On Tue, Jan 31, 2017 at 11:41:27AM -0800, vincent.maximus.c...@gmail.com wrote: > On Tuesday, January 31, 2017 at 7:44:35 PM UTC+1, 01v3g4n10 wrote: > > On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote: > > > My Setup > > > > > > proxy vm + airvpn in network manager ,TCP-53 > > > -> appvm x > > > > > > importing airvpn VPN configuration files (TCP-53) in my proxy vm network > > > manager > > > and select this 'AirVpn' proxyvm in my netvm settings > > > for all my fedora/debain appvm's. > > > > > > > > > Is there any better more secure way (not tor) > > > to setup my internet security? > > > > > > I noticed having DNS leaks the first 5 seconds after Im connected to a > > > new server.. > > > > Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts > > https://www.qubes-os.org/doc/vpn/ > > > > that sounds REALLY complicated... > is there an easy fix to DNS leaks ? > > > in the proxyvm you have the options in the firewall rules > to disable > > allow ICMP traffic > allow dns queries > > should the box be white or black ? > (check or uncheck?)
Whatever anyone tries to tell you security IS complicated, and there isn't an easy way to achieve it in a hostile environment. There IS a somewhat easier way than described in those docs, but you will have to change your set-up. Put a firewall inline between proxy and sys-net, and use it to block all traffic from the proxy except whatever is required to run your vpn. That is, Deny all EXCEPT VPN protocol and port. If you have a single provider specify that, or a number of IP addresses. Don't allow ICMP or DNS traffic. If I remember, the original VPN thread included folk who had real opposition to this method, but it would work fine. It just adds another Qubes networking layer in to the mix. You are, of course, using a standard port for DNS, so there would still be the possibility of some DNS traffic passing through with this configuration, at least the request. If you were to change to some other port this wouldn't be an issue. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170131233051.GB9109%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
