On 08/20/2017 05:38 PM, 'PhR' via qubes-users wrote:
Hello,
I have successfully setup a fedora 25 bases ProxyVM, which has Cisco's
Anyconnect Secure Mobility Client installed.
I can successfully connect via VPN and can also ping/reach servers via
VPN.
Unfortunately the App-VM which uses the VPN Proxy VM can't connect.
The Setup:
sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM)
As I can connect from the Proxy my-vpn VM, it seems the problem is
between the connection of my App-VM to the new Proxy VPN VM.
How can I troubleshoot and investigate the issues?
- PhR
You could ping a known IP address from the appVM. If it works the
problem is likely limited to DNS.
In the proxyVM, check the contents of /etc/resolv.conf after your Cisco
client connects. If its updated (not a 10.137.x.x number) you can run
/usr/lib/qubes/qubes-setup-dnat-to-ns to enable DNS forwarding over the VPN.
Another setting to check is /proc/sys/net/ipv4/ip_forward which should
contain a value of '1'. Also, the iptables 'POSTROUTING' chain should
have a masquerade target:
$ cat /proc/sys/net/ipv4/ip_forward
$ sudo iptables -L -t nat
-
Chris Laprise, [email protected]
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8b65b147-fb6d-d840-4fba-77eeb646ae5f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.