On Thu, 3 Jan 2019 at 01:19, Chris Laprise <[email protected]> wrote:
> Hmmm, that 3.x language should be changed in the doc. Where its says
> "proxyVM", that simply means "appVM with provides network" in Qubes 4.0.
>
I thought U found out how to have OpenVPN auto-connect after the sys-vpn
AppVM has launched:
1) right click in on the network manager applet icon of the sys-vpn AppVM
2) edit connections
3) Choose the ethernet (NOT the VPN connection) and then preferences
4) 1st Tab "General" choose "Automatically connect to VPN when using this
connection"
and choose the ExpressVPN connection here.
As far as I understand this makes it unnecessary to run step 4 from the
Qubes VPN howto.
Only step 5 ("Make the network fail-close for the AppVMs if the connection
to the VPN breaks") is then needed.
I also tested this by closing and restarting sys-vpn but it seems that
enabling this option "automatically connect to VPN doesn't survice reboots
of the AppVM.
I guess that this setting has also to be placed in the network manager
config file for the ethernet connection which is placed in
/rw/config/NM-system-connections/qubes-uplink-eth0
but I don't know the right options to write into the file yet.
You're right there is a kind of forwarding (via dnat) issue to take care
> of, however that and anti-leak are what the vpn doc and
> Qubes-vpn-support were created for. The latter (which is my own project)
> has only 4 basic steps with no editing necessary.
>
> BTW, the expressvpn app doesn't deal with the Qubes forwarding issue, so
> you can be sure it doesn't address security fully either. That is a
> recipe for leaking unencrypted packets.
>
I think I do not fully understand what this means? If I disable the VPN
connection in sys-vpn my AppVMs which are using this VM as netvm can't
connect to the network and this should mean that no leakage should happen
correctly (and all traffic goes through the VPN).
Additionally I am using browser plugins like https everywhere and disable
unecrypted connections.
- O
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vDEutK2QFcPMEzWzBTU-tTG0TDgxJXonfOxDLeh3x4ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
