On 06/09/2016 06:21 AM, asdfg...@sigaint.org wrote:
On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote:
Hello
I read the guide on whonix site about how setup a VPN in workstation but
it is old and my VPN is a little different, it has a GUI interface but
also a setup for Open VPN (to work i have to use GUI). Do I setup like a
normal VPN in debian (network connection, import configuration,
certificate etc...) and change firewall?
Thank you
Mixing a VPN in the same VM as other tunnels or proxies is a more
complex affair. Qubes proxy VMs allow us to do this kind of thing more
cleanly.
So I recommend using a debian proxy VM. The doc Andrew linked to
contains a firewall script I created with Whonix (and other apps) in
mind. Its designed to fail closed (block traffic) if openvpn stops
working, and to stop all leaks. The only thing in or out is tunneled
traffic and related ICMP. Its designed for simple VPNs that tunnel all
traffic upstream (i.e. no special subnet selections), so it'll work with
most services.
There is a fancier version that creates systemd service and has a more
explicit firewall setup, though its about the same protection:
https://github.com/ttasket/Qubes-vpn-support
What's more, you don't have to alter any template beyond installing
openvpn to get this working.
OTOH, if you're looking for a solution for Network Manager, the doc
shows you how but its without a firewall. I am looking into a way to
make the firewall script work with NM.
Chris
Hello
I have a problem when run this command
sudo chown -R root:root openvpn (no directory)
The contents of the openvpn/ dir need to be transferred to /rw/config/
including the openvpn/ dir itself.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5759BA78.50405%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
