I set up a proxyVM with openvpn following the instructions from https://www.qubes-os.org/doc/vpn/.
I cannot do DNS query over the VPN, for example this command executed from a VM connected to the Proxy:
[user@fedora-23-dvm ~]$ dig www.google.com
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
Executing 'dig @8.8.8.8 www.google.com' works well.
What am I doing wrong?
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- any any anywhere 10.137.5.1 udp dpt:domain to:10.137.2.1
0 0 DNAT tcp -- any any anywhere 10.137.5.1 tcp dpt:domain to:10.137.2.1
0 0 DNAT udp -- any any anywhere 10.137.5.254 udp dpt:domain to:10.137.2.254
0 0 DNAT tcp -- any any anywhere 10.137.5.254 tcp dpt:domain to:10.137.2.254
The qubes script is nonetheless correctly started because I see the notification "VPN is up".
It did work. Thank you again!
I wonder what is changing the NAT rules. I only see one 'up' directive in the openvpn configuration, the one calling the qubes script. Maybe something from Qubes itself? It's correct that the ProxyVM should be connected to sys-firewall right?
It happened because I did first test my VPN with the instructions (https://www.qubes-os.org/doc/vpn/) following the "Using NetworkManager" section as a quick test, to only later set it up without it.
Thanks again. I hope this thread will be useful for others facing similar problems.