On Sat, Feb 11, 2017 at 10:35:20AM -0800, jimmy.dack...@gmail.com wrote:
> Assuming one wants to have all internet traffic go through a VPN, is having
> both a VPN proxyVM and a firewall VM redundant? In other words, does the
> proxyVM with the VPN running in it serve as a firewall just as well? Or is
> there still some reason to have two separate VMs in this use case?
>
This will depend on what configuration you have on the VPN Proxy.
It would be possible to combine firewall and VPN Proxy in one qube,
particularly if you were always using the same downstream qubes attached
to the proxy. This would be straightforward and could be done with a
custom set of rules loaded in /rw/config/rc.local, either directly or
using iptables-restore.
imo a cleaner approach is to use "native" Qubes firewall capability -
there isn't a great overhead in doing so, and it should minimise the risk
of leaks.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170211232613.GB14849%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.
