VPN firewall does not provide network to other qubes

When I connect to the VPN within sys-vpn, it stops providing network to other qubes. The VPN works fine within sys-vpn. What additional settings are needed to provide the VPN to other qubes?

I have set sys-vpn as standalone, with the template set to debian-12-xfce, and the net qube configured to sys-firewall. I also checked the option to provide network.

I used ProtonVPN and referred to this page to execute the following commands within sys-vpn:

sudo apt install openvpn
sudo apt install openresolv
sudo wget β€œhttps://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh” -O β€œ/etc/openvpn/update-resolv-conf”
sudo chmod +x β€œ/etc/openvpn/update-resolv-conf”
sudo openvpn <config.ovpn>

1 Like

can you ping 9.9.9.9 from a qube behind the VPN qube?

1 Like

Hi! Could you try to install this in your standalone:
sudo apt-get install qubes-core-agent-networking qubes-core-agent-network-manager network-manager-applet notification-daemon NetworkManager-openvpn-gnome

I had installed ProtonVPN this way (Fedora) (My VPN works):

  1. I created a new template (it’s a copy of fedora-40-xfce) for ProtonVPN
  2. I downloaded the rpm package in a dvm and move it to the template
  3. In the ProtonVPN template:
  • sudo dnf install ./protonvpn-stable-release-1.0.1-2.noarch.rpm
  • sudo dnf install --refresh proton-vpn-gnome-desktop
  • sudo dnf check-update && sudo dnf upgrade
  • sudo dnf install qubes-core-agent-networking qubes-core-agent-network-manager network-manager-applet notification-daemon NetworkManager-openvpn-gnome
  1. I created a sys-vpn from the protonVPN
  2. I copied the default firewall (sys-pre-vpn-firewall)
  3. The network configuration is AppVM β†’ sys-pre-vpn-firewall β†’ sys-vpn β†’ sys-firewall β†’ sys-net

I hope it helps!

1 Like

Yes, ping can be used. Here are the results. By the way, pinging using a domain instead of an IP address fails

user@disp2481:~$ ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=59 time=113 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=59 time=115 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=59 time=117 ms
64 bytes from 9.9.9.9: icmp_seq=4 ttl=59 time=114 ms
64 bytes from 9.9.9.9: icmp_seq=5 ttl=59 time=115 ms
64 bytes from 9.9.9.9: icmp_seq=6 ttl=59 time=115 ms
64 bytes from 9.9.9.9: icmp_seq=7 ttl=59 time=118 ms
64 bytes from 9.9.9.9: icmp_seq=8 ttl=59 time=118 ms
64 bytes from 9.9.9.9: icmp_seq=9 ttl=59 time=112 ms
^C
β€” 9.9.9.9 ping statistics β€”
10 packets transmitted, 9 received, 10% packet loss, time 9015ms
rtt min/avg/max/mdev = 112.104/115.122/118.252/2.040 ms
user@disp2481:~$ ping google.com
ping: google.com: Temporary failure in name resolution
user@disp2481:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=117 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=113 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=112 ms
^C
β€” 8.8.8.8 ping statistics β€”
4 packets transmitted, 3 received, 25% packet loss, time 3004ms
rtt min/avg/max/mdev = 111.833/114.129/117.213/2.265 ms
user@disp2481:~$

1 Like

Thank you. That’s the method for using the official app. I forgot to mention that I want to use TCP, so I need to use OpenVPN.

1 Like