Hello,Chris Laprise,
I’ve been using qubes-tunnel for a few months now, and first tried with qubes-vpn-support, ,thank you for develop them and answered so many questions in a very clear manner, that helped a lot, I accumulated some questions along this time, now would like to understand both of them better, could you answer some of them while you are free, thank you. 1.Qubes-tunnel and Qubes-vpn-support ,chose which one on what stage is better? from these two app’s Github description, ‘qubes-tunnel is tested on Debian and Fedora, more for basic users’,‘qubes-vpn-support has ipv6 anti leak and whonix tested’ ----does it mean qubes-vpn-suppor is more advanced, when a user is more familiar with Qubes, he’s suggested to move from tunnel to vpn-support? ---Since qubes-tunnel is officially integrated in Qubes OS now, is vpn-support still being maintained. BTW,does this mean the qubes official document on vpn is slightly out-dated as well. 2. how to use these security tools together? When Im online, firefox won’t show ip, ipv6,dns, but tor, with it’s exit node, show them all. Please note this is not my info, but tor exit node’s. However, tor team publish all ivp6 exit on their website publicly, with ipv6 is too traceable, and most of ipcheck website can tell a browser is from a tor exit, and you once suggested as well, ipv6 is a ‘naïve’ concept. ----Does this mean using tor for sign-in service like check email is not secure and not recommended, so it’s better just for browsing? ---In that case is firefox or opera more secure for email-checking?-- Especially, when tor team claimed tor +vpn would make a user’s traffic ‘more obvious’. ----How to check webmails if it were you? 323. Just to confirm some configure details --On firewall rules,Adding below lines iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP ip6tables -I FORWARD -o eth0 -j DROP ip6tables -I FORWARD -i eth0 -j DROP in /rw/config /qubes-firewall-user-script This is in vpn-vm not app-vm, sys-net or dom0 right? ---When you suggested to test a uplink-vm with package send to non-vpn address, do you mean by something like ware-shark? in sys-net right? ---Disable ipv6 should by qvm-features VM ipv6 '' should be in sys-net as well correct? is it permanent, or should we do it on each boot. Lots of thank you again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/201902262118.x1QLI1Gx011762%40api2.scryptmail.com. For more options, visit https://groups.google.com/d/optout.
