'Re: [qubes-devel] Starting qubes-openvpn-client.service from Qubes VM Manager -> vpnvm -> VM setting'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Starting qubes-openvpn-client.service from Qubes VM Manager -> vpnvm -> VM setting
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2015-01-13 11:05:07
Message-ID: 54B4FBE3.1060707 () invisiblethingslab ! com
[Download RAW message or body]


On 01/13/15 03:02, Marek Marczykowski-Górecki wrote:
> On Sun, Jan 11, 2015 at 11:56:45PM -0800, Frank Schäckermann wrote:
> > 
> > 
> > On Sunday, January 11, 2015 at 11:53:21 PM UTC+1, Marek 
> > Marczykowski-Górecki wrote:
> > > 
> > > On Sun, Jan 11, 2015 at 02:34:00PM -0800, Frank Schäckermann wrote: 
> > > > But since it is a service, I thought the most elegant way would be to 
> > > use 
> > > > the Services tab in the VM settings of Qubes VM Manager for the vpnvm. 
> > > That 
> > > > would require any user to only set up the /rw/config/openvpn directory 
> > > with 
> > > > the right openvpn configuration in a newly created proxy vm, add the 
> > > > service to the list of that vm and voila has a proxy vm opening up 
> > > another 
> > > > VPN connection. No network-manager hassle at all. Maybe a small python 
> > > > script could be added that gets started from qubes-openvpn-up-down and 
> > > > checks the status of the VPN connection every so many seconds 
> > > visualizing 
> > > > it through an icon in the system-tray. This way Qubes would have a very 
> > > > nice built-in support for OpenVPN. 
> > > > 
> > > > To test that approach, I added qubes-openvpn-client to the services list 
> > > of 
> > > > vpnvm and enabled/checked it. 
> > > > 
> > > > I also removed the code from rc.local in vpnvm and restarted the vm. But 
> > > > the service is not started automatically on boot as I would have 
> > > expected, 
> > > > since it is enabled in the VM settings. 
> > > > 
> > > > What am I missing? 
> > > 
> > > That service tab doesn't automatically enable/disable any service in the 
> > > VM. The service must be aware of such possibility. Take a look here: 
> > > https://wiki.qubes-os.org/wiki/QubesService 
> > > 
> > > Basically you need to add to service file: 
> > > ConditionPathExists=/var/run/qubes-service/qubes-openvpn-client 
> > > 
> > > Then enable the service. It will be really started only if above file 
> > > exists - the file is created when you enable the service in Qubes 
> > > Manager. 
> > > 
> > 
> > Great! Thanks! It is now working as I want it to!
> > 
> > I will create the status-indicator script now and then - if you are 
> > interested - make everything available to you for inclusion in Qubes. Or 
> > should I try to make it into it's own rpm package? Any coding guidelines I 
> > need to adhere to?
> 
> Joanna, do we want this as an rpm package
> (qubes-app-linux-openvpn-launcher), perhaps even installed by default)?
> Or just a tutorial somewhere on the wiki? The tutorial is ready in the
> first message of this thread.
> 

Yes, an rpm package for bringing all this up automatically would be great!

Thanks,
joanna.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/54B4FBE3.1060707%40invisiblethingslab.com.
 For more options, visit https://groups.google.com/d/optout.


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic