openvpn issues
17 views
Skip to first unread message
haaber
Feb 19, 2019, 12:26:24 AM2/19/19
to qubes-users
Hello, I tried under Q4 to setup da debian-9 based VPN appVM. I followed
as I could the DOC https://www.qubes-os.org/doc/vpn/ (the first lines
are outdated) : I set up a new debian AppVM, checked "provides
network", and installed network-manager, and
network-manager-openvpn-gnome. So far so good.
When I test the "qubified" conf.ovpn file (originally provided by my
employer, modified according to the DOC), it connects, and receives a
large list "route add ..." which is strange to me. I don't find these IP
adresses anywhere in the config files ; they seem to be imposed remotely
(?). Anyways, I can ping those, but no others (e.g. no 8.8.8.8). Bad.
Any ideas on that?
I tried to continue according to DOC anyhow, but the dnshandler-script
yells at me. But no DNS, no use, so I am stuck. Some hints, please?
Cheers, Bernhard
as I could the DOC https://www.qubes-os.org/doc/vpn/ (the first lines
are outdated) : I set up a new debian AppVM, checked "provides
network", and installed network-manager, and
network-manager-openvpn-gnome. So far so good.
When I test the "qubified" conf.ovpn file (originally provided by my
employer, modified according to the DOC), it connects, and receives a
large list "route add ..." which is strange to me. I don't find these IP
adresses anywhere in the config files ; they seem to be imposed remotely
(?). Anyways, I can ping those, but no others (e.g. no 8.8.8.8). Bad.
Any ideas on that?
I tried to continue according to DOC anyhow, but the dnshandler-script
yells at me. But no DNS, no use, so I am stuck. Some hints, please?
Cheers, Bernhard
Zrubi
Feb 19, 2019, 3:56:57 AM2/19/19
to haaber, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2/19/19 6:26 AM, haaber wrote:
> I set up a new debian AppVM, checked "provides network", and
> installed network-manager, and network-manager-openvpn-gnome. So
> far so good.
> ...it connects, and receives a large list "route add ..." which is
> Anyways, I can ping those, but no others (e.g. no 8.8.8.8). Bad.
> Any ideas on that?
Remote server can push a default route too.
In this case all* traffic will go that way.
*Except qubes specific DNS resolution
You can ignore the pushed routes, by modifying the openvpn config:
IPv4->Routes
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxrxMsACgkQVjGlenYH
FQ1yqBAAkaKXtdh2fcfcuO4gmOY0lp3jH1so5LiaXG0QD5w89kX/179zAUzm4dAz
/l4KmtPxwbkyjaIZBYcI8biGZ/FqLPu+BqkG1EdDALIkOoMiZhU/A6yMITRNiEv5
Q50URnUb+qZlHIcVfWATVZ381D8nwDwFcfk2SVLB9xSZliwNMUw/2e8ysLgk1c+c
Nka0DM2Nwyp1YL1Jpi7UGJWAzOeFT0tVny7WWUmZmBdlLVRo1C/8S1eXPOCyyrc8
Ed8vvJ3C3dSZOHgCB7aFbO1WYjfEnaxNgG4OkBNcgv50ZwAXXi7jMrY/t7Ia2Apx
9fUfDejohvsVTI9o/PrEWQbjjyHgVNNbJ/2J0k5n6FRiwBGZTuq3ezDdyE5yed9g
9dSOCY4Zk0v8vmF/S0s2OAJC1n0cgTcI0A0OlNoS1rQTfWQHfyttVlMcSIGwvVNg
Ujf3BnmYdGxD16w66RD24Aml0xYoaeSr57HzBqttdyTYjSg39aoJRHK04MLK5StH
ycYSizgR0bX7afNv2v7wqMQd0tySZr0xAO9mPS/lSxMOr6Wj06FDDbpmNZPqQj46
E96g7CkJmBW69YUa3O/v6uNS+4vidsSz0Ef9o3L8YA8wgwZgvix3dsnI78dAar2f
Ay+IrwjoURiKmyj0mro/J+WhcWGkt14ligVPklpydbec3xYVt8Y=
=2axt
-----END PGP SIGNATURE-----
Hash: SHA256
On 2/19/19 6:26 AM, haaber wrote:
> I set up a new debian AppVM, checked "provides network", and
> installed network-manager, and network-manager-openvpn-gnome. So
> far so good.
> strange to me. I don't find these IP adresses anywhere in the
> config files ; they seem to be imposed remotely (?).
Yes, routes can be pushed from the remote server.
> config files ; they seem to be imposed remotely (?).
> Anyways, I can ping those, but no others (e.g. no 8.8.8.8). Bad.
> Any ideas on that?
In this case all* traffic will go that way.
*Except qubes specific DNS resolution
You can ignore the pushed routes, by modifying the openvpn config:
IPv4->Routes
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxrxMsACgkQVjGlenYH
FQ1yqBAAkaKXtdh2fcfcuO4gmOY0lp3jH1so5LiaXG0QD5w89kX/179zAUzm4dAz
/l4KmtPxwbkyjaIZBYcI8biGZ/FqLPu+BqkG1EdDALIkOoMiZhU/A6yMITRNiEv5
Q50URnUb+qZlHIcVfWATVZ381D8nwDwFcfk2SVLB9xSZliwNMUw/2e8ysLgk1c+c
Nka0DM2Nwyp1YL1Jpi7UGJWAzOeFT0tVny7WWUmZmBdlLVRo1C/8S1eXPOCyyrc8
Ed8vvJ3C3dSZOHgCB7aFbO1WYjfEnaxNgG4OkBNcgv50ZwAXXi7jMrY/t7Ia2Apx
9fUfDejohvsVTI9o/PrEWQbjjyHgVNNbJ/2J0k5n6FRiwBGZTuq3ezDdyE5yed9g
9dSOCY4Zk0v8vmF/S0s2OAJC1n0cgTcI0A0OlNoS1rQTfWQHfyttVlMcSIGwvVNg
Ujf3BnmYdGxD16w66RD24Aml0xYoaeSr57HzBqttdyTYjSg39aoJRHK04MLK5StH
ycYSizgR0bX7afNv2v7wqMQd0tySZr0xAO9mPS/lSxMOr6Wj06FDDbpmNZPqQj46
E96g7CkJmBW69YUa3O/v6uNS+4vidsSz0Ef9o3L8YA8wgwZgvix3dsnI78dAar2f
Ay+IrwjoURiKmyj0mro/J+WhcWGkt14ligVPklpydbec3xYVt8Y=
=2axt
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages