On 5/13/19 9:36 AM, [email protected] wrote:
Hello, I am trying to achieve this: User -> VPN -> Tor -> Internet
This is my setup in qubes:
fedora-29-vpn (templatevm- has openvpn installed)
VPN-appvm (has openvpn running in it. It is using fedora-29-vpn template)------>
vpn-sys-whonix(ProxyVM based on whonix-gw-14 template and its NETVM is
VPN-appVM------>Internet AppVM(based on template whonix-ws-14. Its NETVM is set
as vpn-sys-whonix).
You might double-check this diagram. It doesn't look right. I would
expect something more like: Anon1(whonix-ws)-->VPN(fedora or
debian)-->sys-whonix(whonix-gw)-->sys-net.
It also matters precisely where you are checking for DNS packets.
I have been following this guide
https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts
when I was setting up VPN-appvm which I followed to a tee and completed
without too much trouble.
The Issue is, I have DNS leaks by doing some online DNS checks with VPN-appvm.
Any Idea why/how to possibly fix this.
A vpn vm may still send out DNS packets in the clear to look up its own
servers. Beyond that, you shouldn't see any.
You can try a more thorough vpn setup here:
https://github.com/tasket/Qubes-vpn-support
This will check that the anti-leak firewall rules are in place before
starting the vpn client, and generally keep the link running more smoothly.
However, I should note there is at least one issue open there for Fedora
29 weirdness. In general, I recommend using Debian (which is what Whonix
is based on) as it has been better behaved than Fedora overall. Its also
the case that Fedora is intended to be a testbed, NON-production OS and
Qubes has plans to migrate away from it.
You should also read the vpn-related sections of the Whonix docs; There
are tradeoffs to using a vpn with Whonix.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/949d5da5-ee54-697c-0e84-e2278e22ba15%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
