Re: [qubes-users] VPN gateway using iptables and CLI scripts fails

Mon, 10 Jul 2017 11:33:37 -0700 

On 07/10/2017 09:28 AM, Gaijin wrote:

On 2017-07-10 02:40, Chris Laprise wrote:

On 07/09/2017 05:35 PM, Gaijin wrote:

I've been trying to setup my VPN using the instructions here: Set up a
ProxyVM as a VPN gateway using iptables and CLI scripts
https://www.qubes-os.org/doc/vpn/

I can get the VPN to work in the terminal using an openvpn config. After
adding the DNS-handling script and firewall script the VPN fails to
connect. I get several errors:

write UDPv4: Operation not permitted (code=1)

Then the socket is closed and the script tries to connect again. It will
keep trying until I kill it.

I've tried to recreate several ProxyVMs, copying and pasting the
settings from the Qubes Docs. The result has been the same. I'm
wondering if anyone else has run into this or how I might work around
it.


In the firewall script you can try changing the output policy from:
iptables -P OUTPUT DROP

to:
iptables -P OUTPUT ACCEPT

This will relax the rules a bit without negatively affecting the leak
protection for connected appVMs.

--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886


That got things moving. Thanks. It worked on the first try but I tried
rebooting a few times to try to get the LINK IS UP part of the routine
to work. I couldn't get that working and then the connection stopped
working altogether. I reverted to the original DROP, and the VPN still
worked.

I just can't get the LINK IS UP/DOWN part to show. Running OpenVPN from
the CLI I can see that the 'up' seems to be being passed. The script is
executable, but it doesn't seem to be showing when it's run.
The notifications use 'notify-send' so that needs to be working correctly in your chosen template. 

--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd4be3cd-890d-37a8-135e-f074d7f3b017%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to