On 10/13/2016 12:00 AM, Chris Laprise wrote:
> On 10/12/2016 06:18 PM, Marek Marczykowski-Górecki wrote:
>> Hash: SHA256
>> On Wed, Oct 12, 2016 at 09:35:45PM +0000, Manuel Amador (Rudd-O) wrote:
>>> It gives me great pleasure to release the first iteration of the
>>> leakproof Qubes VPN.
>>> https://github.com/Rudd-O/qubes-vpn
>>> This package allows you to set up a leakproof OpenVPN VM on your Qubes
>>> OS system. All VMs attached to the VPN VM are automatically and
>>> transparently routed through the VPN. DNS requests do not hit the NetVM
>>> they get routed through the VPN instead.
>>> Users and developers welcome to contribute to the project in any way
>>> you
>>> can!
>> Nice! I've briefly reviewed it and it looks good :)
>> I think it would be good to have it in standard repository. See
>> "Packaging 3rd-party software" message on qubes-devel I just sent.
>> - -- 
> Although I like a packaged solution, I think anyone should be wary of
> manipulating routing tables to create a "leak-proof" environment.
> Hyperbole aside, VPN clients frequently change routing tables directly.

My program directs openvpn not to change any routing tables and, in
fact, tells openvpn to run in unprivileged mode where openvpn cannot
change any routing tables itself.

> The firewall is more reliable for this application. It makes sense to
> package the existing solution since we know its relatively client
> agnostic and more importantly fills Patrick's requirements for Tor
> isolation.

Though I do not understand what you mean by "the firewall is more
reliable", as my program runs under a ProxyVM fine, that solution should
be packaged too, perhaps under a different name.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to