From a74a4f70c849ea392648939708b5be22e22dcd42 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Mon, 23 Dec 2024 03:53:05 -0700
Subject: [PATCH] Add dnat-to-ns-boot.service for IVPN

---
 content/posts/qubes/Using IVPN on Qubes OS.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/content/posts/qubes/Using IVPN on Qubes OS.md b/content/posts/qubes/Using IVPN on Qubes OS.md
index 3417b1f..e1897ee 100644
--- a/content/posts/qubes/Using IVPN on Qubes OS.md	
+++ b/content/posts/qubes/Using IVPN on Qubes OS.md	
@@ -59,6 +59,22 @@ Unit=dnat-to-ns.service
 WantedBy=multi-user.target
 ```
 
+- `/etc/systemd/system/dnat-to-ns-boot.service`
+
+```
+[Unit]
+Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+ExecStart=sleep 10
+ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
+
+[Install]
+WantedBy=multi-user.target
+```
+
 Create `/etc/systemd/system/systemd-resolved.conf.d/override.conf` to disable rate limiting on systemd-resolved restarting:
 
 ```
@@ -66,10 +82,11 @@ Create `/etc/systemd/system/systemd-resolved.conf.d/override.conf` to disable ra
 StartLimitIntervalSec=0
 ```
 
-Next, enable the systemd path:
+Next, enable the systemd path and service to run at boot:
 
 ```bash
 sudo systemctl enable dnat-to-ns.path
+sudo systemctl enable dnat-to-ns-boot.service
 ```
 
 Finally, shut down the TemplateVM: