amadaus:
> amad...@riseup.net:
>> We see much correspondence in these forums about installing a VPN within
>> Qubes. Surely, the most secure place for VPN is to install on a Router?
>> I say these things after reading the following paper [
>> https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of
>> hackers demonstrate that the majority of routers (in-particular those
>> provided by ISP's] have backdoors to government agencies. These
>> adversary's are able attack our LAN and its devices; including the
>> ability to intercept VPN and Tor traffic.
>> The solution they say is to isolate these rogue routers in the
>> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by
>> installing a 2nd router [flashed with open source firmware such as
>> OPenWRT]. It is here, on the router, that we should enable and run OpenVPN.
>> Thoughts on this paper and it's conclusions are welcomed
>>
> Thanks everyone for your contributions.
> Implicit in most of your replies is a distinct distrust of the
> modems/routers provided to us.
> If anyone is interested, the solution we adopted to securing our LAN is
> copied from this blog;
> https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/
> This guy uses a couple of cheap routers loaded with OpenWRT which sit
> behind his infected Modem. His 2nd routed utilises OpenVPN Client and is
> configured to protect "high value" devices.
> We've successfully copied this configuration and it seems!! to work. -
> unless you know better??
> 
The Blogger is correct, the best place to install OpenVPN is to use it
within OpenWRT on a Router.  As well as helping protect incoming and
outgoing traffic to your Qubes device, it can help protect smart phones,
tablets & IoT devices from being attacked and employed for Denial of
Service purposes


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32bb2ecc-7e3f-3a88-c3da-834a5500b585%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to