On 1/17/21 11:38 PM, [email protected] wrote:
Seems it works with rules below. Is it enough to prevent all leaks? Openvpn has more rules or other rules only drop traffic from proxyvm? Should I worry about this traffic? Is it the way to block it like openvpn solution from docs do for wireguard? Thanksiptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP ip6tables -I FORWARD -o eth0 -j DROP ip6tables -I FORWARD -i eth0 -j DROP воскресенье, 17 января 2021 г. в 21:48:37 UTC, [email protected]:I'm successfully run wireguard now with new Fedora kernel. But have the trouble with leak. Previous openvpn solution use specific qvpn group to prevent leaks. What is about wireguard? How to setup everything to prevent leaks if tunnel will down? Thanks
Simply put a firewall VM in front of your VPN VM and only allow the target VPN servers via qvm-firewall. Note that the GUI allows DNS and ICMP by default IIRC, i.e. you'll have to use qvm-firewall directly to implement your rules. This way you'll avoid messing with the Qubes firewall internals. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b2205cb-47b8-ff4d-1026-68b8941caf11%40hobach.de.
smime.p7s
Description: S/MIME Cryptographic Signature
