fedora-30 breaks VPN support

[e6lk7dqzm83p]

I recently upgraded my TemplateVM from fedora-29 to fedora-30 which resulted in the VPN script not working. Switching back to fedora-29 seemed to resolve the issue.

[tasket]

Its been working fine for me with fedora-30. Can you post logs or suggest a way to reproduce the problem?

[e6lk7dqzm83p]

I just noticed that the VPN link messages (VPN ready, VPN up, VPN down, etc) didn't come up and I had no internet connectivity.

I can try it with fedora-30 again. Where would I look for relevant logs?

Thanks!

[tasket]

Logs can be viewed with sudo journalctl -u qubes-vpn-handler. You can also check the service status with sudo systemctl status qubes-vpn-handler.

[tasket]

One other thing that relates to testing is that the instructions suggest manually testing the openvpn command before enabling the Qubes-vpn-support stuff. This can help narrow down where the problem is.

[tasket]

In the meantime, since fedora-30 is producing unreliable results (to say the least -- I think you're using PIA which is the same service I'm using) I suggest moving the VPN VM to debian-10 which is overall more stable and secure than fedora.

[e6lk7dqzm83p]

I ported over to Debian 10, as per your recommendation.

In Fedora 30 I cannot get the link up on its own, but the same qube works perfectly on Fedora 29. Here's the output of me running openvpn:

[user@sys-vpn ~]$ sudo openvpn --cd /rw/config/vpn --config vpn-client.conf --auth-user-pass userpassword.txt
Mon Feb 10 15:43:31 2020 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019
Mon Feb 10 15:43:31 2020 library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08
Mon Feb 10 15:43:31 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:31 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:31 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:43:31 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:43:36 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:36 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:36 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:43:36 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:43:41 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:41 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:41 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:43:41 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:43:46 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:46 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:46 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:43:46 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:43:51 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:51 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:43:51 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:43:51 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:44:01 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:44:01 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:44:01 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:44:01 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:44:21 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:44:21 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:44:21 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:44:21 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:45:01 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:45:01 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:45:01 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:45:01 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Feb 10 15:46:21 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:46:21 2020 RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com:501 (Name or service not known)
Mon Feb 10 15:46:21 2020 Could not determine IPv4/IPv6 protocol
Mon Feb 10 15:46:21 2020 SIGUSR1[soft,init_instance] received, process restarting