On 7/9/19 4:49 PM, Luc libaweb wrote:
Hello,
I read lot of things about VPN in Qubes OS.
I have mount a standalone VM with client VPN installed. This VPN VM connect to
the network with sys-firewall.
Others VM connect them directly on this VM VPN.
So, AppVM connect to Netvm Standalone VM VPN connect to Netvm Sys-Firewall
It's good or not for security ? Maybe the VM VPN bypass the sys-Firewall ?
In practice, you won't see any difference between these configurations
unless you have placed special rules _inside_ sys-firewall (in the
/rw/config dir):
sys-vpn -> sys-firewall -> sys-net
sys-firewall -> sys-vpn -> sys-net
sys-vpn -> sys-net
The reason is that sys-vpn uses "provides network" and is thus a proxyVM
just like sys-firewall; if you add firewall rules to your appVMs, they
should be processed the same way in either sys-firewall or sys-vpn. As a
result, sys-vpn can perform both vpn and firewall functions. If you
consider sys-vpn's role to be trusted and low-risk, then the third
example can accomplish the same thing as the first two while consuming
less memory and CPU.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f1080022-ac19-f1f4-65d2-2fd04f2b8fa6%40posteo.net.
For more options, visit https://groups.google.com/d/optout.