Hey,
I try to get wireguard working and I used this setup: Wireguard VPN setup
So far I get connection to the external network, can ping the server there, but can not resolve websites, or connect with remmina. I tried different DNS servers and tried different MTU size with no success.
Somebody an idea?
Cheers
qun
Do you have Qubes OS 4.1 or Qubes OS 4.2?
Are you unable to ping domain names (e.g. ping debian.org) in both sys-vpn and in app qubes connected to sys-vpn?
Qubes 4.2
I can ping debian.org, so it seem not to be a problem with DNS as I understand.
sys-vpn to sys-vpn??
no, sys-vpn is connected to sys-firewall and app vm is connected to sys-vpn
I mean:
ping debian.org in sys-vpnping debian.org in app qube connected to sys-vpnyes, that works, both.
by the way, where can I set allowed IPs in the network-manager? Can not see this setting
Then DNS is working properly.
Maybe it’s an issue with MTU. Did you try to add this firewall rule?
no, I wanted to get it work first and then set this fw rule. Now its just opened for everything out.
I tried different MTU, but without success.
The connection seems to be ok, because of the ping within and outside the vpn-network.
Allowed IPs are all zeroed, so it shouldn’t be a problem.
Try this:
curl https://quad9.net in sys-vpncurl https://quad9.net in app qube connected to sys-vpncurl doesn’t work in both
What if you try this?
curl https://9.9.9.9
“not found” on both
What if you ping quad9.net in both qubes?
it takes rather long (250ms), but it works
Try to add that firewall rule.
UPD:
On second thought, since you have the same issue in sys-vpn then it won’t help.
it doesn’t make sense for this problem, because it’s just the rule, to avoid leaks beside the vpn tunnel.
It’s not a rule to allow/block packets, it’s a rule to modify MTU of a forwarded packets.
ah, so this rule in sys-vpn?
nft add rule ip qubes custom-forward tcp flags syn / syn,rst tcp option maxseg size set rt mtu
Yes.
I suppose in the templateVM of the sys-vpn, isn’t it?
No, in sys-vpn itself.