There was a similar topic, but none helped.
Network:
sys-net–> sys-firewall----> Some AppVMs
|----> sys-vpn-Work —> some AppVMs
|----> sys-vpn-Home —> some AppVMs
Connect to the Work-VPN with sys-vpn-Work no problem, because it uses a static IP.
Connect to the Home-VPN with sys-vpn-Home doesnt work, because it uses a dynamic IP (DynDNS).
To clear out some things:
-VPN @ home works
-sys-net/sys-firewall can resolve the hostname
-Worked on 4.0 without problems
-I reinstalled it step by step fresh QubesOS vpn config
-Used my fedora-34-minimal config as sys-net,sys-firewall,sys-vpn-Home (worked on 4.0!) && tried with the preinstalled fedora-34 (with openvpn etc)
-sys-net && sys-firewall are dispVMs
The Error:
RESOLVE: Cannot resolve host address: 12345.mydyndns0.xyz:1126 (Name or service not known)
The Problem:
qubes-firewall-user-script - without it - it works, but leaks data, with it - nothing is working. No ping, nslookup, blah
Contains:
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
ip6tables -I FORWARD -o eth0 -j DROP
ip6tables -I FORWARD -i eth0 -j DROP
# Accept traffic to VPN
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
# Add the `qvpn` group to system, if it doesn't already exist
if ! grep -q "^qvpn:" /etc/group ; then
groupadd -rf qvpn
sync
fi
sleep 2s
# Block non-VPN traffic to clearnet
iptables -I OUTPUT -o eth0 -j DROP
# Allow traffic from the `qvpn` group to the uplink interface (eth0);
# Our VPN client will run with group `qvpn`.
iptables -I OUTPUT -p all -o eth0 -m owner --gid-owner qvpn -j ACCEPT
rc.local:
VPN_CLIENT='openvpn'
VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
su - -c '/rw/config/create_otp.sh' user #cause also using otp
groupadd -rf qvpn ; sleep 2s
sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
Can someone help me with it? I dont get it why qubes-firewall-user-script is invoking before the tunnel is up.