Re: [qubes-users] setting up vpn issue
Hi Nick, In case it's any use to you; I had a couple of vpns working on Q3.2 until about a week ago (moved to 4.0) and one of them was Expressvpn. What I did to set it up: Make a clone of my up to date fedora template ( or use Debian or whatever you like). Allow network access in that template. Then put firefox in the template's applications (and set up it's privacy to your liking) - you need only go to the Expressvpn's https site - and you're going to trust them anyway. (Plus it's a clone template.) Install Expressvpn following their instructions for the linux (appropriate Fedora package) into that template from their website. Then follow the easy instructions (Expressvpn site) and activate on the template. If you want to you can now connect to the vpn - expressvpn connect - in the command line of the template and go to (for example), https://www.dnsleaktest.com/ in your firefox to test it's working ok. . Close network access again on the template. Then make a proxy vm based on that new clone template as described in the qubes documentation: https://www.qubes-os.org/doc/vpn/ Set it with sys-firewall as it's netvm. Then connect to Expressvpn in your new proxy (I called mine sys-vpn-exp) - to get a list of commands - expressvpn help - in the command line. Set any appvms you want to go through that new proxy vpn (sys-vpn-exp) to have it as their netvm. Then open firefox in one of the appvms that go through your new sys-vpn-exp proxy and to test it - personally I mostly use: https://www.dnsleaktest.com/ or Expressvpn have their own dns leak test facility. Where ever. . The Expressvpn site has instructions for qubes but they want you to set up in the sys-net vm which means everything goes through them. I do it the above way because it's easy and you can use other vpn providers as well for some of your other appvms if you want to. It works fine. Or you could use: https://github.com/tasket/Qubes-vpn-support as suggested above - I use that for one of my vpns in Qubes 4 and it's excellent but it's more involved. Also harder to change which server / country you want to come out of. cheers, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbc47b88-00dd-4a74-8feb-6e6a41b07f9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
Hi Chris, yes it worked... now I added the dns provided by ExpressVPN. thank you very much best regards Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f1f0427-65b0-47cf-af91-3c95c25cd993%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 04:07 PM, Chris Laprise wrote: On 09/02/2018 12:42 PM, Nicola Schwendener wrote: Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick If you can ping 8.8.8.8 or other numbers directly then the basic IP connection is working. DNS seems to be the problem. They're assigning '10.54.0.1' as DNS. You could try replacing that with 8.8.8.8 for instance. The way to do this is in the Qubes-vpn-support readme page... basically add a line to your ovpn config file like: setenv vpn_dns '8.8.8.8' Then restart the VM. I should note there are privacy concerns about using a third-party DNS server (8.8.8.8 is operated by Google). But I would still use this for testing purposes and if it works, then contact ExpressVPN support to let them know their own DNS server isn't working. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe13159a-6e07-c0fc-fccc-ad9ef28e58a8%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 12:42 PM, Nicola Schwendener wrote: Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick If you can ping 8.8.8.8 or other numbers directly then the basic IP connection is working. DNS seems to be the problem. They're assigning '10.54.0.1' as DNS. You could try replacing that with 8.8.8.8 for instance. The way to do this is in the Qubes-vpn-support readme page... basically add a line to your ovpn config file like: setenv vpn_dns '8.8.8.8' Then restart the VM. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58b626df-d92e-bbf2-08e1-1a599f5fd94d%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
Hi Chris, thank you for your reply: this is what I got: Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 SENT CONTROL [Server-2203-1a]: 'PUSH_REQUEST' (status=1) Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.0.106 10.54.0.105' Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 OPTIONS IMPORT: timers and/or timeouts modified -- Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Sun Sep 2 18:37:07 2018 /usr/lib/qubes/qubes-vpn-ns up tun0 1500 1606 10.54.0.106 10.54.0.105 init Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Using DNS servers 10.54.0.1 Sep 02 18:37:07 sys-vpn-Express qubes-vpn-setup[654]: Chain QBS-FORWARD (1 references) from the Personal VM connected via ProxyVM I cannot resolve anything... but I can ping 8.8.8.8... thank you again Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48391e1a-2c79-4550-8030-a4093a7db1fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] setting up vpn issue
On 09/02/2018 11:39 AM, Nicola Schwendener wrote: Hello all, I'm an happy user of Qubes OS 3.2 that just installed a new Laptop with Qubes OS. I'm installing right now a new Proxy (or AppVM with network) for my expressVPN connection. I'm right now stuck with the VPN service that seems to start correctly (both following the official Doc: https://www.qubes-os.org/doc/vpn/ and the https://github.com/tasket/Qubes-vpn-support service. both of them ping 8.8.8.8 but once I ping www.google.com I cannot resolve anything. I've just updated the appvm to the fedora-28 but still same problem. The Qubes-vpn-support is the easier one to configure and troubleshoot. Have you looked at the proxyVM log with 'journalctl'? It should have a line saying "Using DNS servers ..." with the addresses. Near the end it should also say "Initialization sequence completed". When you try ping, is it from a downstream appVM (a regular appVM that is connected to the proxyVM)? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3890bdf-e201-3b3b-ef88-9673f9cbdbec%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] setting up vpn issue
Hello all, I'm an happy user of Qubes OS 3.2 that just installed a new Laptop with Qubes OS. I'm installing right now a new Proxy (or AppVM with network) for my expressVPN connection. I'm right now stuck with the VPN service that seems to start correctly (both following the official Doc: https://www.qubes-os.org/doc/vpn/ and the https://github.com/tasket/Qubes-vpn-support service. both of them ping 8.8.8.8 but once I ping www.google.com I cannot resolve anything. I've just updated the appvm to the fedora-28 but still same problem. is there anyone that can help me or has any configuration working? thank you very much best regards Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f6a55265-ab68-4754-a442-7a1be4c13449%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
