Rudd-O's solution uses a separate routing table thus ensuring that all traffic from VMs go either to VPN or a "blackhole". This is more robust than relying on the main routing table that can be messed up. However, that requires relaxing the reverse path filter and I don't remember any mitigation for potential attacks by VPN servers exploiting this. The main advantage is that an rpm package is produced so there's an easy way for creating and maintaining multiple VPN VMs based on the same template = easier updates.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b7aff2c-c714-4520-a45c-b14314192c10%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.