Re: [qubes-users] VPN gateway using iptables and CLI scripts fails
On 2017-07-10 18:32, Chris Laprise wrote: > On 07/10/2017 09:28 AM, Gaijin wrote: >> On 2017-07-10 02:40, Chris Laprise wrote: >>> On 07/09/2017 05:35 PM, Gaijin wrote: I've been trying to setup my VPN using the instructions here: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts https://www.qubes-os.org/doc/vpn/ I can get the VPN to work in the terminal using an openvpn config. After adding the DNS-handling script and firewall script the VPN fails to connect. I get several errors: write UDPv4: Operation not permitted (code=1) Then the socket is closed and the script tries to connect again. It will keep trying until I kill it. I've tried to recreate several ProxyVMs, copying and pasting the settings from the Qubes Docs. The result has been the same. I'm wondering if anyone else has run into this or how I might work around it. >>> >>> In the firewall script you can try changing the output policy from: >>> iptables -P OUTPUT DROP >>> >>> to: >>> iptables -P OUTPUT ACCEPT >>> >>> This will relax the rules a bit without negatively affecting the leak >>> protection for connected appVMs. >>> >>> -- >>> >>> Chris Laprise, tas...@openmailbox.org >>> https://twitter.com/ttaskett >>> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 >> >> That got things moving. Thanks. It worked on the first try but I tried >> rebooting a few times to try to get the LINK IS UP part of the routine >> to work. I couldn't get that working and then the connection stopped >> working altogether. I reverted to the original DROP, and the VPN still >> worked. >> >> I just can't get the LINK IS UP/DOWN part to show. Running OpenVPN from >> the CLI I can see that the 'up' seems to be being passed. The script is >> executable, but it doesn't seem to be showing when it's run. >> > > The notifications use 'notify-send' so that needs to be working > correctly in your chosen template. Indeed, that doesn't seem to be working. I was using the Fedora minimal template with the notification-daemon added. It also has libnotify installed. However neither the template or AppVMs based on it show anything from a notify-send "test". Is there anything else I could add to this minimal template to get notifications working? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8d542303e31aab3966ac8aec940f55d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN gateway using iptables and CLI scripts fails
On 07/10/2017 09:28 AM, Gaijin wrote: On 2017-07-10 02:40, Chris Laprise wrote: On 07/09/2017 05:35 PM, Gaijin wrote: I've been trying to setup my VPN using the instructions here: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts https://www.qubes-os.org/doc/vpn/ I can get the VPN to work in the terminal using an openvpn config. After adding the DNS-handling script and firewall script the VPN fails to connect. I get several errors: write UDPv4: Operation not permitted (code=1) Then the socket is closed and the script tries to connect again. It will keep trying until I kill it. I've tried to recreate several ProxyVMs, copying and pasting the settings from the Qubes Docs. The result has been the same. I'm wondering if anyone else has run into this or how I might work around it. In the firewall script you can try changing the output policy from: iptables -P OUTPUT DROP to: iptables -P OUTPUT ACCEPT This will relax the rules a bit without negatively affecting the leak protection for connected appVMs. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 That got things moving. Thanks. It worked on the first try but I tried rebooting a few times to try to get the LINK IS UP part of the routine to work. I couldn't get that working and then the connection stopped working altogether. I reverted to the original DROP, and the VPN still worked. I just can't get the LINK IS UP/DOWN part to show. Running OpenVPN from the CLI I can see that the 'up' seems to be being passed. The script is executable, but it doesn't seem to be showing when it's run. The notifications use 'notify-send' so that needs to be working correctly in your chosen template. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd4be3cd-890d-37a8-135e-f074d7f3b017%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN gateway using iptables and CLI scripts fails
On 2017-07-10 02:40, Chris Laprise wrote: > On 07/09/2017 05:35 PM, Gaijin wrote: >> I've been trying to setup my VPN using the instructions here: Set up a >> ProxyVM as a VPN gateway using iptables and CLI scripts >> https://www.qubes-os.org/doc/vpn/ >> >> I can get the VPN to work in the terminal using an openvpn config. After >> adding the DNS-handling script and firewall script the VPN fails to >> connect. I get several errors: >> >> write UDPv4: Operation not permitted (code=1) >> >> Then the socket is closed and the script tries to connect again. It will >> keep trying until I kill it. >> >> I've tried to recreate several ProxyVMs, copying and pasting the >> settings from the Qubes Docs. The result has been the same. I'm >> wondering if anyone else has run into this or how I might work around >> it. > > In the firewall script you can try changing the output policy from: > iptables -P OUTPUT DROP > > to: > iptables -P OUTPUT ACCEPT > > This will relax the rules a bit without negatively affecting the leak > protection for connected appVMs. > > -- > > Chris Laprise, tas...@openmailbox.org > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 That got things moving. Thanks. It worked on the first try but I tried rebooting a few times to try to get the LINK IS UP part of the routine to work. I couldn't get that working and then the connection stopped working altogether. I reverted to the original DROP, and the VPN still worked. I just can't get the LINK IS UP/DOWN part to show. Running OpenVPN from the CLI I can see that the 'up' seems to be being passed. The script is executable, but it doesn't seem to be showing when it's run. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b3252d256171f3b4fb20a2ee8254d79%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN gateway using iptables and CLI scripts fails
On 07/09/2017 05:35 PM, Gaijin wrote: I've been trying to setup my VPN using the instructions here: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts https://www.qubes-os.org/doc/vpn/ I can get the VPN to work in the terminal using an openvpn config. After adding the DNS-handling script and firewall script the VPN fails to connect. I get several errors: write UDPv4: Operation not permitted (code=1) Then the socket is closed and the script tries to connect again. It will keep trying until I kill it. I've tried to recreate several ProxyVMs, copying and pasting the settings from the Qubes Docs. The result has been the same. I'm wondering if anyone else has run into this or how I might work around it. In the firewall script you can try changing the output policy from: iptables -P OUTPUT DROP to: iptables -P OUTPUT ACCEPT This will relax the rules a bit without negatively affecting the leak protection for connected appVMs. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0252ddfe-509e-5cb6-c1cb-40abb289621a%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN gateway using iptables and CLI scripts fails
I've been trying to setup my VPN using the instructions here: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts https://www.qubes-os.org/doc/vpn/ I can get the VPN to work in the terminal using an openvpn config. After adding the DNS-handling script and firewall script the VPN fails to connect. I get several errors: write UDPv4: Operation not permitted (code=1) Then the socket is closed and the script tries to connect again. It will keep trying until I kill it. I've tried to recreate several ProxyVMs, copying and pasting the settings from the Qubes Docs. The result has been the same. I'm wondering if anyone else has run into this or how I might work around it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f68716125ed724061823f4b9f5174b2%40riseup.net. For more options, visit https://groups.google.com/d/optout.
