Fix IVPN for chaining ProxyVMs

Signed-off-by: Tommy <contact@tommytran.io>
2024-12-22 04:41:33 -05:00 · 2024-05-17 02:32:12 -07:00 · 2024-05-17 02:32:12 -07:00 · 121f5e3913
commit 121f5e3913
parent 5bf6e2133e
1 changed files with 17 additions and 5 deletions
--- a/content/posts/qubes/Using
+++ b/content/posts/qubes/Using
@ -31,7 +31,22 @@ sudo dnf config-manager --add-repo https://repo.ivpn.net/stable/fedora/generic/i
 sudo dnf install -y ivpn-ui
 ```

-IVPN needs `/usr/lib/qubes/qubes-setup-dnat-to-ns` to be run at boot and when the daemon changes `/etc/resolv.conf`. Create the following files:
+IVPN needs to restart `systemd-resolved` and run `/usr/lib/qubes/qubes-setup-dnat-to-ns` at boot to work properly, especially if you want to chain ProxyVMs. `/usr/lib/qubes/qubes-setup-dnat-to-ns` also needs to be run every time IVPN modifies `/etc/resolv.conf`. Create the following files:
+
+- `/etc/systemd/system/dnat-to-ns-boot.service`
+```
+[Unit]
+Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns 10 seconds after boot
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/sleep 10
+ExecStart=/usr/bin/systemctl restart systemd-resolved
+ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
+
+[Install]
+WantedBy=multi-user.target
+```

 - `/etc/systemd/system/dnat-to-ns.service`
 ```
@ -41,9 +56,6 @@ Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns
 [Service]
 Type=oneshot
 ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
-
-[Install]
-WantedBy=multi-user.target
 ```

 - `/etc/systemd/system/dnat-to-ns.path`
@ -63,7 +75,7 @@ WantedBy=multi-user.target
 Next, enable both the systemd service and the systemd path:

 ```bash
-sudo systemctl enable dnat-to-ns.service
+sudo systemctl enable dnat-to-ns-boot.service
 sudo systemctl enable dnat-to-ns.path
 ```