On Tuesday, February 19, 2019 at 2:53:22 PM UTC-5, Jon deps wrote: > https://www.qubes-os.org/doc/vpn/ > > I believe it would be helpful if you indicate which method you have > used to create the VPN per the URL there .... > > > perhaps it is more obvious to others ....
Thanks for your reply - sorry I somehow missed seeing it earlier. I managed to sort of figure out what is going on and sort of fix it. I am using the super-simple method of just invoking "openvpn whatever.ovpn" from terminal within an AppVM itself, rather than creating a dedicated proxy or gateway as suggested in the docs. What is happening is the following.. Initially before connecting to the vpn, the file /etc/resolv.conf contains the default Qubes sys-net dns entries, namely: nameserver 10.139.1.1 nameserver 10.139.1.2 When the vpn connects, it uses update-resolv-conf to overwrite the contents of that file. It places some comment-text near the top and changes the nameserver entries to its own, which is good and wanted of course. No complaints. When terminating the vpn connection by any means available (I tried several different ones), openvpn again automatically updates that /etc/resolv.conf file, but *only* to remove the entries it placed there, nothing more. The comment-text is left intact and the nameserver entries are simply deleted, resulting in a more or less empty and useless file and no DNS resolution whatsoever. The script does not seem to store and remember the previous entries that were there before (sys-net defaults) and replace them when finished. It just erases everything and leaves it like that. Thus after disconnecting the vpn I have to go back into that file and manually re-add the sys-net entries to regain DNS resolution functionality. Ultimately I'm just going to write a short bash script that puts the needed entries back after disconnection, which I'll run at termination every time. I don't know enough about openvpn to instruct it to "always run this extra script upon disconnection", though I'm sure there must be a relatively easy way to do so. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2924a4fe-1416-43c6-b241-7b87c5b3476f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
