Hi,
Part of the answer may be that Q4.2 switched from iptables to nftables and qubes-tunnel has not been adapted for this
(However I am not sure whether this holds for fedora38 templates that were in-place upgrades from 4.1 to 4.2 or only for “native” 4.2 templates obtained from the server.): https://forum.qubes-os.org/t/can-t-get-the-qubesos-contrib-qubes-tunnel-to-work-in-4-2/22054
Anyways, using the openvpn command directly results in the same “cannot resolve” issue, even if qubes-tunnel service is not started.
So I created a new AppVM (as ProxyVMs and NetVMs cannot be selected in Q4.2 “create Qube”) that provides networking and followed Readme.md of
https://github.com/1cho1ce/Qubes-vpn-support/tree/replace-iptables-with-nftables - I was asked for the credentials during install step and again during the setup step
openvpn command and ping are successful now.
After following the steps, no “LINK IS UP” popup appears. There is no service for any of the two names involved. Somewhere near the bottom of readme.md I find that confusingly the service name is qubes-vpn-handler.
In its status I get: ExecStartPre=/usr/lib/qubes/qubes-vpn-setup --check-firewall (code=exited, status=1/FAILURE)
If I run /usr/lib/qubes/qubes-vpn-setup --check-firewall
manually, no output is shown.
VPN troubleshooting still references iptables, which seems to not apply for Q 4.2 anymore
https://www.qubes-os.org/doc/vpn-troubleshooting/
So what is wrong here? how can I make vpn leak-proof again with Qubes 4.2?