On 2/14/19 5:55 PM, Otto Kratik wrote:
Just reviving a thread of mine from a few months ago with a related follow-up 

When trying to connect to a VPN using openvpn from a Debian-9 AppVM within 
Qubes, I could connect but instantly lost DNS resolution which rendered the 
connection unusable.

Installing he package 'resolvconf' and adding the following lines to the .ovpn 
script supplied by the VPN provider:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

...solved the issue and I was able to achieve full connectivity through the VPN.

Now, when trying to *disconnect* from that VPN using Ctrl-C from command line 
(or any other method) I am able to end the connection, but the DNS assignment 
does not appear to automatically reverse/undo and revert to the default
DNS servers provided by sys-net within Qubes, namely And as a 
result I once again cannot connect to any websites due to lack of functioning 
DNS lookup.

Having done a bit of research I've tried using commands like:

sudo ifconfig tun0 down
sudo ip link delete tun0

..but in both cases I get a response that 'tun0 does not exist' or something 

Is there any extra step needed to completely drop the VPN connection and revert 
to using normal sys-net connectivity, without requiring a restart of the AppVM 

If I manually examine /etc/resolv.conf within the AppVM it still shows the 
default sys-net DNS entries as expected, so there must be some additional
command needed to fully end the connection and revert to normal.

What am I missing?


I believe it would be helpful if you indicate which method you have used to create the VPN per the URL there ....

perhaps it is more obvious to others ....

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to