Currently, I have the following configuration: sys-net -> sys-firewall - > {some vm list, referred as ListA} sys-net -> vpn-vm -> {some vm list, referred as ListB}
In vpn-vm I have NordVPN. In the current configuration, ListB has VPN and works.
However, if I change the vpn-vm settings to the following: sys-net -> sys-firewall - > vpn-vm -> {some vm list, referred as ListB}
I get no internet access in ListB.
Question. How to implement the following scheme: sys-net -> sys-firewall - > vpn-vm -> company-firewall - > {some vm list, referred as ListB}
NB. I have read https://www.qubes-os.org/doc/firewall/ but not able to implement the theory to my problem
NB: sys-firewall has the default configuration. I did not change anything in its default configuration.
NB: qubesos 4.0-8, Fedora32 Template
Currently, I have the following configuration: sys-net → sys-firewall - > {some vm list, referred as ListA} sys-net → vpn-vm → {some vm list, referred as ListB}
In vpn-vm I have NordVPN. In the current configuration, ListB has VPN
and works.
However, if I change the vpn-vm settings to the following: sys-net → sys-firewall - > vpn-vm → {some vm list, referred as ListB}
I get no internet access in ListB.
If you don’t have any special rules in sys-firewall yet, then this
should just work.
Question. How to implement the following scheme: sys-net → sys-firewall - > vpn-vm → company-firewall - > {some
vm list, referred as ListB}
NB. I have read Firewall | Qubes OS https://www.qubes-os.org/doc/firewall/ but not able to implement the
theory to my problem
NB: sys-firewall has the default configuration. I did not change
anything in its default configuration.
NB: qubesos 4.0-8, Fedora32 Template
Thank you.
I tried your sys-net → sys-firewall - > vpn-vm → some vm config
and it works OK for me (although I’m using 4.1 alpha right now). Another
difference is the two rightmost VMs are using a Debian 10 template.
You should check for DNS issues since that is probably the most common
way a Qubes VPN experiences blockage (if you try pinging some known IP
addresses directly and they go through, that would suggest a DNS problem).
If you’re running tests through your company firewall and it is
proprietary or configured for a Linux client then that may also be a
problem.
Let’s consider the current “vpn” chain: sys-net -> vpn-vm -> {some vm list, referred as ListB }
sys-net: ping works, 5-7 ms. vpn-vm: internet works, can browse webpages, but ping does not work. vm in listB: internet works, can browse webpages, but ping does not work.
Does this already suggest a DNS problem? Is there a standart/easy way to resolve this?