On 02/13/2018 05:23 PM, vel...@tutamail.com wrote:
Thanks Chris(and "tasket"!)....took me a few tries but I managed to get it 
going, I tweaked the implementation a bit(scarey).

I was not however able to get this command going from step #3 of the Github 
guide:  sudo /usr/lib/qubes/qubes-vpn-setup --config

I doubt I did this right/well but when I went to DNSleaktest.com it showed no 

Since you installed into a proxyVM only (not a template) you should skip this command anyway (per instructions).

Couple of questions:
* What security am I not getting by doing step #3?
* Is using a script from Github good? Appreciate the lead but will this be 
sanctioned by the Qubes community long term?

That depends. For one, you should be accessing github through HTTPS which offers some protection. As for my veracity/trustworthiness that is ultimately up to you, but looking at the commits you'll notice they are cryptographically signed by me so they can be verified in 'git'. And there is the pattern of my (signed) contributions accepted to Qubes and other projects.

I'm helping add new vpn tunnel features in Qubes itself, so you can think of this as most of Qubes-vpn-support being incorporated into the OS.

* How can I test the kill switch functionality?

If you mean anti-leak, you can try leak testing sites* like you mentioned or try monitoring traffic in an upstream vm for any packets sent to non-vpn addresses.

*Some more sites: https://github.com/tasket/Qubes-vpn-support/issues/1

One way you can check if the firewall script is running is if 'sudo iptables -L -v' shows the following rule at the top of the FORWARD section:

DROP    all  --  eth0   any  anywhere  anywhere

Thanks for the feedback!


Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to