Have been using Qubes for about 5 years without any major issues. But since the 4.1 version up to the current testing Qubes-R4.2.0-rc5-x86_64.iso I can’t make the openvpn work in ether the sys-vm, nor any separate VM both with Network manager and without. I tried using both fedora-38 and debian-12, still no result. Seems either dns or firewall problem. GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS stopped working in both the 4.1.2 and 4.2.0-rc5
I only managed to make the debian-11 template to work on Qubes-R4.1.2-x86_64.iso but it’s insecure since reached the end of life.
I also have somewhat a little bit blurred screen after enabling the display scaling ratio to 0.5 since I have 4K monitor in the Qubes-R4.2.0-rc5-x86_64.iso. It seems counter intuitive to not setting it to 2X, but it’s mainly the Fedora itself bug. But still it’s way better than not having this option at all, like in 4.1.2 stable release, where I didn’t manage to enlarge the Qubes Manager and debian templates whatever I tried.
The VPN issue is of the main priority, since I can’t use Qubes any more.
Thanks, DVM. I managed to make it working on Debian-12 from replace-iptables-with-nftables branch. Many thanks to 1cho1ce
As to Fedora-38, I had some vpn config issues regarding cipher and keys, if someone could help I could post the logs in the appropriate thread.
As for Debian-11 EOL it seems I was wrong, since I thought it would be the same as with Fedora-37 reaching EOL on 2023-11-21. Thanks for clarification)
As for qubes-vpn-support from tusket master branch, it doesn’t work on new templates Debian-12 and Fedora-38 on the 4.1.2 stable release. As far as I know 4.1.2 doesn’t use nftables yet instead of iptables
You need to clone the repo and then checkout to the correct branch:
git clone https://github.com/1cho1ce/Qubes-vpn-support
cd Qubes-vpn-support
git checkout replace-iptables-with-nftables
Then continue with the installation script:
sudo bash ./install
I would recommend installing it in a new ProxyVM instead of the template. Use the template only to install openvpn.
Also, be sure to add the correct service for the setup to work (run in dom0):