Qubes-vpn-support error (cannot resolve host address)

Hello Qubes community!

I am trying to setup my multiple VPN qubes on 4.1 with fedora-34-minimal as the base. I was able to get NordVPN working but I am struggling to get ProtonVPN running.

I keep getting: cannot resolve host address: x.protonvpn.com name or service not known

Anyone have an idea?

Can you share the instructions you are following to set up ProtonVPN?

The domain x.protonvpn.com does not point to anything, which is why you are getting this error. But it is hard to say how you can fix it without further information

I have put X instead of the real one for simplicity. I have followed the information on the qubes-vpn-support. I am use to do that on qubes 4.0. I was able to do protonvpn on 4.0.

Bishop

Please, make it easy for us to help you by linking to the instructions you followed.

Can you solve other domain names in the VM?
try:
dig google.com

If it says that dig is not a recognized program, install the package bind-utils (temporarily in the AppVM itself) with sudo dnf install bind-utils and try again.

Paste the output here.

I followed the instruction here:

I am making progress. on the other VPN proxy VM, connection is done by IP address.

dig does not work on both VM but sudo sg qvpn “dig google.ca” work.

It seems that the user starting the VPN does not have the right to do name resolution.

Ok, thanks for the extra information, it is becoming more clear to me.

When do you get the error listed in your first message? Is it after you run some command? If so, which command is it?

This is very likely a firewall issue. Only the qvpn user can access the network based on the configuration. Are you sure that the vpn is started by the qvpn user?

I get the error in the log if I try to start the the service
systemctl start qubes-vpn-handler
or if I try to start manually the tunnel with
sudo openvpn --cd /rw/config/vpn --config vpn-client.conf --auth-user-pass userpassword.txt

There is nothing in the documentation to start the service as qvpn. And there is no qvpn user, only a group.

I have added the vpn-handler-egress service to the proxy vm and it works. Is there another way?

Bishop