Problem installing sys-vpn package from 3isec by unman

User Support
1

First of all I want to notify that I am complete beginner.
Having trouble installing 3isec-qubes-sys-vpn.x86_64 1.3-1.fc32 package on Qubes 4.1 beginning from the first step:

Install  1 Package

Total size: 11 k
Installed size: 11 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : 3isec-qubes-sys-vpn-1.3-1.fc32.x86_64                  1/1 
  Running scriptlet: 3isec-qubes-sys-vpn-1.3-1.fc32.x86_64                  1/1 
local:
----------
          ID: openvpn_precursor
    Function: qvm.template_installed
        Name: debian-11-minimal
      Result: True
     Comment: Template debian-11-minimal version 4.0.6 already installed
     Started: 21:45:02.372848
    Duration: 259.132 ms
     Changes:   
----------
          ID: qvm-clone-id
    Function: qvm.clone
        Name: template-openvpn
      Result: True
     Comment: /usr/bin/qvm-check template-openvpn None
     Started: 21:45:02.632694
    Duration: 12892.126 ms
     Changes:   
----------
          ID: vpn_menu
    Function: qvm.features
        Name: template-openvpn
      Result: True
     Comment:  None
     Started: 21:45:15.525503
    Duration: 491.126 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  default-menu-items:
                      ----------
                      new:
                          vpn_setup.desktop debian-xterm.desktop
                      old:
                          debian-xterm.desktop
                  menu-items:
                      ----------
                      new:
                          vpn_setup.desktop debian-xterm.desktop
                      old:
                          debian-xterm.desktop
----------
          ID: start-template-openvpn
    Function: qvm.start
        Name: template-openvpn
      Result: True
     Comment: qvm.state running
              Running None
     Started: 21:45:16.016897
    Duration: 11676.787 ms
     Changes:   

Summary for local
------------
Succeeded: 4 (changed=1)
Failed:    0
------------
Total states run:     4
Total run time:  25.319 s
template-openvpn: OK
[ERROR   ] User 'user' is not available
local:
----------
          ID: openvpn_precursor
    Function: qvm.template_installed
        Name: debian-11-minimal
      Result: True
     Comment: Template debian-11-minimal version 4.0.6 already installed
     Started: 21:46:07.249251
    Duration: 254.597 ms
     Changes:   
----------
          ID: qvm-clone-id
    Function: qvm.clone
        Name: template-openvpn
      Result: True
     Comment: [SKIP] A VM with the name 'template-openvpn' already exists. None
     Started: 21:46:07.504543
    Duration: 283.224 ms
     Changes:   
----------
          ID: vpn_menu
    Function: qvm.features
        Name: template-openvpn
      Result: True
     Comment: [SKIP] Feature already in desired state: SET 'menu-items' = vpn_setup.desktop debian-xterm.desktop
              [SKIP] Feature already in desired state: SET 'default-menu-items' = vpn_setup.desktop debian-xterm.desktop None
     Started: 21:46:07.788387
    Duration: 61.328 ms
     Changes:   
----------
          ID: start-template-openvpn
    Function: qvm.start
        Name: template-openvpn
      Result: True
     Comment: qvm.state running
              Running None
     Started: 21:46:07.849896
    Duration: 72.738 ms
     Changes:   
----------
          ID: qvm-sync-appmenus template-openvpn
    Function: cmd.run
      Result: False
     Comment: User 'user' is not available
     Started: 21:46:07.926116
    Duration: 3.809 ms
     Changes:   
----------
          ID: finalise_menu
    Function: qvm.shutdown
        Name: template-openvpn
      Result: True
     Comment: qvm.state halted
              Halted None
     Started: 21:46:07.930125
    Duration: 5581.602 ms
     Changes:   
----------
          ID: qvm-present-id
    Function: qvm.present
        Name: sys-vpn
      Result: True
     Comment: /usr/bin/qvm-create sys-vpn --class=AppVM --template=template-openvpn --label=green None
     Started: 21:46:13.512302
    Duration: 2500.802 ms
     Changes:   
----------
          ID: qvm-prefs-id
    Function: qvm.prefs
        Name: sys-vpn
      Result: True
     Comment:  None
     Started: 21:46:16.013762
    Duration: 1208.188 ms
     Changes:   
              ----------
              qvm.create:
                  ----------
                  maxmem:
                      ----------
                      new:
                          1000
                      old:
                          *default*
                  memory:
                      ----------
                      new:
                          300
                      old:
                          *default*
                  netvm:
                      ----------
                      new:
                          sys-firewall
                      old:
                          *default*
                  provides_network:
                      ----------
                      new:
                          True
                      old:
                          *default*
                  vcpus:
                      ----------
                      new:
                          2
                      old:
                          *default*
----------
          ID: qvm-features-id
    Function: qvm.features
        Name: sys-vpn
      Result: True
     Comment:  None
     Started: 21:46:17.222162
    Duration: 748.612 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  service.cups:
                      ----------
                      new:
                      old:
                          None
                  service.cups-browsed:
                      ----------
                      new:
                      old:
                          None
                  service.tinyproxy:
                      ----------
                      new:
                      old:
                          None
----------
          ID: vpn_client_menu
    Function: qvm.features
        Name: sys-vpn
      Result: True
     Comment: [SKIP] Feature already in desired state: SET 'menu-items' = vpn_setup.desktop debian-xterm.desktop None
     Started: 21:46:17.971084
    Duration: 300.226 ms
     Changes:   
              ----------
              qvm.features:
                  ----------
                  default-menu-items:
                      ----------
                      new:
                          vpn_setup.desktop debian-xterm.desktop
                      old:
                          None

Summary for local
------------
Succeeded: 9 (changed=3)
Failed:    1
------------
Total states run:    10
Total run time:  11.015 s
DOM0 configuration failed, not continuing
sys-vpn: OK

  Verifying        : 3isec-qubes-sys-vpn-1.3-1.fc32.x86_64                  1/1 

Installed:
  3isec-qubes-sys-vpn-1.3-1.fc32.x86_64                                         

Complete!

So as you can see there is some error with the user ‘user’.

When I ignored that error and tried to configure things by myself I faced another time wasting tries without having positive results.

  1. In template-openvpn missing the application vpn_setup.desktop which I downloaded from github manually to sys-vpn to be able to try steps described in unman’s manual
  2. There was also missing zenity which I installed manually to sys-vpn using apt-get to be able perform install.sh
  3. There is an error when trying to open a console in sys-vpn qube (in template error is missing):
[FAILED] Failed to start Qubes misc post-boot actions.
  1. After spending about a week to find out problems and trying solve them but as I said I am a newbie in things like this so results was not positive. Unable even to ping any address from sys-vpn qube: network unavailable

Also I astonished a little that my openvpn config login and password are stored in vpn dirrectory as a pass.txt (or something similar). That looks kinda unsecure in my noob opinion.
In sum I think that the main problem is that the TemplateVM template-openvpn is based on Debian minimal but this is just my opinion.
Looking for support and step by step guide to make things come thru.
Thanks for your time!

2

Anyone willing or able to help? Please.

3

My 2 cents, in case it’s helpful. I was successful with tasket’s sys-vpn setup when I was a newbie, way back in Qubes 3.x. qubes-tunnel is a mature solution now and is available in the qubes-contrib repo. You could try starting there for guidance: https://github.com/QubesOS-contrib/qubes-tunnel/

I think this is an openvpn issue. At least qubes allows one to keep these credentials in sys-vpn and not in one’s appVMs.

One more thing, if you’re starting with debian-minimal, make sure to add a notification package like xfce4-notifyd

1 Like
4

Thanks at least for your time. Will continue my researches.

1 Like
5

Sorry for the delay in getting back.
I have been occupied elsewhere.

I cant account for you problem - obviously none of the relevant
packages were installed in to the template-openvpn.
You should have seen this in the progress window when installing the
openvpn package.

This stands out.
Why is ‘user’ not available? Do you use custom user name?

Can you try removing this package and installing the latest 1.4 package
from qubes.3isec

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes
6

Well actually I appreciate that you answering at all and trying to help every community member and user being that busy (at least it looks like). Hope the karma will work properly in your case.

So I already installed 1.4 version since I posted the problem and I tried few more manipulations since I posted the problem.
I have some progress in network connection which I achieved by changing a template for sys-vpn from template-openvpn to debian-11, so now at least I can ping and don’t get “Network unavailable” error. Now I can transmit packets but with 100% packet loss, so my sys-vpn is still not usable as a proxy VM.
I also added network-manager service to sys-vpn so now I have VM uplink eth0 connected when the sys-vpn is running. But I don’t know if I am acting at the right direction. I’d be happy if I just follow described steps and succeed during my noobity :slight_smile: . If it’s possible I also would be happy if you or any of trusted reputable community member send me or publish a working template-openvpn qubes backup which will be possible to be restored on self system of every user having troubles configuring their 3isec vpn package.

Actually there is no interactive progress interface during installation, command line is freezing so I have only output after processes are done, which I posted in the main message of the topic.

Yes actually I am using non standard user name in dom0. Is that fatal? :slight_smile: