Cant get contrib qubes tunnel to work?

Firstly, I posted this in the mailing list but it hasnt gotten any responses there and I really want to get this working as I have only been able to get it working in fedora 31 minmal (which has reached EOL). Below I tried outlining the procedure I have used (that isnt working). While I have gotten it to work in fedora 31 minimal on my desktop, I have tried getting it to work on fed32 minimal, deb10 minimal, and centos7 minimal, and tried it on my laptop - but have not been sucessful so far. Considering, I am assuming I am doing something incorrectly so any thoughts on what I have outlined below, would really really be appreciated:

I start with
sudo dnf install qubes-repo-contrib && sudo dnf update && sudo dnf upgrade

then sudo dnf install qubes-tunnel

Intially I think I was just doing that and not installing anything else but in trying to figure things out I started installing packages that the minimal docs page says are needed for NetVM and VPN qube (things like openvpn and qubes-core-agent-networking qubes-core-agent-network-manager NetworkManager-wifi network-manager-applet wireless-tools notification-daemon gnome-keyring polkit and sakura, a term i can paste into)

The above now seems to work ok, but then I create an appvm - vpnfed32, select the template (centos/deb/fed32 minimals) then check the “provides network” then go to the Services tab and add qubes-tunnel-openvpn then click ok.

Then I make sure the template and new appvm are closed, then start up the vpnvm from dom0:

qvm-run -u root vpnfed32 sakura &

and run

/usr/lib/qubes/qtunnel-setup --config

then enter my vpn provider (PIA) username then password

then copy one of the pia .ovpn profiles to

/rw/config/qtunnel/qtunnel.conf

then shutdown the vpn vm, then open the settings for another appvm set vpnfed32 as the networking vm to vpnfed32 and then try to start the AppVM (that I just set to use vpnfed32) up but nada, no connection to the internet at all. I have tried with protonvpn as well and still nothing so I really am… stumped :frowning:

I have a feeling it’s not working at the moment see @tasket 's comment here

I have qubes-tunnel set up and working on debian-10-minimal on R4.1. However the notifications do not appear. I have libnotify4 and libnotify-bin installed on template.

VPN is able to successfully connect, confirmed via AppVM and journalctl -u qubes-tunnel. however no notification that link is up.

@stumpi do you have any .crt (certificate) file related to PIA? If so, that needs to be moved to the qtunnel folder as well.

@fieryrajang : On my D10Min on R4.0 I needed xfce4-notifyd. Initial “up” notification still doesn’t appear, but subsequent “down” & “up” notifications do…

1 Like

@QubicRoot xfce4-notifyd did the trick, thank you!

I can confirm as well. Installing this solves the issue. Thanks @QubicRoot. This was on fedora32.

Hi @fieryrajang, I am ashamed to admit that I hadnt, though I didnt when i used fed31 either and its working?
Regardless I just added the crt and pem file to the /rw/config/qtunnel directory and admittedly the result is different though still not connecting.
Before the appvm using the non fed31 based vpn would just go straight to “no connection” but now, trying the vpn using the centos7-min, deb10-min, and fed32-min templates with the crt and pem file in the same directory as the qtunnel.conf and tunneluserpwd.txt, the browser seems to try but then after a minute or so says it cant connect, and curl gives me:
curl: (6) Could not resolve host: ifconfig.co

I am not familar with journal but thought I’d try it as you mentioned it, it gave me the following:

bash-5.0# journalctl -u qubes-tunnel
-- Logs begin at Fri 2021-01-01 11:05:08 EST, end at Sat 2021-01-16 21:41:54 EST. --
Jan 02 08:56:03 fedora-32-minimal systemd[1]: Condition check resulted in Tunnel service for Qubes proxyVM being skipped.
-- Reboot --
Jan 16 21:28:24 vpn systemd[1]: Condition check resulted in Tunnel service for Qubes proxyVM being skipped.

Lastly, I tried using the fed31-min template on the vpn-vm and that is not working. Something about the other vpn-vms I originally created that were based on fed31-min worked… though I have no idea what I did differently.
Thoughts?