thank you all for your help <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
On Sat, Oct 21, 2017 at 11:55 PM, Chris Laprise <tas...@posteo.net> wrote: > On 10/20/2017 03:58 PM, variableap...@gmail.com wrote: > >> Hello >> >> In this doc https://www.qubes-os.org/doc/vpn/, a configuration is >> described where app vms connect to the firewall VPN, which connects to the >> VPN proxy, and finally the net vm. >> >> Was this correctly documented as a configuration? Should the VPN proxy >> sit behind the firewall? >> >> Thanks >> > > You should theoretically be able to use VPNVM as a firewall. However, > there is a bug in qubes-firewall that causes "Deny Except" mode to block > all DNS traffic when a VPN/tunnel is used. The obvious workaround is to > create another proxyVM to be placed between appVM and VPNVM. > > If you would rather avoid creating an extra proxyVM, you can use a VPN > project that contains a fix for the DNS bug: > > https://github.com/tasket/Qubes-vpn-support > > > Also, in most cases no firewallVM is needed between VPNVM and sys-net, so > the following chain is OK: > appVM -> VPNVM -> sys-net > > -- > > Chris Laprise, tas...@posteo.net > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CACbN6r3ptd1LuEAQCFTBvvFgDL%2BPK5-LeD1AS4TdiPADA9sEDw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
