Qubes-tunnel configuration with Mullvad bridges VPN

kwebsfukr · July 8, 2021, 11:41am

Has anyone been able to get the qubes-tunnel vpn working with mullvad openvpn configurations files that includes the check box for using bridges? I am getting these errors when running the (sys-vpn) qube.

● qubes-tunnel.service - Tunnel service for Qubes proxyVM
   Loaded: loaded (/lib/systemd/system/qubes-tunnel.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2021-07-08 06:31:17 CDT; 2min 56s ago
  Process: 1263 ExecStartPre=/usr/lib/qubes/qtunnel-setup --check-firewall (code=exited, status=0/SUCCESS)
  Process: 1267 ExecStartPre=/usr/lib/qubes/qtunnel-setup --pre-start (code=exited, status=0/SUCCESS)
  Process: 1285 ExecStartPost=/usr/lib/qubes/qtunnel-setup --post-start (code=exited, status=0/SUCCESS)
 Main PID: 1284 (qtunnel-setup)
    Tasks: 2 (limit: 4648)
   Memory: 1.4M
   CGroup: /system.slice/qubes-tunnel.service
           ├─1284 /usr/bin/sh /usr/lib/qubes/qtunnel-setup --start-exec
           └─1288 /usr/sbin/openvpn --cd /rw/config/qtunnel/ --config /tmp/qtunnel.conf --verb 3 --mlock --ping 10 --ping-restart 42 --connect-retry 5 30 --connect-r

Jul 08 06:34:07 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:07 2021 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jul 08 06:34:07 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:07 2021 Restart pause, 5 second(s)
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restart
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1080
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 Socket Buffers: R=[131072->425984] S=[16384->425984]
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1080 [nonblock]
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 TCP: connect to [AF_INET]127.0.0.1:1080 failed: Connection refused
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jul 08 06:34:12 localhost qtunnel-setup[1284]: Thu Jul  8 06:34:12 2021 Restart pause, 5 second(s)

deeplow · July 8, 2021, 4:44pm

@kwebsfukr, I’ve added formatting to the post so it’s easier to read. You can also use the buttons in the post editor or learn some Markdown syntax to format it (which is a great skill to learn anyway).

h110w · July 14, 2021, 12:43pm

Hi,
I don’t use the qubes-tunnel for my mullvad vpn instead I chose to use this method posted by Michah Lee. It works perfectly.

Hopefully this helps

Hayden

deeplow · July 15, 2021, 7:40am

There is also this guide which is similar:

kwebsfukr · July 16, 2021, 4:37pm

Thank you! @deeplow

Sven · July 17, 2021, 11:09pm

Thanks for the link/hint. I switched to the Micah Lee method from
qubes-tunnel because I actually understand what is going on. The bash
script that keeps the VPN up as well as using the firewall to ensure the
VPN proxy qube cannot connect to anything but the VPN servers. And yes
having the little lock icon in the task bar is a very nice touch too.

This method is in no way specific to Mullvad but can be used with any
OpenVPN setup.