On Wednesday, April 18, 2018 at 5:36:37 AM UTC-4, Chris Laprise wrote: > On 04/17/2018 11:42 PM, Chris Laprise wrote: > > On 04/17/2018 09:20 PM, JonHBit wrote: > > >> Worked well for me using a debian-9 template & commit 4e96ca8, only > >> trouble was that my VPN provider's configs used > >> /etc/update-resolv-conf and failed silently when it was missing - so > >> shipping it with qubes-tunnel and installing it by default may be > >> helpful. > > > > Thanks! > > > > This issue just became apparent to me when another user reported it. The > > underlying problem is a bug (or several bugs) in openvpn's option parsing: > > > > https://github.com/tasket/Qubes-vpn-support/issues/19 > > > > It only shows up when the config specifies its own scripts which is > > rare. I'm trying out a workaround now which involves: > > > > 1. Removing the paths in the up & down options in the .service file. > > > > 2. Moving the up & down options to the beginning just after the openvpn > > command. > > > > 3. Symlinking the up/down script from /usr/lib/qubes to the > > /rw/config/qtunnel dir. > > > > Hopefully this will override the config's up/down settings as intended. > > I had to use a different approach but it should be fixed now. Update it > by copying new version to template and running installer. Then you'll > need to remove the 'qubes-tunnel' Qubes service for the proxyVM and add > 'qubes-tunnel-openvpn' instead. > > > -- > > Chris Laprise, [email protected] > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Hi Chris, Good to see the update! However I think that's a separate issue; what I'm referencing is these lines in my .ovpn config: script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf The VPN installer script will normally download this if it's missing - used to change the DNS server to the VPN-provided one. The script is here: https://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh After adding it everything worked well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08de9d8f-d104-4b46-b2e2-e7bc3abe976d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
