On 08/15/2016 01:05 PM, kotot...@gmail.com wrote:
Thank you very much for your help. The DNS are transmitted but the rules in the 
firewall seems to be missing:

Chain PR-QBS (1 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 DNAT       udp  --  any    any     anywhere             10.137.5.1 
          udp dpt:domain to:10.137.2.1
     0     0 DNAT       tcp  --  any    any     anywhere             10.137.5.1 
          tcp dpt:domain to:10.137.2.1
     0     0 DNAT       udp  --  any    any     anywhere             
10.137.5.254         udp dpt:domain to:10.137.2.254
     0     0 DNAT       tcp  --  any    any     anywhere             
10.137.5.254         tcp dpt:domain to:10.137.2.254

The qubes script is nonetheless correctly started because I see the notification 
"VPN is up".

Something else may be running a dnat script when you connect, because that is the only thing that would be re-populating PR-QBS with the Qubes internal IPs.

To test this theory, you could put a 7sec delay in qubes-vpn-handler.sh right before the line 'iptables -t nat -F PR-QBS'. Then the right IPs should appear in PR-QBS.

Alternative theory is that somehow openvpn is passing the internal IPs to the script, but I think that's unlikely.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1010675-628e-206e-979a-3cf2d49f7671%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to