Virtual Machine on same machine - Is this an issue?

[args489 0]

I run a virtual machine using Win11 Hyper-V on my main machine, the virtual machine is running with AirVPN always enabled. That way I can just tab to that and do anything I need on the VPN, keeping it entirely separate from my main install. The main install does not have a VPN running even though it is the same physical computer.

I notice network utilization on my non-VM install goes up whenever I download using the VM (assumingly because it's the nic). This means some sort of traffic is going through my main system or maybe it's just detecting the internet usage inside the VM. I just want to make sure in some weird way my traffic isn't getting pulled by my main OS install and that my ISP could see it before it's encrypted with VPN. I don't think that's how VMs work though and don't really see how that would be possible. The VM itself is doing the accessing and downloading, so everything should be secure even if it is using the same NIC.. correct?

I've also noticed if I disable the NIC on my main install, the internet stops working in my VM, but I think that's how Hyper-V's "Default Switch" network adapter setting works?

Just looking for some peace of mind that this isn't leaking information. All IP/DNS tests from within the VM are good.



 

Edited ... by args489

[NaDre 157]

Not familiar with Hyper-V.

But other VM software (e.g. VirtualBox) use NAT through the host system NIC IP address as the default for network access. But you can configure them to instead use a connection "bridged" onto the raw NIC. This way they get their own different address directly from the router. If you can do this with Hyper-V, maybe you should try that.

In your router you should be able to see what IP addresses have been assigned to a machine by the router. With a bridged connection, you will see a separate address for the VM.
 

[args489 0]

Thanks. It was configured as NAT. Does that mean even though the VM was connected to AirVPN, and everything in my browser said I was using AirVPN IP/DNSes, I was still leaking through my main install?

My understanding is, it was just "sharing" the same network adapter, and it could see that it was being used from another "device" but all the traffic should have been going through the proper VPN IP/DNses still.

I configured it as bridged and it no longer shows internet activity on my main install when using VM.

Edited ... by args489

[NaDre 157]

4 hours ago, args489 said:

... Does that mean even though the VM was connected to AirVPN, and everything in my browser said I was using AirVPN IP/DNSes, I was still leaking through my main install?
...

No. You were probably not leaking. It just explains why Windows was aware of the traffic. Also, doing without a layer of NAT is a bit more efficient.

EDIT:

With a bridged connection the IPv6 address that the router gave your VM is probably "2001:....". This will be within the IPv6 subnet your ISP assigned to the router. Programs running on the VM can see this, and could report it to some remote location. But if you use NAT for IPv6 from the VM, then the IPv6 address a program on the VM can see is a "private" address, and cannot be used to locate you.

I don't know about Hyper-V, but the NAT for VirtualBox needs some extra (rather complicated) configuration in order for NAT to be done for IPv6. Without this the VM would not even have access to IPv6. Which may not be good.