On 11/19/2018 03:01 PM, Otto Kratik wrote:
On Monday, November 19, 2018 at 12:27:40 PM UTC-5, Chris Laprise wrote:
It could be as simple as editing your /etc/resolv.conf so it contains
your VPN provider's DNS server (or other DNS server that you prefer)
instead of the Qubes internal routing addresses.
I'll give this a try, thanks. What mystifies me though is that I still have
Qubes 3.2 installed on an older laptop and can confirm that on that version,
none of these extra config steps are needed. I can activate and deactivate the
VPN connection at will on the fly from an AppVM terminal, and it works
flawlessly every time. Run openvpn and my IP address changes to the provider as
expected. Hit ctrl-c to terminate the connection, and it goes back to my
regular ISP-provided address as expected. Ideally I'd actually like to have
this ability it switch it on and off as many times as desired during any given
session, but maybe that's no longer possible in Qubes 4.
Qubes 4 networking is re-written and functions somewhat differently than
Qubes 3.x.
Also, I tried the instructions here:
https://github.com/tasket/Qubes-vpn-support/
..and they did not work. Everything seems to go okay, but after
copying/installing/linking everything as directed and then shutting down and restarting
the ProxyVM, it pops up the message "Ready to start link", and then just
repeatedly does that every 10 seconds or so. The link never actually goes up. Problem
isn't with the provider's .ovpn config file, since it works fine on Qubes 3.2 as well as
another mainstream Linux distro, with no issues at all.
Not sure if it's significant, but the service "vpn-handler-openvpn" does not
appear in the dropdown list of available services in the ProxyVM's settings screen, even
though the template on which it is based (Debian 9) most definitely has Openvpn installed
on it. I typed that service name in manually and it accepted it, but it also accepts any
garbage text entered as well, so no idea whether it's actually functioning properly or
not.
All that's required for that step is that you type "vpn-handler-openvpn"
correctly then click '+' and OK. You can go back to the list to make
sure it is there and checked.
Usually when "Ready to start" appears and there is no connection it
means there is an auth problem. The username or password may have been
mistyped, for instance. You can run 'sudo /usr/lib/qubes/qubes-vpn-setup
--config' to re-enter it.
To see what is happening check the log with 'sudo
/usr/lib/qubes/qubes-vpn-setup --config'.
I was also admittedly a bit confused about whether I needed to separately
install the qubes-tunnel package first, but the instructions didn't seem to
explicitly require it so I did not. Other than that, I followed them to the
letter but cannot get the link up.
qubes-tunnel is an alternate (re-named) version of Qubes-vpn-support;
use one or the other.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ba7c7865-7b83-6f24-8484-41518dd5f19a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
