I managed to setup vpn proxies using the [Set up a ProxyVM as a VPN gateway using iptables and CLI scripts](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts) instructions which worked in so far as I now have traffic going through them but the icons are showing up as "network disabled" (see attachment) and I do not get any sort of confirmation/popup that the vpns are up nor down?
Thoughts?
I looked in the vpn trouble shooting docs but this didnt seem to be covered?
Do you have a notification daemon installed? If unsure, install and run dunst and see if it works then.
> Do you have a notification daemon installed? If unsure, install and
> run dunst and see if it works then.
Thanks. I pretty much installed the [packages listed as being needed for centos minimal to function as a proxy](https://www.qubes-os.org/doc/templates/minimal/#centos), one of them being "notification-daemon" which I assumed was what was needed. I went back and double checked that I had it installed and it was:
bash-4.2# sudo yum install -y notification-daemon
Loaded plugins: fastestmirror, yum-qubes-hooks
Loading mirror speeds from cached hostfile
* base: centos.hitme.net.pl
* centos-virt-xen-epel: epel.besthosting.ua
* epel: epel.besthosting.ua
* extras: centos-mirror.datakeepers.co.za
* updates: centos-distro.1gservers.com
Package notification-daemon-3.20.0-1.el7.x86_64 already installed and latest version
Nothing to do
bash-4.2#
I then tried dunst but it seems it was not in the centos repo?
bash-4.2# sudo yum install -y dunst
Loaded plugins: fastestmirror, yum-qubes-hooks
Determining fastest mirrors
centos-virt-xen-epel/7/x86_64/metalink | 30 kB 00:00
epel/x86_64/metalink | 30 kB 00:00
* base: centos.hitme.net.pl
* centos-virt-xen-epel: epel.besthosting.ua
* epel: epel.besthosting.ua
* extras: centos-mirror.datakeepers.co.za
* updates: centos-distro.1gservers.com
base | 3.6 kB 00:00
centos-virt-xen-410 | 3.0 kB 00:00
centos-virt-xen-epel | 4.7 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
qubes-vm-r4.0-current | 3.8 kB 00:00
updates | 2.9 kB 00:00
(1/5): epel/x86_64/updateinfo | 1.0 MB 00:05
(2/5): centos-virt-xen-epel/7/x86_64/updateinfo | 1.0 MB 00:05
(3/5): centos-virt-xen-epel/7/x86_64/primary_db | 6.9 MB 00:18
(4/5): epel/x86_64/primary_db | 6.9 MB 00:18
(5/5): updates/7/x86_64/primary_db | 8.8 MB 00:21
No package dunst available.
Error: Nothing to do
bash-4.2#
You know, minimal templates come with a health warning for a reason.
They expect, (and often require) a level of understanding and
experience.
Important
The Minimal TemplateVMs are intended only for advanced users. If
you encounter problems with the Minimal TemplateVMs, we recommend
that you use their standard TemplateVM counterparts instead.
If something works with a standard TemplateVM but not the minimal
version, this is most likely due to user error (e.g., a missing
package or misconfiguration) rather than a bug. In such cases, please
do not file a bug report. Instead, please see Help, Support, Mailing
Lists, and Forum for the appropriate place to ask for help. Once
you have learned how to solve your problem, please contribute what
you learned to the documentation.
Make sure that everything works in a standard template, and then look to
see what relevant packages are installed there compared to what you have,
and then check back here.
Point taken.
I suppose I focused more on the minimal versions for the purposes of "reduce unnecessary risk", and I had (incorrectly) assumed that the instructions given were because they generally worked?
Anyway, I am not at a level that I can do particuarly deep poking and figuring out such things, though the community has been a great resource in helping me improve my "qubes/linux kungu". I do remember getting this popup before (like a year ago) with centos and am pretty sure it would "just work" with fedora, i just prefer centos minimal as its less crufty with other things installed and has a much longer upgrade cycle (is that the word for it?) than fedora which for the purposes of proxy vms I am certainly not looking for bleeding edge, just secure and can just "set it and forget it" 
I guess I will just grin and bear it as its not crucial, I was just hoping the fix might be simple like Sven's suggestion (thanks for the suggestion though Sven!).
Cheers
Thanks for the way you took that. I wasn't trying to put you off - you
have done *exactly* the right thing by checking here.
Have you checked that everything works with a full centos template?
No problem. To further drill down and what could be the cause ... what happens when you type
notify-send test
in your VPN qube? I am guessing, but there is a very high chance that's exactly what the qtunnel script will call.
/Sven
What happens when you type 'notify-send test' in your VPN qube?
Hi Sven,
Thanks for the follow up.
When I type notify-send test in the vpn appvm a small notification "send" pops up in the top right side of my screen, that seems like a positive sign?
Btw, per unman's question, I installed CentOS full template and tried starting the vpn appvm and nothing happened, then tried using the full fed33 template and I got the vpn up popup.
Cheers
So, it would seem to be a Centos issue, and not a "minimal template"
issue.
Yep. Also tried Debian 10 (not minimal), no popup. so far the only template I have tried that seems to work (have a vpn up/down popup) out of the box is fed33 full.
Hi @stumpy,
I don't know what your goals are exactly, but if you'd like a debian-minimal based qube to connect to a OpenVPN than this will work for sure:
Template (cloned from debian-minimal):
apt install qubes-repo-contrib
apt update
apt install qubes-tunnel openvpn qubes-core-agent-networking
Qube (based on above template)
Obviously provide netvm and set provides_network to true. Also 'qvm-service sys-vpn qubes-tunnel on'
Then inside the qube
/usr/lib/qubes/qtunnel-setup --config
and finally copy and rename the .ovpn file provided by your VPN provider to /rw/config/qtunnel/qtunnel.conf
That's all there is. Restart the qube and be happy.
/Sven
As usual thank you very much Sven!
I will give that a try this weekend.
As for my goals they are pretty simple for proxyvms at least, I wanted to minimal templates that have a reduced attack surface, that I did not have to update all the time (though of my goals this was the least important so long as it was stable), and also a template i did not have to change so often. As setting up vpn vms has never been smooth for me, i am keen on using a distro like say centos or debian that i dont have to worry about EOL too often.
Cheers
btw, anyone know if there are any plans to replace the centos template with something like rocky linux? (or something that has a similarly long life cycle?)
Hi, I just wanted to check and see if something has changed with the centos minimal template?
This morning my vpn vm wasnt working which happens sometimes so I shutdown the vpn vm from dom0 (qvm-run shutdown now etc) and then restarted it and... I got a "VPN link up" popup?! I swear I havent changed anything, and actually dont remember any centos updates within the last few days... huh?
My guess is that you made necessary changes (e.g. installed something) in the template and then forgot to shut the template down before testing the qube based on the template.
In which case that qube would start with the version of the template before your necessary changes. Now, a day or two passed. You maybe restarted your PC or some other action of yours shutdown the template and committed the respective changes.
So this time your VPN qube started with all the bits in the right order and it worked.
Happened more than once to me ... no way to prove that that's what happened to you.
/Sven