Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

On 07/12/2017 06:46 AM, Connor Page wrote: after testing the 3 existing solutions I think the official command line solution is t he most strict and protected. I just don't get it why "sleep 2" is outside if statement in qubes-user-firewall-script. why block all vpn traffic for 2 seconds every t

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

On Thursday, February 2, 2017, Chris Laprise wrote: > On 02/01/2017 07:36 PM, Connor Page wrote: > >> actually I think that reliance on mangle can be avoided since routing >> table selection can be done by source address rather than firewall marks. >> marks are good to differentiate different typ

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

On 02/01/2017 07:36 PM, Connor Page wrote: actually I think that reliance on mangle can be avoided since routing table selection can be done by source address rather than firewall marks. marks are good to differentiate different types of traffic but in our case all traffic should be trated the

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

actually I think that reliance on mangle can be avoided since routing table selection can be done by source address rather than firewall marks. marks are good to differentiate different types of traffic but in our case all traffic should be trated the same. there is difference in how traffic fro

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

On 02/01/2017 08:06 AM, Connor Page wrote: relying on the main routing table that can be messed up. This point tends to be overstated. I haven't seen an example of the blocking commands in the routing table getting "messed up". The commands get refreshed each and every time qubes-firewall mak

[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

Rudd-O's solution uses a separate routing table thus ensuring that all traffic from VMs go either to VPN or a "blackhole". This is more robust than relying on the main routing table that can be messed up. However, that requires relaxing the reverse path filter and I don't remember any mitigation

[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

Hello fellow Qubes users, I am aware of two ways o achive a "leakproof" VPN-ProxyVM. The sollution by Rudd-O https://github.com/Rudd-O/qubes-vpn and the "more involved" method in the Qubes wiki https://www.qubes-os.org/doc/vpn/ both with anti-leak preventive measures and both based on OpenVPN.