IPsec/IKEv2 ProxyVM

Hi all,

I’m trying to set up a ProxyVM as described here. However, I have to use IPsec with IKEv2 authentication as this is only what the VPN supports (it’s for my university, so I can’t switch the VPN provider unfortunately).

I feel like I’m close but I just can’t put the pieces together. What I’ve tried is the first part of the aforementioned VPN tutorial, where I used Debian-10 as a standalone VM and created sys-vpn that provides network and I enabled the network manager service. In this qube, I installed the following as instructed by the VPN provider # apt-get install -y strongswan network-manager-strongswan libcharon-extra-plugins
Then I configured the VPN as described, and I am able to connect to the VPN from the newly added network manager in my upper right dom0 panel. Even though it is connected, my public IP stays the same (checked through several websites and services).
What am I missing?

I feel it has something to do with Qubes, that is why I am asking it here. I did the exact same steps on a machine running Ubuntu directly, and it worked out of the box. The big difference is that in the network manager, in Qubes I can’t use auto DHCP which I can see in the Ubuntu network manager.

I didn’t use the script but reading about Tasket’s Qubes-vpn-support at the section " Using clients other than OpenVPN" it hints towards problems with the Qubes DNS functionality. Also the more advanced section Set up a ProxyVM as a VPN gateway using iptables and CLI scripts indicates that NetworkManager can mess with iptables settings. To complicate things even more, is that I understand that Debian-10 doesn’t use iptables anymore! Therefore, I really can’t oversee what I should do here.

I considered using Tasket’s solution but I don’t know how to obtain a configuration file for my IPsec VPN. The only thing the VPN provided me with is an instruction on how to connect through NetworkManager, however I might be able to acquire one if I ask them for it. If you think this is a path worth pursuing then I will get in touch with their support.

Thanks for staying on this long read, if you have any thoughts whatsoever please share them.

Have a wonderful day,