Ideally you would want a blob free coreboot system with no Intel ME or AMD PSP type backdoors.
Intel is actively trying to nerf free software with Boot Guard/ME, if you buy a computer with those features it isn't really your computer.

A backdoor in a modem is irrelevant, it is post WAN and should be considered part of the "internet".

You need a computer with more than one server grade pci-e interfaced nics if you want real LAN>WAN performance, 25Mbps is simply a pitiful amount to settle for - the newer "server" grade ARM chipsets can do much better than that.
On 11/13/2016 08:22 AM, wrote:
13. Nov 2016 08:48 by

We see much correspondence in these forums about installing a VPN within Qubes. 
Surely, the most secure place for VPN is to install on a Router?
I say these things after reading the following paper [ >>  ] in which a group of hackers 
demonstrate that the majority of routers (in-particular those provided by ISP's] have 
backdoors to government agencies. These adversary's are able attack our LAN and its 
devices; including the ability to intercept VPN and Tor traffic.
The solution they say is to isolate these rogue routers in the Militarized Zone 
by creating a DMZ [demilitarized zone]. Achieved by installing a 2nd router 
[flashed with open source firmware such as OPenWRT]. It is here, on the router, 
that we should enable and run OpenVPN.
Thoughts on this paper and it's conclusions are welcomed

An always-on VPN connection on the router works well but can be a bit slow 
since the processing power of router CPUs is generally quite limited. If 
choosing a router, I'd suggest a dual-core ARM-based device. Although openvpn 
is only single-threaded you can usually configure cpu-affinity to place it on 
one core and the other routing tasks on the other core.

For those who want to go beyond around 20-25 Mb/s, which is where an ARM router 
will start to reach its limits, a fine alternative is a small fanless PC, such 
as the Intel NUC or Gigabyte Brix, and run an open source firewall on it, 
instead of a router. I'm using IPFire. If the processor supports AES-NI, the 
limiting factor will be your network speed, not the firewall's CPU.

Finally, I've always felt that running a vpn on Qubes and having an always-on 
vpn running on a router/PC complement each other.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to