Okay will do. Thanks for sticking with me. I will reply in ~10 hours have something to do right now.
I have some time so I’ll write all the steps I’ve taken to make this work, if you follow it you should be able to make it work.
- Create a new device on AirVPN
- Create a new port and assign it to the previously created device (My port will be
11111
) - Clone the Debian-11 template and name it something like “debian-11-vpn”
- Start the template and install both wireguard and openresolv
sudo apt update && sudo apt install wireguard-tools openresolv
- Turn off the template
- Create a new AppVM based on debian-11-vpn named sys-airvpn
- In “Advanced”, check “Provides network” and add a new custom service “vpn-handler-wg”
- Start the AppVM and git clone the following repo:
git clone https://github.com/tasket/Qubes-vpn-support
- Run
sudo mkdir -p /rw/config/vpn
, go in the repo directory and runsudo bash ./install
(leave everything empty when asked) - Run this command:
sudo mv /rw/config/qubes-vpn-handler.service.d/10_wg.conf.example /rw/config/qubes-vpn-handler.service.d/10_wg.conf
- Go on the AirVPN configuration generator page and create a new wireguard configuration (Linux → Protocol Wireguard → Select a single server (will be “Dalim” for me) → Download)
- Move the config file to sys-airvpn
- On sys-airvpn, install the configuration:
sudo cp /path/to/file.conf /rw/config/vpn/vpn-client.conf
- Restart sys-airvpn, once restarted open a terminal and check if you have a handshake using
sudo wg
- Create a new AppVM called “CLIENT”, based on Fedora and set “sys-airvpn” as netvm
- Open a dom0 terminal and edit the following file:
vi /etc/qubes/policy.d/30-user-networking.policy
qubes.ConnectTCP +11111 sys-airvpn @default allow target=CLIENT
- On sys-airvpn, edit the file
sudo vi /rw/config/rc.local
and add the following lines beforeexit 0
# Port forwarding iptables -I INPUT -p tcp --dport 11111 -j ACCEPT qvm-connect-tcp 11111:@default:11111
- Restart sys-airvpn
- Start the CLIENT AppVM, get the current external IP address
curl ipinfo.io
and then run the following command:nc -l 11111
- Start a new DispVM, it needs to be on a different network (other VPN or direct internet access)
- In this DispVM, run this command:
nc <External IP from CLIENT> 11111
- Write “Test” then send with “enter”
- “Test” should appear on AppVM CLIENT
With all of that you should be able to get this working. Replace 11111
with your assigned port and then change “CLIENT” to another VM when you get this working first.
Thanks will try this now. Regarding notable changes in dom0:
I tried to get graphics-passtrough working (https://github.com/Qubes-Community/Contents/blob/master/docs/customization/gaming-hvm.md) (didn’t get it working)
so I patched xen:
Regarding installed software I HAD installed i3 and a localization package.
Sorry that this is a bit badly written (very tired) I followed your Instuction pretty much exactly
What I have done:
- install wireguard-tools and openresolv in clean Debian-Template
- create new device on airvpn
- create a new port and asign it to the device
- create a new appvm based on the template: sys-airvpn
- provides network, and added vpn-handler-wg to the appvm (network to a mullvad-guide proxy-vm)
- Cloned tasket, created the folder, cd into it, installed it.
- Created a new config (Linux > Wireguard > choose the device (you forgot that point)> single server)
- renamed 10_wg.conf.example to 10_wg.conf
- moved the vpn-config to sys-airvpn and mv it to /rw/config/vpn
- changed MTU of the config to 1280
- restart the sys-airvpn and checked for handshake
- created a new appvm called “CLIENT” based on Fedora and set networking to sys-airvpn
- In dom0 edit the file /etc/qubes/policy.d/30-user-networking.policy
- add: qubes.ConnectTCP +11111 sys-airvpn @default allow target=CLIENT
- In sys-airvpn, edit /rw/config/rc.local and add at the end of the file but before exit 0:
systemctl --no-block start qubes-vpn-handler.service
# Port forwarding
iptables -I INPUT -p tcp --dport 11111 -j ACCEPT
qvm-connect-tcp 11111:@default:11111
exit 0
- restart sys-airvpn
- start CLIENT, get the current ip and start nc -l 11111
- start other app-vm (behind another mullvad-guide proxy-vm)
- nc x.x.x.x 1111
- type “test”
- It’s f working!!!
Holy shit I have halfheartedly tried to get this working for years no idea what I was always doing wrong (I still don’t know what I did wrongly) but I finally got this working.
Thank you so much!!!
Glad it’s working for you now!