On 02/13/2018 05:23 PM, vel...@tutamail.com wrote:
Thanks Chris(and "tasket"!)....took me a few tries but I managed to get it
going, I tweaked the implementation a bit(scarey).
I was not however able to get this command going from step #3 of the Github
guide: sudo /usr/lib/qubes/qubes-vpn-setup --config
I doubt I did this right/well but when I went to DNSleaktest.com it showed no
Since you installed into a proxyVM only (not a template) you should skip
this command anyway (per instructions).
Couple of questions:
* What security am I not getting by doing step #3?
* Is using a script from Github good? Appreciate the lead but will this be
sanctioned by the Qubes community long term?
That depends. For one, you should be accessing github through HTTPS
which offers some protection. As for my veracity/trustworthiness that is
ultimately up to you, but looking at the commits you'll notice they are
cryptographically signed by me so they can be verified in 'git'. And
there is the pattern of my (signed) contributions accepted to Qubes and
I'm helping add new vpn tunnel features in Qubes itself, so you can
think of this as most of Qubes-vpn-support being incorporated into the OS.
* How can I test the kill switch functionality?
If you mean anti-leak, you can try leak testing sites* like you
mentioned or try monitoring traffic in an upstream vm for any packets
sent to non-vpn addresses.
*Some more sites: https://github.com/tasket/Qubes-vpn-support/issues/1
One way you can check if the firewall script is running is if 'sudo
iptables -L -v' shows the following rule at the top of the FORWARD section:
DROP all -- eth0 any anywhere anywhere
Thanks for the feedback!
Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.