On 10/13/2016 04:03 AM, Chris Laprise wrote: > On 10/12/2016 10:58 PM, entr0py wrote: >> Manuel Amador (Rudd-O): >>> On 10/12/2016 07:58 PM, Chris Laprise wrote: >>>> This requirement is already satisfied in the Qubes VPN doc: >>>> >>>> https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts >>>> >>>> >>>> >>>> The scripts will stop non-VPN traffic and make sure that DNS operates >>>> through the VPN instead of going around it. >>> True, technically, someone reading an anatomy manual /could/ succeed in >>> performing surgery. >>> >>> I prefer to release software that solves the issue without the user >>> having to cobble together scripts and whatnot, which has more of an >>> opportunity to allow for (fatal, in some cases) error. Furthermore, >>> user scripts that people put on a VM once and forgot about them, are >>> bound to remain unmaintained, whereas with packaged software, there's >>> the opportunity for me to release updates that work with future >>> Qubes OS >>> versions. >>> >>> That doc is also like 20 pages long when printed out. It's a really >>> long set of instructions. Why not a drop-in package, and then a config >>> file, and off to the races we go? Seems much simpler to me. >>> >> @Chris @Manuel: >> Thanks to both of you for your contributions. (Almost) everything >> Manuel said is correct. It's also true that Chris has unfairly been a >> target of criticism for his documentation which is really no more >> verbose than is necessary. His instructions allowed me to "perform >> surgery" :) many months before the availability of a drop-in solution. >> >> Regarding Manuel's last point about simplicity: A package may be >> easier to install than a lengthy step-by-step but not necessarily >> easier to understand. For a certain subset of Qubes users who require >> knowing what changes are being made to their system, a package >> requires reading (sometimes complex) code, while a list of iptables >> rules are rather self-explanatory. >> >> That said, following Chris' guide was a great learning experience. I >> look forward to studying Manuel's repo as well. > > There's really no reason why the VPN doc solution can't be packaged. > No one was asking for that, and I was actually getting berated for not > creating an experience that was educational enough (my sin was in > supplying working scripts with comments instead of just the comments).
Your document was educational enough that it got me started on my VPN package. It's really good. It just needs fine attention to detail. It should be packaged. That is what I have done, with major modifications to integrate well into Qubes OS. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/881bf5c8-c688-a1f1-7db2-edbabd61ff21%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.