On 09/26/2018 08:38 PM, Stuart Perkins wrote:
Well, got the proxyVM created. Based it on Fedora-28. Have it squeezed between sys-firewall and sys-net. It runs automatically due to the dependency, but the vpn does not run automatically, which is what I want.
It should run openvpn automatically, unless there was a typo or a step was skipped. You can check its log with 'sudo journalctl -u qubes-tunnel'.
I setup a shortcut to start the open vpn and another to kill it. It seems to work, but my ability to test it out is not complete right now. I'll know more after I test it some more tomorrow. That keeps my storage of VPN credentials away from sys-net, while still enabling sys-firewall. That is the part I need to test more fully. I have one appVM firewalled to only access my home system for backup purposes as well as other appVMs with full access. I'll do some serious testing tomorrow and report the results. I can synthesize being away from home by using my smartphone for internet. I will need to access my home network when connected to the VPN, which I ought to be able to, and a traceroute should go through my home system's DNS server. This may be the best solution for my need for now. It is better than the previous sys-net hosted openvpn instance. Thanks to Chris for the explanation as to why to use qubes-tunnel.
There are two ways to access a LAN while connected to a VPN with qubes-tunnel. One is to add exceptions to the ProxyVM internal iptables rules, the other (recommended way) is to connect the particular VM requiring LAN access to a clearnet VM such as sys-firewall (assuming you have sys-firewall still connected directly to sys-net).
-- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f5e1f1d-c77d-f02f-5ea6-bf7a501cc681%40posteo.net. For more options, visit https://groups.google.com/d/optout.
