Vpn port forwarding

Okay will do. Thanks for sticking with me. I will reply in ~10 hours have something to do right now.

1 Like

I have some time so I’ll write all the steps I’ve taken to make this work, if you follow it you should be able to make it work.

  1. Create a new device on AirVPN
  2. Create a new port and assign it to the previously created device (My port will be 11111)
  3. Clone the Debian-11 template and name it something like “debian-11-vpn”
  4. Start the template and install both wireguard and openresolv
    sudo apt update && sudo apt install wireguard-tools openresolv
  5. Turn off the template
  6. Create a new AppVM based on debian-11-vpn named sys-airvpn
  7. In “Advanced”, check “Provides network” and add a new custom service “vpn-handler-wg”
  8. Start the AppVM and git clone the following repo: git clone https://github.com/tasket/Qubes-vpn-support
  9. Run sudo mkdir -p /rw/config/vpn, go in the repo directory and run sudo bash ./install (leave everything empty when asked)
  10. Run this command: sudo mv /rw/config/qubes-vpn-handler.service.d/10_wg.conf.example /rw/config/qubes-vpn-handler.service.d/10_wg.conf
  11. Go on the AirVPN configuration generator page and create a new wireguard configuration (Linux → Protocol Wireguard → Select a single server (will be “Dalim” for me) → Download)
  12. Move the config file to sys-airvpn
  13. On sys-airvpn, install the configuration: sudo cp /path/to/file.conf /rw/config/vpn/vpn-client.conf
  14. Restart sys-airvpn, once restarted open a terminal and check if you have a handshake using sudo wg
  15. Create a new AppVM called “CLIENT”, based on Fedora and set “sys-airvpn” as netvm
  16. Open a dom0 terminal and edit the following file: vi /etc/qubes/policy.d/30-user-networking.policy
    qubes.ConnectTCP +11111 sys-airvpn @default allow target=CLIENT
  17. On sys-airvpn, edit the file sudo vi /rw/config/rc.local and add the following lines before exit 0
    # Port forwarding
    iptables -I INPUT -p tcp --dport 11111 -j ACCEPT
    qvm-connect-tcp 11111:@default:11111
  18. Restart sys-airvpn
  19. Start the CLIENT AppVM, get the current external IP address curl ipinfo.io and then run the following command: nc -l 11111
  20. Start a new DispVM, it needs to be on a different network (other VPN or direct internet access)
  21. In this DispVM, run this command: nc <External IP from CLIENT> 11111
  22. Write “Test” then send with “enter”
  23. “Test” should appear on AppVM CLIENT

With all of that you should be able to get this working. Replace 11111 with your assigned port and then change “CLIENT” to another VM when you get this working first.

1 Like

Thanks will try this now. Regarding notable changes in dom0:

I tried to get graphics-passtrough working (https://github.com/Qubes-Community/Contents/blob/master/docs/customization/gaming-hvm.md) (didn’t get it working)
so I patched xen:

Regarding installed software I HAD installed i3 and a localization package.

Sorry that this is a bit badly written (very tired) I followed your Instuction pretty much exactly

What I have done:

  1. install wireguard-tools and openresolv in clean Debian-Template
  2. create new device on airvpn
  3. create a new port and asign it to the device
  4. create a new appvm based on the template: sys-airvpn
  5. provides network, and added vpn-handler-wg to the appvm (network to a mullvad-guide proxy-vm)
  6. Cloned tasket, created the folder, cd into it, installed it.
  7. Created a new config (Linux > Wireguard > choose the device (you forgot that point)> single server)
  8. renamed 10_wg.conf.example to 10_wg.conf
  9. moved the vpn-config to sys-airvpn and mv it to /rw/config/vpn
  10. changed MTU of the config to 1280
  11. restart the sys-airvpn and checked for handshake
  12. created a new appvm called “CLIENT” based on Fedora and set networking to sys-airvpn
  13. In dom0 edit the file /etc/qubes/policy.d/30-user-networking.policy
  14. add: qubes.ConnectTCP +11111 sys-airvpn @default allow target=CLIENT
  15. In sys-airvpn, edit /rw/config/rc.local and add at the end of the file but before exit 0:

    systemctl --no-block start qubes-vpn-handler.service

    # Port forwarding
    iptables -I INPUT -p tcp --dport 11111 -j ACCEPT
    qvm-connect-tcp 11111:@default:11111

    exit 0
  1. restart sys-airvpn
  2. start CLIENT, get the current ip and start nc -l 11111
  3. start other app-vm (behind another mullvad-guide proxy-vm)
  4. nc x.x.x.x 1111
  5. type “test”
  6. It’s f working!!!

Holy shit I have halfheartedly tried to get this working for years no idea what I was always doing wrong (I still don’t know what I did wrongly) but I finally got this working.

Thank you so much!!!

1 Like

Glad it’s working for you now!

1 Like