how to make proxyVm for VPN in 4.0rc-5
339 views
Skip to first unread message
redleo...@gmail.com
Mar 9, 2018, 12:18:57 AM3/9/18
to qubes-users
Hi!
I made a proxyVM for vpn use in 3.2
and I've just installed new 4.0 release candidate.
But I can't find a proxyVM when I try to create a vm.
Which is proper way to do that?
I made a proxyVM for vpn use in 3.2
and I've just installed new 4.0 release candidate.
But I can't find a proxyVM when I try to create a vm.
Which is proper way to do that?
Thanks in advance
Chris Laprise
Mar 9, 2018, 12:49:39 AM3/9/18
to redleo...@gmail.com, qubes-users
now (current doc is outdated).
The best way setup at the moment is to use the Qubes-vpn-support project
here:
https://github.com/tasket/Qubes-vpn-support
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
awokd
Mar 9, 2018, 1:57:03 AM3/9/18
to Chris Laprise, redleo...@gmail.com, qubes-users
On Fri, March 9, 2018 5:49 am, Chris Laprise wrote:
> On 03/09/2018 12:18 AM, redleo...@gmail.com wrote:
>
>> Hi!
>> I made a proxyVM for vpn use in 3.2
>> and I've just installed new 4.0 release candidate. But I can't find a
>> proxyVM when I try to create a vm. Which is proper way to do that?
>>
>>
>> Thanks in advance
>>
>>
>
> The instructions for setting up a VPN on R4.0 are in transition right
> now (current doc is outdated).
>
> The best way setup at the moment is to use the Qubes-vpn-support project
> here:
>
>
> https://github.com/tasket/Qubes-vpn-support
Definitely follow tasket's guide for VPN, but in general Qubes R4.0 has
> On 03/09/2018 12:18 AM, redleo...@gmail.com wrote:
>
>> Hi!
>> I made a proxyVM for vpn use in 3.2
>> and I've just installed new 4.0 release candidate. But I can't find a
>> proxyVM when I try to create a vm. Which is proper way to do that?
>>
>>
>> Thanks in advance
>>
>>
>
> The instructions for setting up a VPN on R4.0 are in transition right
> now (current doc is outdated).
>
> The best way setup at the moment is to use the Qubes-vpn-support project
> here:
>
>
> https://github.com/tasket/Qubes-vpn-support
replaced R3.2's "ProxyVM" with "AppVM providing networking". To create the
same thing on 4.0, create an AppVM and check the box "provides
networking". That will result in the same type of AppVM as a 3.2 ProxyVM.
Chris Laprise
Mar 9, 2018, 5:33:38 AM3/9/18
to aw...@danwin1210.me, redleo...@gmail.com, qubes-users
point out that the difference is mainly outward-facing because
internally VMs still signal networkvm/proxyvm/appvm/etc. via
init/functions and /var/run/qubes/this-is*vm.
redleo...@gmail.com
Mar 9, 2018, 10:08:57 AM3/9/18
to qubes-users
Thanks.
When I create a vm, what options should I choose in Networking?
default one? sys-firewall?
awokd
Mar 9, 2018, 10:41:48 AM3/9/18
to redleo...@gmail.com, qubes-users
On Fri, March 9, 2018 3:08 pm, redleo...@gmail.com wrote:
>
> Thanks.
> When I create a vm, what options should I choose in Networking?
> default one? sys-firewall?
Yes, whatever you had your 3.2 ProxyVM set to would work the same way there.
>
> Thanks.
> When I create a vm, what options should I choose in Networking?
> default one? sys-firewall?
redleo...@gmail.com
Mar 9, 2018, 1:19:41 PM3/9/18
to qubes-users
Ok.
I couldn't make it work. Here is my what I have done.
1. I created ApppVM using Fedora template, netVM is sys-firewall, checked provides network and add network-manager and vpn-handler-openvpn service to AppVM in Service tab.
2. I already installed openvpn in fedora 26 template.
3. I cloned Qubes-vpn-support and did it what it says.
4. checked status of service using systemctl status qubes-vpn-handler.service
and it says,,,
qubes-vpn-handler.service - VPN Client for Qubes proxyVM
Loaded: loaded (/usr/lib/systemd/system/qubes-vpn-handler.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/qubes-vpn-handler.service.d
└─00_example.conf
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-03-09 10:08:43 PST; 6s ago
Process: 2459 ExecStopPost=/usr/lib/qubes/qubes-vpn-setup --post-stop (code=exited, status=0/SUCCESS)
Process: 2455 ExecStartPre=/usr/lib/qubes/qubes-vpn-setup --check-firewall (code=exited, status=1/FAILURE)
what am I missing?
I couldn't make it work. Here is my what I have done.
1. I created ApppVM using Fedora template, netVM is sys-firewall, checked provides network and add network-manager and vpn-handler-openvpn service to AppVM in Service tab.
2. I already installed openvpn in fedora 26 template.
3. I cloned Qubes-vpn-support and did it what it says.
4. checked status of service using systemctl status qubes-vpn-handler.service
and it says,,,
qubes-vpn-handler.service - VPN Client for Qubes proxyVM
Loaded: loaded (/usr/lib/systemd/system/qubes-vpn-handler.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/qubes-vpn-handler.service.d
└─00_example.conf
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-03-09 10:08:43 PST; 6s ago
Process: 2459 ExecStopPost=/usr/lib/qubes/qubes-vpn-setup --post-stop (code=exited, status=0/SUCCESS)
Process: 2455 ExecStartPre=/usr/lib/qubes/qubes-vpn-setup --check-firewall (code=exited, status=1/FAILURE)
what am I missing?
Chris Laprise
Mar 9, 2018, 3:39:54 PM3/9/18
to redleo...@gmail.com, qubes-users
On 03/09/2018 01:19 PM, redleo...@gmail.com wrote:
> Ok.
> I couldn't make it work. Here is my what I have done.
>
> 1. I created ApppVM using Fedora template, netVM is sys-firewall, checked provides network and add network-manager and vpn-handler-openvpn service to AppVM in Service tab.
Don't add Network Manager as a service. That is not supposed to run and
> Ok.
> I couldn't make it work. Here is my what I have done.
>
> 1. I created ApppVM using Fedora template, netVM is sys-firewall, checked provides network and add network-manager and vpn-handler-openvpn service to AppVM in Service tab.
its not in the instructions. You can remove it the same way you added it.
> 2. I already installed openvpn in fedora 26 template.
> 3. I cloned Qubes-vpn-support and did it what it says.
> 4. checked status of service using systemctl status qubes-vpn-handler.service
>
> and it says,,,
>
> qubes-vpn-handler.service - VPN Client for Qubes proxyVM
> Loaded: loaded (/usr/lib/systemd/system/qubes-vpn-handler.service; enabled; vendor preset: disabled)
> Drop-In: /usr/lib/systemd/system/qubes-vpn-handler.service.d
> └─00_example.conf
> Active: activating (auto-restart) (Result: exit-code) since Fri 2018-03-09 10:08:43 PST; 6s ago
> Process: 2459 ExecStopPost=/usr/lib/qubes/qubes-vpn-setup --post-stop (code=exited, status=0/SUCCESS)
> Process: 2455 ExecStartPre=/usr/lib/qubes/qubes-vpn-setup --check-firewall (code=exited, status=1/FAILURE)
>
> what am I missing?
>
/rw/config/qubes-firewall.d/90_tunnel-restrict' just to make sure its
present.
But I think I just found the cause: Fixes to the firewall code didn't
make it into the Qubes rc5 release. So that's another change for the
Readme. To address this, newer packages in the testing repository are
needed; I recommend cloning your template to back it up then updating it
with 'sudo dnf update --enablerepo=qubes*testing' then shutdown the
template.
The firewall should then run its script during VPN VM startup and the
service will be able to start.
Reply all
Reply to author
Forward
0 new messages