No dns does not work with the vpn (the same as before). Just when I specify that nslookup should use 1.1.1.1 it works in ivpn-proxy and appvm
But curl works in appvm, right?
Then firefox works as well?
no only the curl ip.me and the other 2 work (without telling what dns server it should use). Everything else does not. The same as in the start
Yes. Ipleak.net also works. it shows that the mullvad dns is leaking. (appvm —> tasket-ivpn—> tasket-mullvad)
Ok, seems like it’s MTU issue once again:
Try to run these commands in ivpn-proxy:
sudo ip link set dev eth0 mtu 1420
sudo ip link set dev <your ivpn wireguard interface> mtu 1340
And this command in appvm:
sudo ip link set dev eth0 mtu 1340
And check if other sites in appvms firefox will start to work.
UPD:
I’ve changed MTU from 1360 to 1340.
And what DNS does it show?
from tasket-mullvad. But duckduckgo finally loads with the mtu change
What’s the output of this command in mullvad-proxyvm and in ivpn-proxyvm?
iptables -t nat -L PR-QBS -n -v
mullvad
sudo iptables -t nat -L PR-QBS -n -v
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source destination
54 3944 DNAT 17 -- vif+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 to:100.64.0.31
0 0 DNAT 6 -- vif+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 to:100.64.0.31
ivpn
sudo iptables -t nat -L PR-QBS -n -v
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source destination
70 5000 DNAT 17 -- vif+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 to:1.1.1.1
0 0 DNAT 6 -- vif+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 to:1.1.1.1
What if you run these commands in ivpn-proxy and check the dns with ipleak.net again?
sudo iptables -F PR-QBS -t nat
sudo iptables -A PR-QBS -t nat -i vif+ -p udp --dport 53 -j DNAT --to 9.9.9.9
sudo iptables -A PR-QBS -t nat -i vif+ -p tcp --dport 53 -j DNAT --to 9.9.9.9
mullvad dns leaks. I am still using the tasket-vms. With unmodified autogenerated wireguard .configs
So no icmp disabled? trough qubes-firewall and no custom dns hijacking rules.
Also tasket-ivpn ----> sys-firewall----> sys-net
There DNS also does not work. Only mullvad works…
I was curious since I never got any issue with tasket’s script using Mullvad, so I bought iVPN for a week to test it out.
- I cloned a debian-11 template to install wireguard and openresolv
- I created a new AppVM where I installed tasket vpn scripts using the iVPN wireguard config I generated
Now the VPN works, no DNS leaks on https://ipleak.net too.
What do you mean does not work? The same problem that it works for sites like ip.me but not youtube etc?
Did you setup tasket-ivpn using new clean qube or did you use the one that you previously used to setup VPN using mullvad guide?
I… already forgot… wait will get a fresh appvm and repeat
… fresh appvm also does not work. I will restart my computer and network. If it still does not work I will try a debian tasket.
did you use wireguard? How was the ivpn config configured?
which port? which dns server? ipv4 and 6? Maybe even the country and server. I am desperate
Yes I used wireguard and I generated the configuration here.
I followed this installation guide I kept from some time ago, it’s simple to follow.
Port 2049, standard dns server, IPv4 and IPv6. I tried Germany and Netherlands
So what exactly does not work?
In this setup:
test-appvm → tasket-ivpn → sys-firewall → sys-net
Can you ping 9.9.9.9 or anything else from test-appvm? Does curl/firefox ip.me work in test-appvm?