[qubes-users] IKEv2 vpn still not working in proxyVM

Fri, 29 Nov 2019 08:46:21 -0800 

Hello again,
Based on my last question about ipsec routing in Qubes, I’ve done additional research but still coud not get my vpn to work. The vpn client is a strongswan ipsec client, I want to connect the machine to my workplace LANCOM router using plain IKEv2 and certificate based authentication. 


First, I installed my vpn setup in a standard Debian environment on a 
test machine without using qubes. This worked perfectly fine and I had 
nothing to do more than just copy the certificates and the configuration 
scripts ipsec.conf and ipsec.secrets.



The next step was to install strongswan on a proxy vm exactly the same 
way as before. As qubes vms uses nat-based networking, I setup port 
forwarding for udp port 500 from sys-net to sys-firewall to proxy-vm as 
described here: 
https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world



Unfortunately, this obviously didn't work. After the connection has 
established, virtual ip address 192.168.10.205 was assigned, as well as 
two new dns server adresses 192.168.10.1 and another one. I ran 
configuration script /usr/lib/qubes/qubes-setup-dnat-to-ns, created a 
new disposable vm using proxy-vm as network provider and tried 
connecting to a random website and ping 192.168.10.1. Both did not work. 
A ping to 8.8.8.8 surprisingly succeded, though.



So my question is: Which extra steps do I have to do to make vpn working 
in a proxy-vm? I am not using a network manager plugin because 
strongstran plugin version does not establish a connection and seems 
buggy. The current version is very old and seems to not support the 
network manager version installed in qubes.



Does anyone have managed to succeed in installing an ipsec vpn with 
qubes?
It is really important for me as my boss is getting seriously impatient 
with me (I try to setup vpn with many different machines since half a 
year. At least i managed to get the router, windows clients and standard 
linux clients to work, but qubes is very important to him).


Thank you very much for help.
Supraleiter

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e378fe5a932bb27ef8f8ec397f1d40c8%40posteo.de.














    











					Reply via email to