Nope, don’t even get a connection between vpn-B and appvm with this. I really have no idea what I should do. This is probably an issue with the double vpn configuration. vpn-A does not support port-forwarding and icmp is dropped in it’s (qubes) firewall.
Port forwarding can’t work if the VPN setup is not working from the beginning. What’s happening in the client AppVM? Can you ping a domain or an IP from the terminal?
vpn works fine (just no portforwarding) . Also I get a connection via netcat between vpn-B and appvm when i open the ports in the appvm(first script you linked), just not with the qrexec method you mentioned. Just portforwarding from the outside world is not working correctly I would guess (first script)
If port forwarding comes from vpn-b, then it should work with qrexec. Make sure that the port in allowed through the VPN interface (iptables/nft), that qvm-connect-tcp is running on the same exact port and that your dom0 qrexec rule is correct, example:
ivpn.net is putting an end to port-forwarding. I assume this is what you’re using as you mentioned ivpn-gui. Mullvad had already ended port-forwarding. Both have cited misuse and inability to crackdown on misuse due to no-logging.
Make sure that nc is listening on the right port (sudo netstat -nltp), on some version it binds to a random one even if you do that command.
I just tried with an AirVPN setup using the following VPN script and it works: GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS
nc -l 11111
sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:11111 0.0.0.0:* LISTEN 2723/nc
Other AppVM with other VPN:
nc x.x.x.x 11111
Send "test"
On first AppVM side:
nc -l 11111
test
Since all VMs are independent, you can restart them without rebooting your computer.
I am also using AirVPN with tasket (vpn-B), could you tell me what exact configuration you generated?
Maybe you could also try a double vpn configuration like me? (for good measure also with a different vpn provider)
AppVM:
nc -lv 11111
vpn-B :
echo test | nc x.x.x.x 11111
nc x.x.x.x 11111
Send "test"
gives me timeout error
I don’t have to reboot when I add/edit policys in dom0
I meant under airvpn org/ports. Selecting tcp only or something (where you get the port)
The only “unsual” thing I have done is create a sym link from vpn-client.conf to the home directory.
I have installed tasket on multiple different machines and I was always able to curl. Am I somehow to stupid to set up tasket / is tasket not properly working for me?
My ports are assigned to my AirVPN “device”. All the other settings are default.
It seems that when Wireguard is used, it allow external traffic so it’s a “normal behavior”. The qubes traffic is still routed through the VPN so it’s fine.
Can you explain in detail how you did your setup from start to finish (Template type, command used and what was edited/installed in VM and dom0)?
I’ve done this setup 3 times so far with newly generated WG configuration and port and it worked each time. Something is missing somewhere in your setup so we need to know where’s the issue.