Nested VPN not working


i want to use some ressources that are only available through a OpenVPN connection. I do not want the provider of said ressources to know my IP, so i installed wireguard on a Server.

My network setup is: qube → sys-openvpnprovider → sys.wireguard → sys-firewall → sys-net

However: It is not working. My qube cann neither reach the ressources made available through openvpn, nor the normal internet.

I can ping everything using qube → sys-wireguard → sys-firewall → sys-net

I can acces said ressources when using qube → sys-openVPNprovider → sys-firewall → sys-net

Any idea on what the prblem might be?

How did you install the “sys-openVPNprovider” qube?

Is running the following command in “sys-openVPNprovider” while connected to the remote server change anything to connectivity:

sudo /usr/lib/qubes/qubes-setup-dnat-to-ns

Try to ping the resources from qube in this setup:
qube → sys-openVPNprovider → sys-firewall → sys-net
and in this setup:
qube → sys-openVPNprovider → sys-wireguard → sys-firewall → sys-net

Thank you very much for your help!

This does work.

This does not work.

As the openvpn provider will only allow access to its resources, with this setup i will not be able to connect to my wireguard server.

I installed the openvpn file from the provider, installed openvpn and imported the file.

The initial setup was right if you want to connect to wireguard before openvpn:
qube → sys-openVPNprovider → sys-wireguard → sys-firewall → sys-net

oh you are absolutely right, i had a brain fart…
My setup is qube → openpvn → wireguard → sys-firewall → sys-net.

Unfortunately this is not doing anything…

What’s in the openvpn log? Does it connect successfully?

After further investigation it does connects fine now.

I am sorry, this was caused by a non qubes related issue with the VPN provider, but thank you for your help anyways!