Other Hosts on my VPN network Cannot Initiate Connections with my tun0 interface

Hi Friends,

I have some usecases where I do the following:

  1. Open application qube. In the Qube, manually run a VPN with sudo openvpn config.ovpn
  2. Do things with the hosts on my VPN network over the tun0 interface created by Openvpn (this works)
  3. Do things from the hosts on my VPN network with my Qube’s tun0 interface (for some reason this does not work).

For whatever reason, even though my Openvpn process is running within my application Qube, I cannot seem to initiate any connections to the tun0 interface of the Qube from any of the other machines on the LAN of my VPN, even though I can interact with them and create outbound connections with them from the Qube normally.

For example, I can SSH or RDP into machines on the network just fine, but they can’t even ping my Qube over it’s tun0 IP.

Unfortunately, I am not enough of a networking expert to know what might be going on here, but I do know that using the same Openvpn config on an equivalent non-qubes host does not have this problem.

Does anyone have any leads of what I might need to look into here?

Edit to add some additional info:

  • Networking is done through a vanilla sys-net and sys-firewall setup
  • The Qube itself is Kali based (from the community repos), and I have not made any special network-related configurations to it.

The incoming connections are blocked by firewall in the qubes by default.
You need to add the firewall rule to allow the incoming connections to the tun0 interface in your qube e.g.:

sudo nft add rule qubes custom-input iif == "tun0" ct state new,established,related accept
1 Like

Ah thanks so much! I figured it might be some firewall configuration, but I didn’t see anything in the UI and didn’t know about this default :slight_smile: