I have posted numerous times in the mailing list, forum, and started to think my issue was a bug so posted in in github (and then was told its a forum issue). I am at wits end trying to figure this out. I am “Linux literate” but far from a guru and I do not understand the inner workings of xen or Linux so understanding outputs of something like journalctl or other logs is beyond me. I know support is free so while beggars cant be choosers I don’t know what else to do than to flat out beg for help as I have tried everything I can think of and as far as i can tell its likely something i am doing wrong as at least one other person has given a “well it worked for me” type response.
- I have tried using the qubes-tunnel contrib, and the previous method on the docs page.
- I have tried on Qubes v4.0.3, v4.0.3rc1/2.
- I have tried using debian/fedora/centos minimal as well as fedora 31 and 32.
- I have tried using two different VPN providers, as well as pasting user names and passwords from the vpn providers clients into the qubes vpn setup (as well as typing them manually)
- I have double checked the usenames and passwords.
- and finally I have tried on my laptop and my desktop.
As it seems unlikely that there are problems with both computers, vpn providers, qubes versions tunnel/vpn methods etc I can again only guess that I am doing something wrong; though, I hav
e set this up on my laptop and desktop previously a few times for qubes 3x and for 4x (until 4.0.3) using either fedora minimal or centos minimal so I dont understand why now I am not able
to do it, especially as when using the docs vpn method I am able to successfully run
sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
before adding the scripts.
I will say, I was first turned onto Qubes by Whonix and how I could isolate VPN connections securely like in whonix for tor, there are of course other reasons i use Qubes but that is one of the top reasons so I really would like to get it working again. I have posted a snippet from the journalctl output here but am more than willing to post whatever other log needed to try and figure this out.
My latest attempt, using qubes-tunnel with a pia .ovpn file on a debian 10 minimal template… which is not working either. I am sincerely hoping the following will shed some light on the issue, and hoping even more that someone will understand and respond.
My latest series of attempts have consisted of:
Then I tried pinging:
root@sys-vpn:~# ping 220.127.116.11
PING 18.104.22.168 (22.214.171.124) 56(84) bytes of data.
— 126.96.36.199 ping statistics —
83 packets transmitted, 0 received, 100% packet loss, time 1059ms
and it just hung.
Then I tried the trouble shooting line:
root@sys-vpn:~# journalctl -u qubes-tunnel
– Logs begin at Mon 2021-02-08 15:02:31 EST, end at Mon 2021-02-08 15:14:01 EST. –
Feb 08 15:02:36 sys-vpn systemd: Condition check resulted in Tunnel service for Qubes proxyVM being skip
lines 1-2/2 (END)
but not sure why the proxyvm is being skipped.
then I tried:
root@sys-vpn:~# sudo openvpn --config /rw/config/qtunnel/qtunnel.conf
Mon Feb 8 15:10:55 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Mon Feb 8 15:10:55 2021 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Enter Auth Username: XXXXXXX
Enter Auth Password: **********
Mon Feb 8 15:11:28 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]188.8.131.52:1198
Mon Feb 8 15:11:28 2021 UDP link local: (not bound)
Mon Feb 8 15:11:28 2021 UDP link remote: [AF_INET]184.108.40.206:1198
Mon Feb 8 15:11:28 2021 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Feb 8 15:11:28 2021 [newjersey409] Peer Connection Initiated with [AF_INET]220.127.116.11:1198
Mon Feb 8 15:11:29 2021 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Mon Feb 8 15:11:29 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Mon Feb 8 15:11:29 2021 TUN/TAP device tun0 opened
Mon Feb 8 15:11:29 2021 /sbin/ip link set dev tun0 up mtu 1500
Mon Feb 8 15:11:30 2021 /sbin/ip addr add dev tun0 10.1.112.82/24 broadcast 10.1.112.255
Mon Feb 8 15:11:30 2021 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Mon Feb 8 15:11:30 2021 Initialization Sequence Completed
Please, I am obviously not capable fo figuring this out.