Dear all,

Recently I set up a VPN Qube using a ProxyVM as a VPN gateway using iptables 
and CLI scripts as described step-by-step 
[here](https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts)
 (the official documentation). It worked like a charm (even though the 
guidelines seem to be aimed at Qubes R3 as still referring to setting up a 
proxy-vm with old screenshots). But it worked and once the VM started I got a 
nice pop-up message if it was up, and another one if it went down.

I noticed however that the pass.txt was readable for everyone. So I changed it 
via 'sudo chmod 600 /rw/config/vpn/pass.txt'. When I relaunched the VPN Qube 
after the changes it didn't seem to work anymore. There was no pop-up and no 
connection. So, I changed the permissions back to what they were before, but to 
no avail. Bad part is I tried to fix it by playing around with the permissions 
on the other files and now I am lost.

I know I could simply create a new VPN Qube but I am curious to learn:

* What should the owner & permissions be on to be safest as possible but also 
allow the VPN Qube to function properly:
- /rw/config/rc.local
-/rw/config/qubes-firewall-user-script
-/rw/config/vpn/pass.txt
-/rw/config/vpn/openvpn-client.ovpn
-/rw/config/vpn/qubes-vpn-handler.sh

Thnx in advance for any insights!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/P-UKNCFCOrQaSsclsRPZ9eZmx6tbf8c67PU8wjuR8XOHIu4sLxxca4MX5Xm9yEPq90FYcTjSqK50ZAXu0BprYWBDUrr1DHzMzMTrT-jS2Vg%3D%40protonmail.com.

Reply via email to