On 10/15/2016 04:56 PM, 4lgaqp+cqeepdnbinsts via qubes-users wrote: > Hi Chris, > > Thanks for the suggestion. > Just to clarify, the VPN tunnel was created within the sys-firewall, and > currently that's the only proxyVM that I'm using (apart from the sys-whonix), > hence all traffic from the sys-net isn't encapsulated by the tunnel.
The instructions in the VPN doc (appear to me to) interfere with the Yum Qubes proxy forwarding that is necessary for updates to work. Try https://github.com/Rudd-O/qubes-vpn if possible, see if updates work there. You must run the Qubes updates proxy service directly in the same VPN VM. Note that update server queries will be handled by the proxy and therefore will not go over the VPN. > My understanding is that the sys-firewall merely forwards the traffic through > the sys-net by adding a forwad rule in the sys-firewall every time a new VM > is started. For that reason I was wondering if I cannot solve this more > effectively by simple adding a forwarding rule in the sys-firewall to > whitelist all traffic originated from 0.0.0.0/0 to the destination address > 10.137.255.254/32 and port 8082, wouldn't this be possible? > Privacy during updates are not an issue for me, by the contrary, since this > would allow more network throughput. > I confess I'm not very keen in changing templates or creating a dedicated > proxyVm for this purpose. > > Thanks > > > > > > ---- > Sent using GuerrillaMail.com > Block or report abuse: > https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D > > -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/081416f6-f3ff-7404-222a-2d9b32fae64a%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
