A way to restart VpnVM same as can reload/restart tor?

[Gaiko Kyofusho]

I have issues with my VPN connection dropping, or not starting back up when my laptop comes out of sleep. I have had to resort to restarting the VPN but its of course not as simple as restarting the VpnVM (I don't think?). After some reading I added a line to my openvpn-client.ovpn:

resolv-retry infinite

but that doesn't seem to help the problem. Is there a way to restart OpenVPN in the VpnVM with a command instead of haveing to either shutdown or switch all VMs that are using the VpnVM (as a netvm), then restarting the VpnVM (kind of a pain). 

Thx

[Chris Laprise]

It depends on how you set up the VPN. If you used the Qubes doc
instructions then you would need to open a terminal and do something like:

$ sudo pkill openvpn
$ sudo /rw/config/rc.local

Its also possible to change the rc.local script so it runs openvpn from
a terminal window so you can easily see the status, stop it, etc.

OTOH, if you used instructions that include a systemd service like this:
https://github.com/tasket/Qubes-vpn-support

...then you can simply use 'systemctl' functions like stop/start/status
to control openvpn.

--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[Chris Laprise]

On 05/05/2017 09:55 PM, Chris Laprise wrote:
> $ sudo pkill openvpn
> $ sudo /rw/config/rc.local

I meant to say the first command stops openvpn, and the second starts it.

Of course, sys-net also has to make its connection after wake from sleep
before openvpn can re-connect. So check first that the problem isn't
with the sys-net connection.

[Andrew Morgan]

> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
> qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>.
> To post to this group, send email to
> qubes...@googlegroups.com
> <mailto:qubes...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/CAGpWZxOZTuWJGhFfGTbf-PVmtx8uTkLH_aRtMhap1%3DF4P3oONw%40mail.gmail.com
> <https://groups.google.com/d/msgid/qubes-users/CAGpWZxOZTuWJGhFfGTbf-PVmtx8uTkLH_aRtMhap1%3DF4P3oONw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

I had this same issue, and solved it by including the line from Chris in
my rc.local file (sudo pkill openvpn), and making a keyboard shortcut in
dom0 to re-run rc.local in my VPN VM.

The command that you want to bind your keyboard shortcut is as follows:

qvm-run -u root sys-vpn "/rw/config/rc.local"

Change sys-vpn to the name of your VPN VM.

This all assumes you followed the iptables and CLI scripts section of
the Qubes VPN docs: https://www.qubes-os.org/doc/vpn/

That section also sets up VPN as soon as your VPN VM launches and
prevents any non-VPN traffic from leaking so I highly recommend it!

Andrew Morgan

[Chris Laprise]

On 05/06/2017 10:09 PM, Gaiko Kyofusho wrote:
> Thx, I created it uisng the Qubes Doc instructions. So perhaps I could
> combine the two lines you wrote to make it a bit shorter?
>
> alias rstopvn="sudo pkill openvpn && sudo /rw/config/rc.local"
>
> maybe?

In this case using a ';' semicolon between the commands instead of '&&'
makes sense, because openvpn may not be already running.

BTW, another thing you could do instead is to add an infinite loop to
the end of rc.local:

while true; do
sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
done

Yet another thing you can try (because I'm recalling my early
experiences with openvpn) is to comment-out the "persist tun" line in
your ovpn file. Openvpn can experience problems trying to re-use tun
devices, and that can cause it to quit when trying to re-connect. This
is the simplest remedy.