On 04/22/2018 02:39 PM, [email protected] wrote:
Also, if you run bitmask just in individual appVMs (instead of proxyVM,
which shares the connection with some number of appVMs) then in that
situation it probably won't need Qubes-specific rules to prevent leaks.
not true, bitmask in appVM's once VPN is disconnect allow clear and unencrypted
traffic.
In this case you're following the usage and threat model that LEAP
designed bitmask for. IOW, the appVM is like a regular Linux PC and the
user must be mindful of the connection state.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Is there option to add in firewall appVM rule that allows connection only with
VPN server ip? and once connection is disconnect traffic will be stopped?
Yes, if you connect the appVM to a proxyVM like sys-firewall, you can
add the allowed addresses to the 'Firewall rules' tab in the appVM's
settings window.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/add22808-05ba-b168-2736-bd4d218b4a75%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
