vpnVM and netVM both in-place upgrades from Q4.1 (and worked fine
there). Template is fedora 38.
NetVM is online, ping of vpn server hostname is fine within netVM.
Ping and dig do not work within vpnVM, but afair that is intended (leak
prevention of qubes-tunnel)
I tried to restart qubes-tunnel servcie, tried to restart vpnVM. tried
to disconnect and reconnect. I tried to reboot QubesOS.
Did something change between 4.1 and 4.2 regarding DNS handling? Do I
need to configure a policy file or something?
The forum post does not use qubes-tunnel and I do not use wireguard (but openVPN) - so I do not see how this post solves my issue?!
– You received this message because you are subscribed to the Google Groups “qubes-users” group. To unsubscribe from this group and stop receiving emails from it, send an email to . To view this discussion on the web visit .
Part of the answer may be that Q4.2 switched from iptables to nftables and qubes-tunnel has not been adapted for this
(However I am not sure whether this holds for fedora38 templates that were in-place upgrades from 4.1 to 4.2 or only for “native” 4.2 templates obtained from the server.): https://forum.qubes-os.org/t/can-t-get-the-qubesos-contrib-qubes-tunnel-to-work-in-4-2/22054
Anyways, using the openvpn command directly results in the same “cannot resolve” issue, even if qubes-tunnel service is not started.
After following the steps, no “LINK IS UP” popup appears. There is no service for any of the two names involved. Somewhere near the bottom of readme.md I find that confusingly the service name is qubes-vpn-handler.
In its status I get: ExecStartPre=/usr/lib/qubes/qubes-vpn-setup --check-firewall (code=exited, status=1/FAILURE)
If I run /usr/lib/qubes/qubes-vpn-setup --check-firewall
manually, no output is shown.