On Saturday, 15 September 2018 04:21:53 UTC+1, Wolf moon wrote: > Hi guys New to Qubes ( which is an amazing feat of cyber security engineering > ) all working fine and learning my way around it. > > My only issue is logging into my vpn service. > > I have followed the Qubes instructions ( which the images are different to > Qubes 4.0 and after searching the net on this matter someone said that this > is a shot of the previous Qubes so not helpful there ) I also contacted my > vpn service on the matter. They read up on the Qubes instructions and emailed > me back a step by step guide but still no joy. > > My vpn service works well on my Raspberry Pi 3 in the command line ( which I > found simple instructions for elsewhere on the internet ) and works fine on > my windows 10 system as its got an app interface you download. > > Its just Qubes I am having issues with. I am by no means a hardcore techy, I > am learning and not afraid or unfamiliar using the command line in linux. > > I have contacted the Qubes team after trying my best effort to resolve this > on my own as I know they are a small team of 5 or so last time I checked. > > Any help and advice would be greatly appreciated. > > Best, > > Wolf Moon
Okay guys so I am signed up to Nordvpn. ( To note: I always update everything in Qube manager ) I started off by google searching how to set up a vpn on qubes. I dont have every forum page be it google groups or reddit page saved I read unfortunately. But they generally instructed me to do go through the steps to set up a vpn as Qubes instructs on their page https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager Specifically Set up a ProxyVM as a VPN gateway using iptables and CLI scripts What I was referencing referring to the diagram/photo being outdated or of the old version of Qubes prior to 4.0 was the Dom0 create a new Vm. It just comes up looking different which is what one of the OPs mentioned on one of the how to guides I found. Moving forward. Certain commands didn't work like sudo which after googling one forum posted in Qubes you dont use sudo much, dnf ( what ever that is ) is used instead which is what I used. I created a Qube named it Nordvpn > Template > Fedora-26 > Networking > sys-net Appvm >From there the rest of the instructions didn't work on Qubes for me. Apart from downloading the nord config files successfully which are in my nordvpn documents folder with all the server addresses as txt files eg uk648.nordvpn.comtcp443.ovpn Also was instructed to download nano reader and a few other things. My cd ls in my nordvpn terminal is as follows Desktop Music Templates nano.save Documents Pictures Videos openvpn-client.ovpn.txt Downloads Public auth-user-pass pass.txt ( To note and jumping ahead: following tasket's Reddit page on Qubes vpn set up instructions I added vpn-handler-openvpn to services in the appvm I named Nordvpn ) So from there comes Nordvpns reply ( they were very helpful before helping me successfully setting up my vpn link on my Raspberry Pi ) I received this email: Hello, Adam, I have checked your OS documentation and it would be great if you could test out the following setup: Disable any auto-starting service that comes with the software package. For example for OpenVPN. sudo systemctl disable openvpn.service You may also wish to install nano or another simple text editor for entering the scripts below. Now run the following command to create VPN directory: sudo mkdir /rw/config/vpn Enter the directory using the following command: cd /rw/config/vpn Then our website - https://nordvpn.com/servers/#recommended , on the server picker you will see recommended server number. Then open https://nordvpn.com/ovpn/ website and download recommended server file. You can download directly to device and transfer to your VM or use command to download from the hyperlink: sudo wget https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/us1310.nordvpn.com.udp1194.ovpn (Change the last line of server name to download the correct file). Then rename downloaded file to client.ovpn The VPN client may not be able to prompt you for credentials when connecting to the server. Create a file in the /rw/config/vpn folder with your credentials and using a directive. For example for OpenVPN, edit: auth-user-pass to: auth-user-pass pass.txt Save file /rw/config/vpn/client.ovpn. Make sure a /rw/config/vpn/pass.txt file actually exists. sudo nano /rw/config/vpn/pass.txt Add: username password Replace username and password with your actual username and password. Test your client configuration: Run the client from a CLI prompt in the ‘vpn’ folder, preferably as root. For example: sudo openvpn --cd /rw/config/vpn --config client.ovpn Watch for status messages that indicate whether the connection is successful and test from another VPN VM terminal window with ping. ping 8.8.8.8 ping can be aborted by pressing the two keys ctrl + c at the same time. DNS may be tested at this point by replacing addresses in /etc/resolv.conf with ones appropriate for your VPN (although this file will not be used when setup is complete). Diagnose any connection problems using resources such as client documentation and help from your VPN service provider. Proceed to the next step when you’re sure the basic VPN connection is working. Set up the VPN’s autostart. sudo nano /rw/config/rc.local Clear out the existing lines and add: #!/bin/bash VPN_CLIENT='openvpn' VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon' su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user groupadd -rf qvpn ; sleep 2s sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS" If you are using anything other than OpenVPN, change the VPN_CLIENT and VPN_OPTIONS variables to match your VPN software. Save the script. Make it executable. sudo chmod +x /rw/config/rc.local Restart the new VM! The link should then be established automatically with a popup notification to that effect. Let us know how it will go! But..starting out I fell over the first hurdle. in the Nordvpn terminal I typed in Sudo systemctl disable openvpn.service message back: Failed to disable unit: Unit file openvpn.service doesn not exist. That is where I am now. Any help and suggestions will be greatly appreciated. Best, Wolf moon -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ca3a566-d956-4e66-98e7-fb9634dd4a20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
