On Tuesday, September 18, 2018 at 12:02:51 PM UTC+2, Wolf moon wrote: > On Tuesday, 18 September 2018 10:46:44 UTC+1, Антон Чехов wrote: > > On Tuesday, September 18, 2018 at 10:37:06 AM UTC+2, Wolf moon wrote: > > > On Saturday, 15 September 2018 04:21:53 UTC+1, Wolf moon wrote: > > > > Hi guys New to Qubes ( which is an amazing feat of cyber security > > > > engineering ) all working fine and learning my way around it. > > > > > > > > My only issue is logging into my vpn service. > > > > > > > > I have followed the Qubes instructions ( which the images are different > > > > to Qubes 4.0 and after searching the net on this matter someone said > > > > that this is a shot of the previous Qubes so not helpful there ) I also > > > > contacted my vpn service on the matter. They read up on the Qubes > > > > instructions and emailed me back a step by step guide but still no joy. > > > > > > > > My vpn service works well on my Raspberry Pi 3 in the command line ( > > > > which I found simple instructions for elsewhere on the internet ) and > > > > works fine on my windows 10 system as its got an app interface you > > > > download. > > > > > > > > Its just Qubes I am having issues with. I am by no means a hardcore > > > > techy, I am learning and not afraid or unfamiliar using the command > > > > line in linux. > > > > > > > > I have contacted the Qubes team after trying my best effort to resolve > > > > this on my own as I know they are a small team of 5 or so last time I > > > > checked. > > > > > > > > Any help and advice would be greatly appreciated. > > > > > > > > Best, > > > > > > > > Wolf Moon > > > > > > Okay guys so I am signed up to Nordvpn. ( To note: I always update > > > everything in Qube manager ) > > > > > > I started off by google searching how to set up a vpn on qubes. I dont > > > have every forum page be it google groups or reddit page saved I read > > > unfortunately. > > > > > > But they generally instructed me to do go through the steps to set up a > > > vpn as Qubes instructs on their page > > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager > > > > > > Specifically Set up a ProxyVM as a VPN gateway using iptables and CLI > > > scripts > > > > > > What I was referencing referring to the diagram/photo being outdated or > > > of the old version of Qubes prior to 4.0 was the Dom0 create a new Vm. It > > > just comes up looking different which is what one of the OPs mentioned on > > > one of the how to guides I found. > > > > > > Moving forward. > > > > > > Certain commands didn't work like sudo which after googling one forum > > > posted in Qubes you dont use sudo much, dnf ( what ever that is ) is used > > > instead which is what I used. > > > > > > I created a Qube named it Nordvpn > Template > Fedora-26 > Networking > > > > sys-net > > > Appvm > > > > > > From there the rest of the instructions didn't work on Qubes for me. > > > > > > Apart from downloading the nord config files successfully which are in my > > > nordvpn documents folder with all the server addresses as txt files eg > > > uk648.nordvpn.comtcp443.ovpn > > > > > > Also was instructed to download nano reader and a few other things. > > > > > > My cd ls in my nordvpn terminal is as follows > > > > > > Desktop Music Templates nano.save > > > Documents Pictures Videos openvpn-client.ovpn.txt > > > Downloads Public auth-user-pass pass.txt > > > > > > ( To note and jumping ahead: following tasket's Reddit page on Qubes vpn > > > set up instructions I added vpn-handler-openvpn to services in the appvm > > > I named Nordvpn ) > > > > > > So from there comes Nordvpns reply ( they were very helpful before > > > helping me successfully setting up my vpn link on my Raspberry Pi ) > > > > > > I received this email: > > > > > > Hello, Adam, > > > > > > I have checked your OS documentation and it would be great if you could > > > test out the following setup: > > > Disable any auto-starting service that comes with the software package. > > > For example for OpenVPN. > > > sudo systemctl disable openvpn.service > > > You may also wish to install nano or another simple text editor for > > > entering the scripts below. Now run the following command to create VPN > > > directory: > > > sudo mkdir /rw/config/vpn > > > Enter the directory using the following command: > > > cd > > > /rw/config/vpn > > > > > > Then our website - https://nordvpn.com/servers/#recommended , on the > > > server picker you will see recommended server number. Then open > > > https://nordvpn.com/ovpn/ website and download recommended server file. > > > You can download directly to device and transfer to your VM or use > > > command to download from the hyperlink: > > > sudo wget > > > https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/us1310.nordvpn.com.udp1194.ovpn > > > (Change the last line of server name to download the correct file). Then > > > rename downloaded file to client.ovpn > > > The VPN client may not be able to prompt you for credentials when > > > connecting to the server. Create a file in the /rw/config/vpn folder with > > > your credentials and using a directive. For example for OpenVPN, edit: > > > auth-user-pass > > > to: > > > auth-user-pass pass.txt > > > > > > Save file /rw/config/vpn/client.ovpn. Make sure a /rw/config/vpn/pass.txt > > > file actually exists. > > > sudo nano /rw/config/vpn/pass.txt > > > Add: > > > username > > > password > > > Replace username and password with your actual username and password. > > > Test your client configuration: Run the client from a CLI prompt in the > > > ‘vpn’ folder, preferably as root. For example: > > > sudo openvpn --cd /rw/config/vpn --config client.ovpn > > > Watch for status messages that indicate whether the connection is > > > successful and test from another VPN VM terminal window with ping. > > > ping 8.8.8.8 > > > ping can be aborted by pressing the two keys ctrl + c at the same time. > > > DNS may be tested at this point by replacing addresses in > > > /etc/resolv.conf with ones appropriate for your VPN (although this file > > > will not be used when setup is complete). Diagnose any connection > > > problems using resources such as client documentation and help from your > > > VPN service provider. Proceed to the next step when you’re sure the basic > > > VPN connection is working. > > > > > > Set up the VPN’s autostart. > > > sudo nano /rw/config/rc.local > > > Clear out the existing lines and add: > > > #!/bin/bash > > > VPN_CLIENT='openvpn' VPN_OPTIONS='--cd /rw/config/vpn/ --config > > > openvpn-client.ovpn --daemon' > > > su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." > > > --icon=network-idle' user > > > groupadd -rf qvpn ; sleep 2s > > > sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS" > > > If you are using anything other than OpenVPN, change the VPN_CLIENT and > > > VPN_OPTIONS variables to match your VPN software. Save the script. Make > > > it executable. > > > sudo chmod +x /rw/config/rc.local > > > Restart the new VM! The link should then be established automatically > > > with a popup notification to that effect. > > > > > > Let us know how it will go! > > > > > > But..starting out I fell over the first hurdle. > > > > > > in the Nordvpn terminal I typed in Sudo systemctl disable openvpn.service > > > > > > message back: Failed to disable unit: Unit file openvpn.service doesn not > > > exist. > > > > > > That is where I am now. > > > > > > Any help and suggestions will be greatly appreciated. > > > > > > Best, > > > > > > Wolf moon > > > > You cannot disable something that does not exist. Just move on to the next > > point. Did you enable the "provides network" option while creating your > > VPN-App? > > > > Creating a new VPN-app is looking like that for me, my apps stand for the > > country: > > > > Name: sys-vpn-austria > > Type: AppVM > > Template: Debian (or course you can use Fedora, but it should be 28, 26 is > > outdated!) > > Networking: default (sys-firewall) > > provides network: enabled > > > > The guide provided seems fine and you could check if the connection works > > but you should include the other scripts as well in order to make sure that > > all traffic is going through your vpn only. > > Yes I did enable provide network sys-net. > > Okay switched to the same settings you have in your vpn. > > Which particular guide are you referring to as there are a few. > > I am lost when you say include other scripts as I do not know what scripts > you are referring to.
I am used to this guide: https://www.qubes-os.org/doc/vpn/ starting here: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts There are scripts for DNS-handling, firewall and autostart included. I do not rename my ovpn-client file but use the original name instead (uk648.nordvpn.comtcp443.ovpn). Just pay attention to insert it whenever "openvpn-client.ovpn" is mentioned. This is important when creating the autostart script (point 6): The script would look like this: #!/bin/bash VPN_CLIENT='openvpn' VPN_OPTIONS='--cd /rw/config/vpn/ --config uk648.nordvpn.comtcp443.ovpn --daemon' su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user groupadd -rf qvpn ; sleep 2s sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS" This approach should be easier but I only tried it once. It did work fine for me: https://github.com/tasket/Qubes-vpn-support -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/861be9ba-5a14-4faf-9f42-75531ab6d334%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
