you have a Windows Server 2012 R2 VM installed with at least two network cars. One connected to the External network (Internet), and one to the internal network where you have your VMs. On both networks there are DHCP servers, but you will obviously set a static IP address on the internal NIC. You don't want that address to change 🙂
Note: In this guide I'm using Hyper-V is the virtual platform, but this works equally great on VMware as well. Again, I'm not using any gateway features on the host, only in the VM acting as a router.
The VM used for virtual router is named GW01, Windows Server 2012 R2 is installed and is configured in a workgroup, even though it's perfectly fine to join it to a domain. The reason for using a workgroup machine is that I just wanted a generic router, without any dependencies.
Setting up Routing and Remote Access is done in three steps:
- Configuring the internal NIC
- Install the Routing and Remote Access role
- Configure the Routing and Remote Access role
Step1 – Configure the internal network adapter
On my GW01 server I have named the network interfaces External and Internal, listed by running:
Get-NetAdapter | Select Name,MacAddress
To set a static IP address on the internal network adapter you run the following commands:
Get-NetAdapter -Name Internal | New-NetIPAddress -IPAddress 192.168.1.1 -AddressFamily IPv4 -PrefixLength 24
Step 2 – Install the Routing and Remote Access role
Once the network adapter is configured it's time to add the Install the Routing and Remote Access role, as well as its PowerShell cmdlets, by running the following command:
Install-WindowsFeature Routing -IncludeManagementTools
Step 3 – Install the Routing and Remote Access role
Once the Routing and Remote Access role and its PowerShell cmdlets are added, you can now configure it. In this scenario you set up a simple NAT gateway.
To configure the NAT gateway, run the following commands:
Install-RemoteAccess -VpnType Vpn
cmd.exe /c "netsh routing ip nat install"
cmd.exe /c "netsh routing ip nat add interface $ExternalInterface"
cmd.exe /c "netsh routing ip nat set interface $ExternalInterface mode=full"
cmd.exe /c "netsh routing ip nat add interface $InternalInterface"
If you want to verify the setup you can open the Routing and Remote Access management tool.
Happy Deployment, Johan