On 10/20/2017 03:58 PM, [email protected] wrote:
Hello
In this doc https://www.qubes-os.org/doc/vpn/, a configuration is described
where app vms connect to the firewall VPN, which connects to the VPN proxy, and
finally the net vm.
Was this correctly documented as a configuration? Should the VPN proxy sit
behind the firewall?
Thanks
You should theoretically be able to use VPNVM as a firewall. However,
there is a bug in qubes-firewall that causes "Deny Except" mode to block
all DNS traffic when a VPN/tunnel is used. The obvious workaround is to
create another proxyVM to be placed between appVM and VPNVM.
If you would rather avoid creating an extra proxyVM, you can use a VPN
project that contains a fix for the DNS bug:
https://github.com/tasket/Qubes-vpn-support
Also, in most cases no firewallVM is needed between VPNVM and sys-net,
so the following chain is OK:
appVM -> VPNVM -> sys-net
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/7926feea-b5b9-d535-061c-3d6a0d01120a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
