Cool! I had not had time to find out exactly what qubes did, but you
explained it very well. I suspect that's not *all* qubes does, but
I'll be installing a prepackaged VM router (or hacking my own). What a great
concept.
On Mon, 7 Nov 2016, Chris Laprise wrote:
FWIW... If the OP is inquiring about a 'fail closed' configuration that can
prevent any traffic leaking from the tunnel, then he may want to look at
Qubes OS where users can define a 'Proxy VM' to control all traffic in this
way. This means the VPN is running inside a forwarding *router* and
preventing leaks becomes a much simpler matter of stopping any forwarding to
clearnet NICs.
https://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html
https://www.qubes-os.org/doc/vpn/
You can get the same effect with a dedicated physical router, but then you'd
have to carry that around (and router devices get exploited a lot these
days).
--
Stuart D. Gathman <[email protected]>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
_______________________________________________
networkmanager-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/networkmanager-list
