Hi,
Part of the answer may be that Q4.2 switched from iptables to nftables
and qubes-tunnel has not been adapted for this
(However I am not sure whether this holds for fedora38 templates that
were in-place upgrades from 4.1 to 4.2 or only for "native" 4.2
templates obtained from the server.):
https://forum.qubes-os.org/t/can-t-get-the-qubesos-contrib-qubes-tunnel-to-work-in-4-2/22054
Anyways, using the openvpn command directly results in the same "cannot
resolve" issue, even if qubes-tunnel service is not started.
So I created a new AppVM (as ProxyVMs and NetVMs cannot be selected in
Q4.2 "create Qube") that provides networking and followed Readme.md of
https://github.com/1cho1ce/Qubes-vpn-support/tree/replace-iptables-with-nftables
- I was asked for the credentials during install step and again during
the setup step
openvpn command and ping are successful now.
After following the steps, no "LINK IS UP" popup appears. There is no
service for any of the two names involved. Somewhere near the bottom of
readme.md I find that confusingly the service name is qubes-vpn-handler.
In its status I get: ExecStartPre=/usr/lib/qubes/qubes-vpn-setup
--check-firewall (code=exited, status=1/FAILURE)
If I run /usr/lib/qubes/qubes-vpn-setup --check-firewall
manually, no output is shown.
VPN troubleshooting still references iptables, which seems to not apply
for Q 4.2 anymore
https://www.qubes-os.org/doc/vpn-troubleshooting/
So what is wrong here? how can I make vpn leak-proof again with Qubes 4.2?
On 1/7/24 22:49, r.wiesbach via qubes-users wrote:
Hi,
The forum post does not use qubes-tunnel and I do not use wireguard
(but openVPN) - so I do not see how this post solves my issue?!
On 1/6/24 12:06, code9n wrote:
Hi,
This is on the Forum:
https://forum.qubes-os.org/t/wireguard-vpn-setup/19141
cheers,
On Saturday 6 January 2024 at 00:16:40 UTC r.wie...@web.de wrote:
Hi there,
vpnVM and netVM both in-place upgrades from Q4.1 (and worked fine
there). Template is fedora 38.
NetVM is online, ping of vpn server hostname is fine within netVM.
Ping and dig do not work within vpnVM, but afair that is intended
(leak
prevention of qubes-tunnel)
I tried to restart qubes-tunnel servcie, tried to restart vpnVM.
tried
to disconnect and reconnect. I tried to reboot QubesOS.
Did something change between 4.1 and 4.2 regarding DNS handling?
Do I
need to configure a policy file or something?
Thanks
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com
<https://groups.google.com/d/msgid/qubes-users/d4f11ed1-dcfe-45ef-b318-49b7416a6801n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e75483d0-c5bf-49c9-98e3-e1933d4fb320%40web.de
<https://groups.google.com/d/msgid/qubes-users/e75483d0-c5bf-49c9-98e3-e1933d4fb320%40web.de?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/585fcc3c-c02a-4b71-b46b-f468a6c70517%40web.de.
