Dear all,
Recently I set up a VPN Qube using a ProxyVM as a VPN gateway using iptables
and CLI scripts as described step-by-step
[here](https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts)
(the official documentation). It worked like a charm (even though the
guidelines seem to be aimed at Qubes R3 as still referring to setting up a
proxy-vm with old screenshots). But it worked and once the VM started I got a
nice pop-up message if it was up, and another one if it went down.
I noticed however that the pass.txt was readable for everyone. So I changed it
via 'sudo chmod 600 /rw/config/vpn/pass.txt'. When I relaunched the VPN Qube
after the changes it didn't seem to work anymore. There was no pop-up and no
connection. So, I changed the permissions back to what they were before, but to
no avail. Bad part is I tried to fix it by playing around with the permissions
on the other files and now I am lost.
I know I could simply create a new VPN Qube but I am curious to learn:
* What should the owner & permissions be on to be safest as possible but also
allow the VPN Qube to function properly:
- /rw/config/rc.local
-/rw/config/qubes-firewall-user-script
-/rw/config/vpn/pass.txt
-/rw/config/vpn/openvpn-client.ovpn
-/rw/config/vpn/qubes-vpn-handler.sh
Thnx in advance for any insights!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/P-UKNCFCOrQaSsclsRPZ9eZmx6tbf8c67PU8wjuR8XOHIu4sLxxca4MX5Xm9yEPq90FYcTjSqK50ZAXu0BprYWBDUrr1DHzMzMTrT-jS2Vg%3D%40protonmail.com.
