hkbakke / qubes-wireguard Goto Github PK
View Code? Open in Web Editor NEWWireguard VPN setup for Qubes OS
Wireguard VPN setup for Qubes OS
Thank you for the great configuration script.
I was able to set up a chain like this that works well for outgoing connections:
AppVM => WirequardVM => FirewallVM => NetVM
However, when I send incoming traffic, it does not reach the destination. Ideally the destination would be inside the AppVM
, but even when it's inside WireguardVM
that has IP address 10.9.0.8
, I cannot reach it. More specifically, I can ping other hosts within the VPN network from AppVM
, such as 10.9.0.6
, but not WireguardVM
itself. TCP traffic does not come as well.
Do you have an idea how to enable inbound traffic into the WireguardVM? The official firewall docs have lots of useful information, but it didn't help me to achieve the goal.
Great job, works well!
one question, @hkbakke will this work effectively with a multihop wireguard .conf file?
Thanks
[user@sys-vpn-wireguard ~]$ git clone https://github.com/hkbakke/qubes-wireguard
Cloning into 'qubes-wireguard'...
remote: Enumerating objects: 43, done.
remote: Counting objects: 100% (43/43), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 43 (delta 20), reused 27 (delta 10), pack-reused 0
Receiving objects: 100% (43/43), 6.51 KiB | 6.51 MiB/s, done.
Resolving deltas: 100% (20/20), done.
[user@sys-vpn-wireguard ~]$ ls
Desktop Downloads Pictures Templates qubes-wireguard
Documents Music Public Videos
[user@sys-vpn-wireguard ~]$ cd qubes-wireguard
[user@sys-vpn-wireguard qubes-wireguard]$ ls
README.md bin config.example
[user@sys-vpn-wireguard qubes-wireguard]$ cp config.example config
[user@sys-vpn-wireguard qubes-wireguard]$ chmod 600 config
[user@sys-vpn-wireguard qubes-wireguard]$ ls
README.md bin config config.example
[user@sys-vpn-wireguard qubes-wireguard]$ sudo ./bin/qubes-wg-conf
[user@sys-vpn-wireguard qubes-wireguard]$
Here is a copy of my config file (using mullvad)
WG_ADDRESS="10.64.185.11/32,fc00:bbbb:bbbb:bb01::1:b90a/128" WG_DNS="193.138.218.74" WG_PRIVATE_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=" WG_PEER_PUBLIC_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" WG_ENDPOINT="193.138.218.74"
Attaching a disposableVM's networking to the wireguard App the internet is accessible via original WAN connection (i.e. iP leak).
[user@sys-vpn ~]$ git clone https://github.com/hkbakke/qubes-wireguard
Cloning into 'qubes-wireguard'...
remote: Enumerating objects: 101, done.
remote: Counting objects: 100% (101/101), done.
remote: Compressing objects: 100% (77/77), done.
remote: Total 101 (delta 51), reused 43 (delta 17), pack-reused 0
Receiving objects: 100% (101/101), 17.87 KiB | 397.00 KiB/s, done.
Resolving deltas: 100% (51/51), done.
[user@sys-vpn ~]$ cd qubes-wireguard
[user@sys-vpn qubes-wireguard]$ cp config.example config
[user@sys-vpn qubes-wireguard]$ chmod 600 config
{After this, I edited the config file with the details given to me by ProtonVPN Wireguard Configuration, then saved it before running the following command}
[user@sys-vpn qubes-wireguard]$ sudo ./bin/wg-appvm-conf
[user@sys-vpn qubes-wireguard]$
The above is the Terminal output of the sys-vpn I created, based off the fedora-38-wireguard template I cloned from fedora-38 (which I also cloned the repo to the template in order to run the "sudo ./bin/wg-templatevm-conf" command, then shut it down before making the sys-vpn and running the above commands)
After the final terminal output, I shut down sys-vpn, set my work Qube to use sys-vpn for network then Started sys-vpn again. I don't know that I am supposed to do anything else after this, because there are no further instructions from here. I tried loading my IP on my Work Qube's Firefox and I am not showing any change, still leaking my IP. I am not sure what else I need to do, if I have to run some app or command on sys-vpn or something... it was not made clear in the instructions if that is the case.
Any offered assistance is much appreciated!
One thing I do want to note, when I ran "sudo ./bin/wg-templatevm-conf" it seemed to do a lot of things, but the appvm-conf just immediately skips to the next line, so I have no idea if that is expected behavior or not.
SELinux behaviour seems to be different for freshly installed Qubes OS 4.2 compared to ones upgraded from Qubes OS 4.1. It is probably related to this 4.2 release changelog item:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.