Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

Fri, 27 Mar 2020 14:19:52 -0700 

On 3/27/20 5:02 AM, scurge1tl wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello all,

I would like to ask about proper setting of AppVM flow if using
Mullvad VPN. I would like to connect to the clearnet following way: Me
- -> Tor -> VPN -> clearnet.

When setting up mullvad in their web page, I set the parameters for
download here https://mullvad.net/en/download/openvpn-config/ in a
following way:
- - All countries (so that I can change my exit country as needed)
- - Port -> TCP 443 (Tor doesn't use UDP, right?)
- - tick Use IP addresses
Using TCP 443 for the connection helps only if you are running the VPN on top of Tor. With Tor on top of VPN, you're probably better off with UDP. 



To set the Mullvad VPN AppVM, I followed this guide from micahflee
https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
mullvad is vpn-mullvad. All works fine and connects to the network.

How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
vpn-mullvad -> sys-firewall, or I should use different setup?
Whonix has a guide that examines the issues of combining Tor and a VPN. However, I think its better as a 'what-if/why' guide than a Howto... 

https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor



Are there any other steps to follow to prevent leaks?


Yes.
The Qubes-vpn-support project is much easier to setup and should work more smoothly, in addition to providing better protection against leaks: 

https://github.com/tasket/Qubes-vpn-support
There is also a VPN setup guide on the Qubes doc page (this is the one the Whonix page links to). FWIW, I wrote the scripts for both but the idea for Qubes-vpn-support was to automate the setup and improve the connection handling of Openvpn so re-connection doesn't take 5 minutes. It also checks the firewall to make sure leak prevention is in place before initiating connections. 

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3065445d-4f37-9f26-4ace-68b4b2cd4b26%40posteo.net.

Reply via email to