On 07/12/2017 06:46 AM, Connor Page wrote:
after testing the 3 existing solutions I think the official command line
solution is t he most strict and protected.
I just don't get it why "sleep 2" is outside if statement in
qubes-user-firewall-script. why block all vpn traffic for 2 seconds
every t
On Thursday, February 2, 2017, Chris Laprise wrote:
> On 02/01/2017 07:36 PM, Connor Page wrote:
>
>> actually I think that reliance on mangle can be avoided since routing
>> table selection can be done by source address rather than firewall marks.
>> marks are good to differentiate different typ
On 02/01/2017 07:36 PM, Connor Page wrote:
actually I think that reliance on mangle can be avoided since routing table
selection can be done by source address rather than firewall marks. marks are
good to differentiate different types of traffic but in our case all traffic
should be trated the
actually I think that reliance on mangle can be avoided since routing table
selection can be done by source address rather than firewall marks. marks are
good to differentiate different types of traffic but in our case all traffic
should be trated the same.
there is difference in how traffic fro
On 02/01/2017 08:06 AM, Connor Page wrote:
relying on the main routing table that can be messed up.
This point tends to be overstated. I haven't seen an example of the
blocking commands in the routing table getting "messed up". The commands
get refreshed each and every time qubes-firewall mak
Rudd-O's solution uses a separate routing table thus ensuring that all traffic
from VMs go either to VPN or a "blackhole". This is more robust than relying on
the main routing table that can be messed up. However, that requires relaxing
the reverse path filter and I don't remember any mitigation
Hello fellow Qubes users,
I am aware of two ways o achive a "leakproof" VPN-ProxyVM.
The sollution by Rudd-O
https://github.com/Rudd-O/qubes-vpn
and the "more involved" method in the Qubes wiki
https://www.qubes-os.org/doc/vpn/
both with anti-leak preventive measures and both based on OpenVPN.