Please any guide how to setup wireguard and openvpn to work under 4.2. After upgrade all vpn loses.
Actually, I need instructions how to fix this script from iptables to new firewall
case "$1" in
up)
# To override DHCP DNS, assign static DNS addresses with 'setenv vpn_dns' in openvpn config;
# Format is 'X.X.X.X Y.Y.Y.Y [...]' with quotes.
if [[ -z "$vpn_dns" ]] ; then
# Parses DHCP options from openvpn to set DNS address translation:
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
unset fops; fops=($option)
if [ ${fops[1]} == "DNS" ] ; then vpn_dns="$vpn_dns ${fops[2]}" ; fi
done
fi
iptables -t nat -F PR-QBS
if [[ -n "$vpn_dns" ]] ; then
# Set DNS address translation in firewall:
for addr in $vpn_dns; do
iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT --to $addr
iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 53 -j DNAT --to $addr
done
su - -c 'notify-send "$(hostname): LINK IS UP." --icon=network-idle' user
else
su - -c 'notify-send "$(hostname): LINK UP, NO DNS!" --icon=dialog-error' user
fi
;;
down)
su - -c 'notify-send "$(hostname): LINK IS DOWN !" --icon=dialog-error' user
;;
esac
cat qubes-firewall-user-script
#!/bin/sh
# This script is called in AppVMs after every firewall update (configuration
# change, starting some VM etc). This is a good place to write own custom
# firewall rules, in addition to autogenerated ones. Remember that in most cases
# you'll need to insert the rules at the beginning (iptables -I) for it to be
# effective.
#<----->Block forwarding of connections through upstream network device
#<----->(in case the vpn tunnel breaks):
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
ip6tables -I FORWARD -o eth0 -j DROP
ip6tables -I FORWARD -i eth0 -j DROP
I can connect to vpn now, but without qubes-firewall-user-script. This anti leak from proxy-firewall-restrict file don’t work at all. Not possible to connect if installed or an connect (notification show) by vpn not work
I’m using 3rd party service in some vms, like mullwad. It receive configs from server, so I need other workaround. Simple anti leak script to place at qubes-firewall-user-script as I did at 4.1
What tempalte are you using for your vpn qube? I also faced an issue where my vpn qubes stopped working after an upgrade to 4.2. In my case I’m using minimal templates. After switching to full fedora-38 templates vpn is working again. So I suspect with the new 4.2 release I’m missing some package in my minimal template.