On 04/06/2018 09:08 AM, vel...@tutamail.com wrote:
Thanks Chris...again thank you for the effort! This tool is great...
Does it matter that Private internet access provides 3 seperate files (key,
cert and client config)?
Yes it matters. You should put all of them in the /rw/config/vpn folder
or the config won't work.
I have the proxy AppVM set up with "provides network"(proxy) checked, I have
tried a setup in proxy only and a setup in Template/Proxy, PVH(tried PV...similar to
3.2)...I don't think it is the setup as much as the configuration of the template?
No need to mess with virt type... default PVH is fine.
I installed GNOME and Openvpn (Using those names specifically) in Debian, no
additional packages installed in stock fedora...
I feel like I am missing a very basic command or tweak, whonix works, wireless
works, sys-firewall works...any help would be appreciated. It seems something
releated to PIA VPN configuration or VPN-handler-openvpn
I'm using Debian 9 also and just did a test with PIA. On my system the
service fails initially then restarts 10sec later because the firewall
rules take time to set up. It works fine this way. If you want to avoid
the initial failure and restart, add a 2sec delay "sleep 2s" in rc.local
just before the first systemctl command; it will start quicker.
Here are my logs/commands from your suggestions:
root@sys-VPNb5:/home/user# ls -l /rw/config/qubes-firewall.d
lrwxrwxrwx 1 root root 38 Apr 5 13:16 90_tunnel-restrict ->
root@sys-VPNb5:/home/user# iptables -v -L FORWARD
The iptables and qubes-firewall.d look correct. But the logs you added
look garbled. Can you capture the following and attach it to a reply in
sudo journalctl -u qubes-vpn-handler >qvpn.log
tar -czf qvpnlog.tgz qvpn.log
Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.