qubes vpn autostart
91 views
Skip to first unread message
botaniga
May 12, 2019, 12:32:43 PM5/12/19
to qubes...@googlegroups.com
Hello,
im new to qubes, and currently struggling with a new setup.
Key among the functions i need is a proxy-vm for vpn. Unfortunately, i find the instructions in the docs very confusing.I found the qubes-tunnel and the qubes-vpn-support project, i wasnt able to to get qubes-tunnel to work at all since the instructions are very vage and unclear, however, i managed to setup qubes-vpn-support, and as far as i can tell the anti-leak rules do work.
Now, my Questions:
- Whats the difference between them, and which one is safer/ leakproof?
- How do i setup an autoconnect via nmcli /Networkmanager?
The instructions in the docs clearly do not work at all.
I added the connection in the Network-manager, it does connect just fine when i select in the gui, but no autoconnect on proxy-vm-boot.
My vpn-provider doesnt require a passwd file, so i tried the following :
nmcli connection up "file-vpn-conn" eth0
nmcli c up "file-vpn-conn" eth0What did i do wrong? Im using a fedora-29 template.
thanks in advance.
Daniil Travnikov
May 12, 2019, 5:25:20 PM5/12/19
to qubes-users
If yes, did you try this doc from "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" ?
botaniga
May 13, 2019, 6:53:45 AM5/13/19
to qubes...@googlegroups.com, loadcorp@gmail.com>
No, i followed the instructions with from https://github.com/tasket/Qubes-vpn-support, and also tried "Set up a ProxyVM as a VPN gateway using NetworkManager" from the docs, in particular the autoconnect function, since the antileakfeatures from qubes-vpn-support seem a lot mot sophisticated to me.
The "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" instructions are way to complicated for me.Im confident using a shell and follow instructions, but im not a computer-expert nor programmer.
Also, as i understand, one doesnt have a graphical interface to quickly switch vpn-server (which i need) and i really like the Network-manager gui with the lock as kind of a doublecheck feature.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7b0469d-53c0-4eb7-8b04-0497be67b295%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
The "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" instructions are way to complicated for me.Im confident using a shell and follow instructions, but im not a computer-expert nor programmer.
Also, as i understand, one doesnt have a graphical interface to quickly switch vpn-server (which i need) and i really like the Network-manager gui with the lock as kind of a doublecheck feature.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7b0469d-53c0-4eb7-8b04-0497be67b295%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Chris Laprise
May 13, 2019, 8:04:13 AM5/13/19
to botaniga, qubes...@googlegroups.com
On 5/12/19 12:32 PM, 'botaniga' via qubes-users wrote:
> Hello,
> im new to qubes, and currently struggling with a new setup.
> Key among the functions i need is a proxy-vm for vpn. Unfortunately, i
> find the instructions in the docs very confusing.I found the
> qubes-tunnel and the qubes-vpn-support project, i wasnt able to to get
> qubes-tunnel to work at all since the instructions are very vage and
> unclear, however, i managed to setup qubes-vpn-support, and as far as i
> can tell the anti-leak rules do work.
The qubes-tunnel project is a renamed clone of Qubes-vpn-support. The
> Hello,
> im new to qubes, and currently struggling with a new setup.
> Key among the functions i need is a proxy-vm for vpn. Unfortunately, i
> find the instructions in the docs very confusing.I found the
> qubes-tunnel and the qubes-vpn-support project, i wasnt able to to get
> qubes-tunnel to work at all since the instructions are very vage and
> unclear, however, i managed to setup qubes-vpn-support, and as far as i
> can tell the anti-leak rules do work.
only difference is that the former requires a template installation, and
the docs for it are in a draft state (although, if you clicked through
to the draft vpn.md page they are not really vague).
FWIW, I wrote the current Qubes vpn doc CLI section, then created
Qubes-vpn-support to simplify setup and enhance link reliability.
> Now, my Questions:
> - Whats the difference between them, and which one is safer/ leakproof?
qubes-tunnel is in a holding pattern for inclusion in Qubes 4.1.
> - How do i setup an autoconnect via nmcli /Networkmanager?
> The instructions in the docs clearly do not work at all.
> I added the connection in the Network-manager, it does connect just fine
> when i select in the gui, but no autoconnect on proxy-vm-boot.
> My vpn-provider doesnt require a passwd file, so i tried the following :
setup with Qubes-vpn-support or qubes-tunnel (or the CLI instructions
from the Qubes vpn doc).
>
> |nmcli connection up "file-vpn-conn" eth0|
>
> |nmcli c up "file-vpn-conn" eth0|
> ||
>
> |What did i do wrong? Im using a fedora-29 template.|
>
> |thanks in advance.|
bug has been logged about a problem with Fedora 29. OTOH, you could try
using NM with Fedora 29 to see if that works.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
botaniga
May 13, 2019, 8:40:35 AM5/13/19
to Chris Laprise, qubes...@googlegroups.com
Thank you.
Well, NM works with my fed 29 template, so does qubes-vpn-support. The only thing i just cant get to work is the autoconnect at boot, anti-leak features do work.
Are there any mistakes in the nmcli-line i wrote?
Im sure the qubes-tunnel instructions make sense for somebody who knows what he is doing, but all i can do is follow step by step instructions :(.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Chris Laprise,tas...@posteo.net
Well, NM works with my fed 29 template, so does qubes-vpn-support. The only thing i just cant get to work is the autoconnect at boot, anti-leak features do work.
Are there any mistakes in the nmcli-line i wrote?
Im sure the qubes-tunnel instructions make sense for somebody who knows what he is doing, but all i can do is follow step by step instructions :(.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> Chris Laprise,tas...@posteo.net
Daniil Travnikov
May 14, 2019, 8:40:19 AM5/14/19
to qubes-users
I recommend you to try cli version of install like here:
https://www.youtube.com/watch?v=K1_zqT7_N7k
https://www.youtube.com/watch?v=K1_zqT7_N7k
But also you could try to do it like here in gui way:
https://www.youtube.com/watch?v=wYEmDZebow4
P.S. If you plan to use Qubes OS, I strongly recommend to learn cli-way of using. It is not too hard for newbies if we talking about step by step instructions. In most cases you can do not understand what are you doing, but it will still works. :)
botaniga
May 14, 2019, 10:03:27 AM5/14/19
to Daniil Travnikov, qubes...@googlegroups.com
Thanks. I will try the cli way, but as i understand, i wont have the networkmanager option of switching the vpn servers, which is a dealbreaker for me, i need to be able to easily switch vpn servers, see my current connections etc.
The gui way is the way ive done it, works great, so do the qubes-vpn-support anti-leak features, the only thing i cant get to work is the autoconnect.
Switching vpn servers in the shell just isnt an option for me at all, i have to have a setup which is usable for my family, and that means no shell.
Maybe its a bit early to switch to qubes os for endusers?
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
The gui way is the way ive done it, works great, so do the qubes-vpn-support anti-leak features, the only thing i cant get to work is the autoconnect.
Switching vpn servers in the shell just isnt an option for me at all, i have to have a setup which is usable for my family, and that means no shell.
Maybe its a bit early to switch to qubes os for endusers?
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> --
>
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3384aa5-5e99-4da3-a916-50e45180a3d9%40googlegroups.com.
>
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages