On Fri, Oct 20, 2017 at 12:58:27PM -0700, [email protected] wrote: > Hello > > In this doc https://www.qubes-os.org/doc/vpn/, a configuration is > described where app vms connect to the firewall VPN, which connects to > the VPN proxy, and finally the net vm. > > Was this correctly documented as a configuration? Should the VPN proxy > sit behind the firewall?
AFAIK, if you connect your AppVMs directly to the VPN proxy, you lose the ability to firewall the traffic since it will be encrypted when it leaves the VPN proxy. So, for this reason, if you want to apply any filtering for that traffic you would need a firewall VM between the AppVMs and the VPN VM. In this situation, any firewall rules configured for the AppVMs will then be applied by the firewall VM before it reaches the VPN VM. There is a good explanation here (read "Security note" under Usage): https://github.com/Rudd-O/qubes-vpn#usage -- noor |_|O|_| |_|_|O| Noor Christensen |O|O|O| 0x401DA1E0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171021090940.mzojthov4ikw4duc%40mail. For more options, visit https://groups.google.com/d/optout.
