On 07/14/2016 10:39 AM, [email protected] wrote:
Good day
I'm using a VPN in sys-net and would setup firewall rules to stop internet
connection if VPN crash. In sys-net isn't possible to insert ip addresses,
then I did it in sys-firewall. With some tests I saw that if VPN
disconnect suddenly, sys-net finds my wifi network and doesn't break the
connection, as I would. How can I solve this? (in the proxyVMs all work
well)
Thank you
Take a look at https://www.qubes-os.org/doc/vpn/
For leak protection and security it is best to set up a vpn client in a
proxy vm, between sys-net and the appvms. You can follow the
instructions from the doc "Using iptables and openvpn", or use the
firewall script as an example. The two critical commands that prevent
leaks (in the proxy vm configuration) are:
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
This means that no forwarding can take place involving the
upstream/clearnet interface eth0, so the only way out is through the vpn
tunnel.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/97718377-07be-93f8-4832-ec4c3baeda8a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
