On 08/21/2017 05:19 PM, PhR wrote:
Any more ideas?
- PhR
Some more questions:
Is this Qubes 3.2?
What changes does the Cisco client make to the routing table ('route'
command)?
What changes (if any) to 'FORWARD' chain ('iptables -L')?
Does running '/usr/lib/qubes/qubes-setup-dnat-to-ns' update the PR-QBS
chain ('iptables -L -t nat)? Does that allow appVM to communicate?
What firewall rules are in the appVM's settings (Qubes Manager)? For
testing (and probably for use) it should be set to "Allow network access
except" and also allow DNS and ICMP with a blank list below.
Is the appVM based on a regular Linux template such as fedora-25 or
debian-8?
Further:
The 'vpnc' package may be a viable alternative to Anyconnect (the open
source counterpart is 'openconnect'). Also, Network Manager has an
openconnect plugin; you would need to install the plugin in the template
then enable NM for the proxyVM.
If you request help from the Cisco community, you can describe the
proxyVM as being like an external router, but my limited searching
suggests Cisco doesn't support this type of configuration.
Another option: Simply run the Anyconnect client in the appVM (no
proxyVM for the VPN client). This may be the simplest route.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5ca02e5c-9a53-e1ad-c7e9-bd0ed40ea39d%40posteo.net.
For more options, visit https://groups.google.com/d/optout.