Assign an Internet address to a Vagrant VM
I evaluate the pros and cons of giving each VM its own IP address. After that I look at a "better" alternative, port-forwarding.
Allocating an IP
In order to be able to SSH in to a dedicated (private) IP address this line belongs near the top of the Vagrantfile:
config.vm.network :private_network, ip: "192.168.68.8"
We are free to choose the fourth octet here, but I avoid using
.1 as that is used by the host, as we are about to see.
Cost of an IP
Allocating an IP makes life very simple solution for VM users. Any difficulties are transferred to the aspiring sysadmin. Here's the dent it caused to my networking config (
ipconfig /all) in Windows:
Ethernet adapter VirtualBox Host-Only Network #2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2 Physical Address. . . . . . . . . : 0A-30-47-21-00-5A DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::91c6:7f24:df8d:4afe%49(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.68.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 822738983 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-14-2F-3B-64-6C-80-CC-22-2B DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled
This is VirtualBox's second adapter. The first adapter is always present on Windows (only) once VirtualBox is installed. It has an IP address on the guest too, by default. It prefers 192.168.56.1. I can't do anything other than ping it from the guest:
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
I wanted to be sure about this so repeated on a fresh installation of Windows (10, Pro). The only warning given was that VirtualBox 6.1.32 would "reset your network connection and temporarily disconnect you from the network." That was followed by a prompt to install more stuff:
Install the Oracle Network Adapters. These are removed if and when VirtualBox gets uninstalled.
I've since repeated this on a fresh Windows 11 installation. I'm running VirtualBox 7.0.x by this time. It doesn't prompt to install Oracle Network Adapters.
Cost on Linux
On Linux, the Host Network Adapter table is empty in VirtualBox.
ip a shows only the loopback device and my WiFi.
When I launch my first VM to have its own private IP address, an address is created on the guest corresponding to this on the host:
3: vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.68.1/24 brd 192.168.68.255 scope global vboxnet0 valid_lft forever preferred_lft forever inet6 fe80::800:27ff:fe00:0/64 scope link valid_lft forever preferred_lft forever
vboxnet0 also now shows up in VirtualBox's Host Network Manager.
vagrant destroy does not undo these additions. The difference if my VM has its own IP and not just a port is that
vboxnet0 gets the lines beginning
inet6. Ordinarily it would need just the layer-2/MAC address (
Benefit of an IP
The VM on the new interface only requires
apt-get install apache2 and I can cURL a webpage from 192.168.68.8. The guest, however, cannot ping the Windows host on 192.168.68.1.
The other benefit is only apparent when we consider the alternative; an IP is the more natural virtualisation of a network adapter.
Upon deleting this VM with
vagrant destroy, "Ethernet adapter VirtualBox Host-Only Network #2:" stubbornly remained in place.
For Windows, I like using Device Manager to delete them en-masse.
Even better is using VirtualBox itself to cleanup. Ctrl+H or
"Remove host network", feels more appropriate than the uninstalling Windows might call it:
The problem remains that these are very manual solutions, prone to neglect, and it appears that Windows can't avoid using the first virtual adapter for default networking of the VMs.
For Linux, VirtualBox's interface should again be preferred. It's easy to spot the virtual entries in, eg,
ip a results. They are succinctly named, like
4: vboxnet0. Since most network engineers will be Linux based, or Linux users tend to do more network engineering, it should be less anxiety inducing to just leave them be.
Port forwarding alternative
Vagrant network configuration uses an
ssh id to select the SSH port that is used by both
vagrant ssh and
ssh firstname.lastname@example.org -p 10022:
config.vm.network :forwarded_port, guest: 22, host: 10022, id: 'ssh'
ssh email@example.com only works on Windows. On Linux,
ssh firstname.lastname@example.org is used from the host. Communication between guests uses
10.0.2.2 regardless of OS.
who, on the guest still reveals that address.
My preference would be against assigning an IP to each VM as a means to inter-VM communication. I can accomplish inter-VM communication with port forwarding.
Port forwarding required some investigation. The IP address that links the guests when using port forwarding, is outside the subnets of both those given by the static IP allocation and the default, VirtualBox on Windows, virtual ethernet adaptor, 192.168.56.1/24, above.
Guests without an explicit IP address get implicitly linked, via the host, on 10.0.2.2, as seen beside "Last login", upon login. You can double check this using the
This solution began with the networking layer. Port numbers are part of TCP and slightly more abstract. Being standards, there is no great jeopardy in building solutions around them. The details of authentication and authorization are still constantly evolving.
6 months later:
After exploring authentication and TLS in more detail, I changed my conclusion with: Overcoming the fear of doling out IPs to Vagrant VMs
When I initially wrote this post, I did not appreciate that port redirects, from say port 80 to port 443, are broken by forwarding a single port. I don't have a solution to this other than to avoid port forwarding.