On 08/20/2017 05:38 PM, 'PhR' via qubes-users wrote:
Hello,

I have successfully setup a fedora 25 bases ProxyVM, which has Cisco's Anyconnect Secure Mobility Client installed.

I can successfully connect via VPN and can also ping/reach servers via VPN.

Unfortunately the App-VM which uses the VPN Proxy VM can't connect.

The Setup:

sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM)

As I can connect from the Proxy my-vpn VM, it seems the problem is between the connection of my App-VM to the new Proxy VPN VM.

How can I troubleshoot and investigate the issues?

- PhR


You could ping a known IP address from the appVM. If it works the problem is likely limited to DNS.

In the proxyVM, check the contents of /etc/resolv.conf after your Cisco client connects. If its updated (not a 10.137.x.x number) you can run /usr/lib/qubes/qubes-setup-dnat-to-ns to enable DNS forwarding over the VPN.

Another setting to check is /proc/sys/net/ipv4/ip_forward which should contain a value of '1'. Also, the iptables 'POSTROUTING' chain should have a masquerade target:

$ cat /proc/sys/net/ipv4/ip_forward
$ sudo iptables -L -t nat

-

Chris Laprise, [email protected]
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b65b147-fb6d-d840-4fba-77eeb646ae5f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to