On Monday, May 13, 2019 at 12:03:18 PM UTC-4, Chris Laprise wrote: > On 5/13/19 9:36 AM, alexw8...@gmail.com wrote: > > Hello, I am trying to achieve this: User -> VPN -> Tor -> Internet > > > > This is my setup in qubes: > > > > fedora-29-vpn (templatevm- has openvpn installed) > > > > VPN-appvm (has openvpn running in it. It is using fedora-29-vpn > > template)------> vpn-sys-whonix(ProxyVM based on whonix-gw-14 template and > > its NETVM is VPN-appVM------>Internet AppVM(based on template whonix-ws-14. > > Its NETVM is set as vpn-sys-whonix). > > You might double-check this diagram. It doesn't look right. I would > expect something more like: Anon1(whonix-ws)-->VPN(fedora or > debian)-->sys-whonix(whonix-gw)-->sys-net.
wouldnt this way be User -> TOR -> VPN -> Internet? Sorry if it was a bit confusing my explanation of the setup. maybe this is better explained. whonix-ws -->Whonix-gw---->sys-vm------>sys-firewall Internet VPN Internet(NETVM=vpn-sys-whonix)---->vpn-sys-whonix(NETVM=sys-vm)----->sys-vm (NETVM=sys-firewall) (whonix-ws template) (whonix-gw template) (fedora-29-vpn template) > > It also matters precisely where you are checking for DNS packets. > > > > > I have been following this guide > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts > > when I was setting up VPN-appvm which I followed to a tee and completed > > without too much trouble. > > > > The Issue is, I have DNS leaks by doing some online DNS checks with > > VPN-appvm. Any Idea why/how to possibly fix this. > > A vpn vm may still send out DNS packets in the clear to look up its own > servers. Beyond that, you shouldn't see any. > > You can try a more thorough vpn setup here: > > https://github.com/tasket/Qubes-vpn-support > > This will check that the anti-leak firewall rules are in place before > starting the vpn client, and generally keep the link running more smoothly. I can try this method see the difference. > > However, I should note there is at least one issue open there for Fedora > 29 weirdness. In general, I recommend using Debian (which is what Whonix > is based on) as it has been better behaved than Fedora overall. Its also > the case that Fedora is intended to be a testbed, NON-production OS and > Qubes has plans to migrate away from it. Yes I can switch over to debian and see if that fixes the problem aswell. > > You should also read the vpn-related sections of the Whonix docs; There > are tradeoffs to using a vpn with Whonix. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1aead4a0-b3c5-4471-bbb3-b667a086f92b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.