amadaus: > [email protected]: >> We see much correspondence in these forums about installing a VPN within >> Qubes. Surely, the most secure place for VPN is to install on a Router? >> I say these things after reading the following paper [ >> https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of >> hackers demonstrate that the majority of routers (in-particular those >> provided by ISP's] have backdoors to government agencies. These >> adversary's are able attack our LAN and its devices; including the >> ability to intercept VPN and Tor traffic. >> The solution they say is to isolate these rogue routers in the >> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by >> installing a 2nd router [flashed with open source firmware such as >> OPenWRT]. It is here, on the router, that we should enable and run OpenVPN. >> Thoughts on this paper and it's conclusions are welcomed >> > Thanks everyone for your contributions. > Implicit in most of your replies is a distinct distrust of the > modems/routers provided to us. > If anyone is interested, the solution we adopted to securing our LAN is > copied from this blog; > https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/ > This guy uses a couple of cheap routers loaded with OpenWRT which sit > behind his infected Modem. His 2nd routed utilises OpenVPN Client and is > configured to protect "high value" devices. > We've successfully copied this configuration and it seems!! to work. - > unless you know better?? > The Blogger is correct, the best place to install OpenVPN is to use it within OpenWRT on a Router. As well as helping protect incoming and outgoing traffic to your Qubes device, it can help protect smart phones, tablets & IoT devices from being attacked and employed for Denial of Service purposes
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32bb2ecc-7e3f-3a88-c3da-834a5500b585%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
