Hi,
I’m trying to set up a ProxyVM (for ipsec IKEv2 VPN) for my work VM as follows :
work <-> ProxyVM <-> sys-firewall <-> sys-net
Problem, Even if after an ipsec up vpn the connection is up and gives me an IP in the VPN range on eth0 interface, I’m having DNS and route problems. For example, I’m trying to use some service behind service.example.local but it’s not conclusive.
Configuration ProxyVM, use a debian-11-minimal template or fedora-36-minimal with qubes-core-agent-networking and strongswan. I don’t use NetworkManager (even if i already tried with the same result). Strongswan adds the DNS Server in /etc/resolv.conf.
What I’ve tried so far, I tried to add an ip route to force traffic within 10.10.0.0/16 through my VPN virtual IP and made it my default gateway. I also played with the iptables to redirect the new DNS IP command without success.
Each attempt has been made in ProxyVM.
I’m forced to split the VPN traffic and other traffic due to the VPN range in 10.10.0.0/16 with a DNS server in 10.10.1.100 (same subnets than Qubes 10.0.0.0/8)
Documentation used:
I know this is a common issue but i didn’t find a valid response so far.
Thanks for reading me, if you have any thoughts whatsoever please share them.
Have a wonderful day