Re: [qubes-users] Install VPN in anon-whonix
Andrew David Wong: > On 2016-06-09 13:54, Patrick Schleizer wrote: > >> [...] > >> So new documentation would be required for this. A lot stuff could >> be re-used since all of the three above are wiki templates. > >> Anyone interested in this? Up to try this, document this, etc.? > >> Cheers, Patrick > > > Tracking and labeling as "help wanted," in case anyone is ever > interested: > > https://github.com/QubesOS/qubes-issues/issues/2060 > > > This is now documented here: https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway Recommended order of reading: * 1) https://www.whonix.org/wiki/Tunnels/Introduction * 2) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN * 3) https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway Cheers, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57619B93.9010507%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-09 13:54, Patrick Schleizer wrote: > > [...] > > So new documentation would be required for this. A lot stuff could > be re-used since all of the three above are wiki templates. > > Anyone interested in this? Up to try this, document this, etc.? > > Cheers, Patrick > Tracking and labeling as "help wanted," in case anyone is ever interested: https://github.com/QubesOS/qubes-issues/issues/2060 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXXIVDAAoJENtN07w5UDAwg88QAMs9G0GOBN24hB1qUZbQK2UP 7TM0ifOCquM8jumNZjxemAT9Goh34mv2qgy/IbP9lVETpOgmQMtg4qxyVuIBpUz7 m7ya1yub0v66mEYBTZl+HbSQTxdNna/oAtnaP/eoIGnZKbbp2IOimP5nhMdqojrD TNWCzfeZrCx7xg1N9c1VqF2Rv7goc4HleybTDUIssCnZ9hb4xgRgzuLkZl0RFfNR 90JMxKSs+8yQq5ZwZjPzsseXeSWXFpW4MXoG66VRJtl2YOy0VsDTMG52DFaUGagl ncx8byc1uFqHXXOC1gf5+1BInlwlpRAawN4RXWyRLqVQOAL18vOF+dC6Ohu75Dhd YfH10sg1bnOYY66C/czBszviZAFXCt9KHemLswz/nH9yn6PqPsd2fY6CeJ0eFVSv bTU6Wu1vKiK3+q55EHOUqbyKj+gpbal7lAKwHs9Ccc07+471eT7PgdLtlynGaNa8 ZsGugkAgWNH6/Ti55sEPTg6lhDjVjbdQf9cQx4pVmAN/f//MXnihL1T0zUtoEh1X QLWUCG6n9i3UcmvsxFbl3zGYsEZ5JsP2hsbuWDOLrvJNsLD9/b7p0psGHVBnhZip 1N0cMORzrFQZ7OWZDxpTfEp/BxVuegkTpefLYgCQ/CREliDaT/1XbOH6R2H6Plg2 FMsozJHOm7MmmYQOZT/P =N4BM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/020d5b84-e7b9-1135-5649-baf1e478640d%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
On 06/09/2016 06:21 AM, asdfg...@sigaint.org wrote: On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote: Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall? Thank you Mixing a VPN in the same VM as other tunnels or proxies is a more complex affair. Qubes proxy VMs allow us to do this kind of thing more cleanly. So I recommend using a debian proxy VM. The doc Andrew linked to contains a firewall script I created with Whonix (and other apps) in mind. Its designed to fail closed (block traffic) if openvpn stops working, and to stop all leaks. The only thing in or out is tunneled traffic and related ICMP. Its designed for simple VPNs that tunnel all traffic upstream (i.e. no special subnet selections), so it'll work with most services. There is a fancier version that creates systemd service and has a more explicit firewall setup, though its about the same protection: https://github.com/ttasket/Qubes-vpn-support What's more, you don't have to alter any template beyond installing openvpn to get this working. OTOH, if you're looking for a solution for Network Manager, the doc shows you how but its without a firewall. I am looking into a way to make the firewall script work with NM. Chris Hello I have a problem when run this command sudo chown -R root:root openvpn (no directory) The contents of the openvpn/ dir need to be transferred to /rw/config/ including the openvpn/ dir itself. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5759BA78.50405%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote: Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall? Thank you Mixing a VPN in the same VM as other tunnels or proxies is a more complex affair. Qubes proxy VMs allow us to do this kind of thing more cleanly. So I recommend using a debian proxy VM. The doc Andrew linked to contains a firewall script I created with Whonix (and other apps) in mind. Its designed to fail closed (block traffic) if openvpn stops working, and to stop all leaks. The only thing in or out is tunneled traffic and related ICMP. Its designed for simple VPNs that tunnel all traffic upstream (i.e. no special subnet selections), so it'll work with most services. There is a fancier version that creates systemd service and has a more explicit firewall setup, though its about the same protection: https://github.com/ttasket/Qubes-vpn-support What's more, you don't have to alter any template beyond installing openvpn to get this working. OTOH, if you're looking for a solution for Network Manager, the doc shows you how but its without a firewall. I am looking into a way to make the firewall script work with NM. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5758DB48.1070408%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 13:15, asdfg...@sigaint.org wrote: > Hello I read the guide on whonix site about how setup a VPN in > workstation but it is old and my VPN is a little different, it has > a GUI interface but also a setup for Open VPN (to work i have to > use GUI). Do I setup like a normal VPN in debian (network > connection, import configuration, certificate etc...) and change > firewall? > > Thank you > Take a look at our VPN documentation if you haven't already. It was recently updated: https://www.qubes-os.org/doc/vpn/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWJk8AAoJENtN07w5UDAwOR8P/2/P8q03qeL4xmx3tkN8VOOT jeJJaAKQOkPjNADQ+uFrAsqA/qTpD4KqESAcX8zJmMTAu3TGSA9U57yXggzSQBdG rmOMgs5s7u3LRoMyoYqDYDG/nUn8wFvTyGp/yyunsx5oJ2WQgSaSCuUJRCKputAg UIDMeD0+6Ci+uc0KG6zzMiPa9WfhsnGjcIZ7vEmUeP+xi0IGOOhQkRQgWKL3PAp3 wB63FJHMW9qOBYsjQrqOLh7dupqgekh98nDY+IOs9UclBN3/IQOeuKWe9GFEAzA5 ywhR6BWP1lxmTXRKw6Cm8oFvw9+axxnX2E0Nq2DIpQ2F5GGAQPkgqiN7d++ji1Cu W6TmMeXXM15FZuE8QneZFA+J6eLiJ2GzOE+gam1ZmVU4Hgn56yPIhDto0vTyNvFn Cf5tDllC4jHaus9zx2ombkH3Fd2vWj9Lq5x2uKjc6bRxuvG6GTuqMHJMnEu62D+M jKrwnZMydrsGjHNyeBA8ktac3jtSxYgXMNV/DQBC8xBGdtJ8VsvJ9Jy1su8cIFBS 6jXsd1Kb6mf2w59WD3gGLrsCm/TtfxfzXJbxtSjJ/EsdPhCfEZKBtumTqyx9XMO9 vNTwZK/HKkN9AQvVulnj8yChkxTPXNi5O35msCzWISQqBFn2MYRoN3/HoEoGOrj/ 2iW2tUnlxhbm3Te1AEC+ =B9Ij -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20ec2d6a-60d1-1c3d-9bc8-fce7644bee59%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
