Open linuxfan1000 opened 3 years ago
@linuxfan1000 First, a caveat that if you're running Tor inside that VM it could interfere with openvpn (I realize it could be just the way you named the VM).
The test you're doing with 'openvpn' command probably won't work with domain name addresses because of the special situation of running the test in Qubes. At this stage in setup, its better to have a couple known IP addresses handy and ping
them. But if you want to test a domain name anyway, you can try it by running /usr/lib/qubes/qubes-setup-dnat-to-ns
after openvpn says 'Initialization Sequence Completed', then try accessing your site.
Thank you for your reply.
There is no Tor instance running inside that Qube TorVPN in which I had installed openvpn. It was created with the Debian 10 template.
I tried to ping 8.8.8.8 with no success. There is no reply at all, not even a timeout, etc.
I also ran the command /usr/lib/qubes/qubes-setup-dnat-to-ns after the message
"Initialization Sequence Completed" and then tried to reach a site in Firefox (not torbrowser) of the TorVPN qube. Nothing. The browser window stays blank.
It works with TCP and UDP servers, right?
Any other idea?
It works with either TCP or UDP.
If this is testing at the end of step 2, then Qubes-vpn-support has no effect on the connection at this point. That's why its there, to show if there are underlying connection problems before continuing with the install.
One thing you might try is pinging something after the VM starts, before you run openvpn.
Another thing is to copy your VPN configs into sys-net VM, and then try the openvpn command and ping from there (but be aware, this means putting your password in an untrusted VM).
If I do a ping 8.8.8.8 before issuing the command
sudo openvpn --cd /rw/config/vpn --config vpn-client.conf --auth-user-pass userpassword.txt
then it works. The above command is what I use to start openvpn, correct? Sorry, I an not a linux guru.
That looks right.
I can't tell without seeing the config file. But one thing that has worked in the past is to add this line to the config file:
redirect-gateway def1
Please forgive my ignorance. Which config file? I can post it. What is the path to the file?
The one that's specified on the command line: 'vpn-client.conf'
Here is the content of the vpn-client.conf file:
client
dev tun0
proto udp
remote 51.68.152.226 53
remote pl226.vpnbook.com 53
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
....
....
.....
.....
Try changing the redirect-gateway
line to redirect-gateway def1
I changed it to redirect-gateway def1
and restarted the qube and started openvpn but that did not fix it either.
Any other idea? Can it really be that difficult?
The vpnbook.com site doesn't provide much help. There is only a very basic command line setup guide for Ubuntu. To me, that says Linux support was an afterthought and they might not have tested it with Linux recently after making server changes (only a guess).
As an alternative, you could try setting it up in the Network Manager GUI. The Qubes documentation page has a vpn guide that mentions how to start that process by enabling NM for the vpn vm, then you can add a vpn connection in NM and tell it to import your vpnbook config file.
Also consider testing the vpn on a regular Linux. I mention this because there's a non-zero chance that something is wrong with Qubes networking on your system, and if it works on say Ubuntu, then you'll know there is probably a Qubes issue.
Dear developers of this script/instructions Dear community
Today I tried to set up the VPN according to the instructions. I tried vpnbook.com with the UDP and TCP files.
I created a TorVPN AppVM based on Debian 10 in which I performed all the setup. When I issue the command
sudo openvpn --cd /rw/config/vpn --config vpn-client.conf --auth-user-pass userpassword.txt
I get a lot of output in the terminal:
When I start firefox in the same AppVM and try to check www.showmyip.com nothing happens. Then when I press CTRL+C in the terminal to end the script firefox will load the homepage showing my real IP.
What am I doing wrong?