On 11/30/2017 11:44 PM, Michael Siepmann wrote:
On Jun 12, 2017, Andrew Morgan wrote:
Did you follow the "Set up a ProxyVM as a VPN gateway using iptables and
CLI scripts" section of the Qubes VPN docs
(https://www.qubes-os.org/doc/vpn/
<https://www.qubes-os.org/doc/vpn/> )?
If so you should be good just to execute the `/rw/config/rc.local` file
on your VPN VM after every suspend either manually, through a keyboard
shortcut (which I do personally with the following command):
qvm-run -i root sys-vpn "/rw/config/rc.local"
I followed the "Set up a ProxyVM as a VPN gateway using iptables and
CLI scripts" instructions but for me executing "/rw/config/rc.local"
doesn't make it work again.
I've also tried commenting out or deleting "persist tun" from my
OpenVPN config file, as Chris Laprise as suggested in the thread "is
vpn made manually, not supposed to restart after suspend?" on May 21
but that isn't helping either.
My current workaround is a script I wrote in dom0 that first does
"qvm-prefs VMname -s netvm none" for all the VMs I normally have
running that use sys-vpn (my ProxyVM VPN gateway), then shuts sys-vpn
down, waits 10 seconds, starts sys-vpn, then does "qvm-prefs VMname -s
netvm sys-vpn" for all those VMs.
Any ideas what could be going on so that neither executing
/rw/config/rc.local nor commenting out "persist tun" works in my case?
I have a couple ideas as to workarounds. Instead of re-starting sys-vpn,
you could:
qvm-run -u root sys-vpn 'pkill openvpn'
qvm-run -u root sys-vpn 'sh /rw/config/rc.local'
...before you re-enable the netvm prefs.
Also, one thing that changing the netvm prefs does is to trigger
qubes-firewall-user-script to run again. You might compare the state of
iptables before and after your workaround to see if something went
missing after waking from sleep. If that's the case, you could just
trigger the script as a third command added to the above.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0fdf5dca-12c4-9709-1bf8-824b18d59cac%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
