Hello Chris,
thanks for yor answer.
On Thu, 3 Jan 2019 at 03:55, Chris Laprise <tas...@posteo.net> wrote:
> > I thought I found out how to have OpenVPN auto-connect after the sys-vpn
> > AppVM has launched:
> >
> > 1) right click in on the network manager applet icon of the sys-vpn AppVM
> > 2) edit connections
> > 3) Choose the ethernet (NOT the VPN connection) and then preferences
> > 4) 1st Tab "General" choose "Automatically connect to VPN when using
> > this connection"
> > and choose the ExpressVPN connection here.
> >
> > As far as I understand this makes it unnecessary to run step 4 from the
> > Qubes VPN howto.
>
> Actually IIRC step 4 was added because NM also has (or had) a bug in its
> automatic VPN startup.
>
As mentioned enabling the option "Automatically Connect to VPN..." is not
persistent between rebooting the AppVM.
I have done some research and found out that if I enable this setting the
following file will be changed:
/etc/NetworkManager/system-connections/qubes-uplink-eth0
Under the section [connection] you will find a new line which says:
secondaries=UUID;
This UUID is referencing to the UUID in the OpenVPN Connection file.
If I reboot the AppVM the change is not persistent.
The line is also present in
/rw/config/NM-system-connections/qubes-uplink-eth0
What do I need to do, so that this change will survice a reboot?
> > Only step 5 ("Make the network fail-close for the AppVMs f the
> > connection to the VPN breaks") is then needed.
> Recommended.
>
and implemented :-)
[...]
> Under various circumstances, your vpn vm could behave like sys-firewall
> when the vpn connection stops. In such cases, traffic could pass through
> without encryption. The best blanket policy to stop any chance of that
> happening is in step 5.
>
ok, thanks for the clarification.
- O
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tHJqSemqYMMu%2Brc-wPNoXe9mYQW%3D%3DU6kPj_8T_k96pYg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
