On Monday, January 30, 2017 at 10:25:48 PM UTC+3, Garrett Robinson wrote: > On 01/30/2017 11:21 AM, Jane Jok wrote: > > > I know that Qubes security model doesn't rely on users system for security, > > but combined with iptables, this could prevent traffic leaks when running > > certain "wonky" VPN configs (for instance, ipsec based VPNs where a tun > > device is absent) by straight up disallowing a certain user from > > communicating over anything other than the VPN link. > Hm, this sound like you're running a VPN in your AppVM. Are you? If so, > a better solution (that can easily achieve your goal of preventing > leaks, albeit for an entire VM instead of a specific user of a VM) is to > use a ProxyVM, as documented here: https://www.qubes-os.org/doc/vpn/.
- I already have a bunch of proxyvms running different VPNs for... different reasons. Unless I get a box with more ram or someone much smarter than me does one of those super-fancy <100MB RAM unikernel VM things, but for ipsec tunnels, this is the best option. Besides, it's not a "high risk" VM or anything like that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c06a65f-f624-4c86-a983-2198343eefb3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.