Hello again,
Based on my last question about ipsec routing in Qubes, I’ve done
additional research but still coud not get my vpn to work.
The vpn client is a strongswan ipsec client, I want to connect the
machine to my workplace LANCOM router using plain IKEv2 and certificate
based authentication.
First, I installed my vpn setup in a standard Debian environment on a
test machine without using qubes. This worked perfectly fine and I had
nothing to do more than just copy the certificates and the configuration
scripts ipsec.conf and ipsec.secrets.
The next step was to install strongswan on a proxy vm exactly the same
way as before. As qubes vms uses nat-based networking, I setup port
forwarding for udp port 500 from sys-net to sys-firewall to proxy-vm as
described here:
https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world
Unfortunately, this obviously didn't work. After the connection has
established, virtual ip address 192.168.10.205 was assigned, as well as
two new dns server adresses 192.168.10.1 and another one. I ran
configuration script /usr/lib/qubes/qubes-setup-dnat-to-ns, created a
new disposable vm using proxy-vm as network provider and tried
connecting to a random website and ping 192.168.10.1. Both did not work.
A ping to 8.8.8.8 surprisingly succeded, though.
So my question is: Which extra steps do I have to do to make vpn working
in a proxy-vm? I am not using a network manager plugin because
strongstran plugin version does not establish a connection and seems
buggy. The current version is very old and seems to not support the
network manager version installed in qubes.
Does anyone have managed to succeed in installing an ipsec vpn with
qubes?
It is really important for me as my boss is getting seriously impatient
with me (I try to setup vpn with many different machines since half a
year. At least i managed to get the router, windows clients and standard
linux clients to work, but qubes is very important to him).
Thank you very much for help.
Supraleiter
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e378fe5a932bb27ef8f8ec397f1d40c8%40posteo.de.