Re: [qubes-users] VPN from a ProxyVM
On Thursday, 15 March 2018 12:33:30 UTC+11, Chris Laprise wrote: > On 03/14/2018 08:47 PM, Drew White wrote: > > On Wednesday, 14 March 2018 23:28:58 UTC+11, Chris Laprise wrote: > >> On 03/13/2018 09:53 PM, Drew White wrote: > >>> On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > On 03/13/2018 08:20 PM, Drew White wrote: > > On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > >> The current VPN doc is here: > >> > >> https://www.qubes-os.org/doc/vpn/ > > > > Thanks for the reply Chris, but that is not what I was looking for as I > > was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > > I think you mean "not an OpenVPN..."? > >>> > >>> I am guessing so, yes, thanks for clarifying. > >>> > FWIW, the resources at those links are meant to be adaptable for > non-OpenVPN setups, and they don't impose any particular type of routing > (other than forbidding access that most call 'leaks'). As for accessing > the LAN directly through a VPN VM, there are simple ways to make an > exception for it. > >>> > >>> That's what I don't get. All I want to do is have the VPN connect, > >>> nothing else. So that my AppVM can talk through it to the external. > >> > >> OK, this sounds like you want to connect to a remote LAN. > > > > I thought that is what VPNs are for? > > They can be. Some configs are for remote LANs, others for connecting to > Internet. It's all remote LAN, just different restrictions on them. > > Well that is their primary intention, to connect from where you are to a > > remote network. > > I should have clarified that in the first place due to many people these > > days connecting to remote networks as a 255.255.255.255 and only doing it > > to connect out to the internet for privacy and security. > > > > I shall endeavor to mention that in the future if it ever arises again. > > > >> > > > > I also want to have one where everything that is going to happen on the > > remote network is pushed through the VPN, and everything else remains > > using the local connection. > > > > So there are 2 ways I'm looking at having it work. > > > > But at first, I just want a standard PPTP connection. > > There are plenty of guides out there. But when searching for examples > keep in mind that a Qubes proxyVM behaves much like a router (not a PC > endpoint) so that may be the best type of guide to use. > >>> > >>> Exactly, and as a router it should connect a VPN. > >>> I used to have it able to do it. So that's why I don't understand why it > >>> isn't working. Since I had it able to do it once before, ages ago, and > >>> nothing has changed since then, and now it isn't working. So it's odd. > >>> Thus I figured maybe something has changed. > >> > >> I want to say "Not much has changed in R3.2 networking", but the Linux > >> distros in the templates have changed somewhat over the years. In any > >> case, you'll need to review your configuration and maybe post setup > >> steps to get specific troubleshooting advice. > > > > I'm still using F23 for it. Perhaps there is something else inside the > > Qubes Networking that has an issue with it after updating for security. > > > > I'll have to just go through settings and try and try and try. Just go from > > one settings to another and trying to connect after altering each setting. > > I suggest moving your settings to F26 (i.e. change the template of your VM). I have F20,21,23,24,26. Normal and Minimal. Typically I have the minimal, then install what I want. But since I can't remove the crap from the template, I have to alter the code in or disable about 60 things before I start, since there are things that are broken that Qubes developers said aren't. > > What else, other than NetworkManager can be used? > > F26 has pptp-setup package. It lets you use shell commands: > http://pptpclient.sourceforge.net/ I have F26 and that did not resolve the issue. At the moment I'm waiting for someone to get pfSense working properly with Qubes, so that I have a decent firewall option as using Fedora or Debian (Debian is better) as a NetVM is just harsh. Due to the fact that it has so much in it that it does't need as a NetVM. Which is why I get the minimal, and then add what I need to create a VM for NetVM/ProxyVM, as we as one for AppVM. Unfortunately, in Qubes you can't remove the standard RPM installed templates. It simply has a hissy fit if you do. But I still manually remove it from the XML as well as delete the files. Means I can't re-install from the RPM though. If you know how to remove it via the RPM method, please let me know. It would be appreciated. > Of course, Qubes proxyVMs have Network Manager disabled by default. There are so many things about the way the systems are going these days that are just wrong it's not funny. They keep thinking
Re: [qubes-users] VPN from a ProxyVM
On 03/14/2018 08:47 PM, Drew White wrote: On Wednesday, 14 March 2018 23:28:58 UTC+11, Chris Laprise wrote: On 03/13/2018 09:53 PM, Drew White wrote: On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: On 03/13/2018 08:20 PM, Drew White wrote: On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. I think you mean "not an OpenVPN..."? I am guessing so, yes, thanks for clarifying. FWIW, the resources at those links are meant to be adaptable for non-OpenVPN setups, and they don't impose any particular type of routing (other than forbidding access that most call 'leaks'). As for accessing the LAN directly through a VPN VM, there are simple ways to make an exception for it. That's what I don't get. All I want to do is have the VPN connect, nothing else. So that my AppVM can talk through it to the external. OK, this sounds like you want to connect to a remote LAN. I thought that is what VPNs are for? They can be. Some configs are for remote LANs, others for connecting to Internet. Well that is their primary intention, to connect from where you are to a remote network. I should have clarified that in the first place due to many people these days connecting to remote networks as a 255.255.255.255 and only doing it to connect out to the internet for privacy and security. I shall endeavor to mention that in the future if it ever arises again. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. There are plenty of guides out there. But when searching for examples keep in mind that a Qubes proxyVM behaves much like a router (not a PC endpoint) so that may be the best type of guide to use. Exactly, and as a router it should connect a VPN. I used to have it able to do it. So that's why I don't understand why it isn't working. Since I had it able to do it once before, ages ago, and nothing has changed since then, and now it isn't working. So it's odd. Thus I figured maybe something has changed. I want to say "Not much has changed in R3.2 networking", but the Linux distros in the templates have changed somewhat over the years. In any case, you'll need to review your configuration and maybe post setup steps to get specific troubleshooting advice. I'm still using F23 for it. Perhaps there is something else inside the Qubes Networking that has an issue with it after updating for security. I'll have to just go through settings and try and try and try. Just go from one settings to another and trying to connect after altering each setting. I suggest moving your settings to F26 (i.e. change the template of your VM). What else, other than NetworkManager can be used? F26 has pptp-setup package. It lets you use shell commands: http://pptpclient.sourceforge.net/ Of course, Qubes proxyVMs have Network Manager disabled by default. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbe49a6b-9c45-15a2-5b8f-0d16cd540bb6%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Thursday, 15 March 2018 01:07:53 UTC+11, Matty South wrote: > On Wednesday, March 14, 2018 at 7:28:58 AM UTC-5, Chris Laprise wrote: > > On 03/13/2018 09:53 PM, Drew White wrote: > > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > > >> On 03/13/2018 08:20 PM, Drew White wrote: > > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > > The current VPN doc is here: > > > > https://www.qubes-os.org/doc/vpn/ > > >>> > > >>> Thanks for the reply Chris, but that is not what I was looking for as I > > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > > >> > > >> I think you mean "not an OpenVPN..."? > > > > > > I am guessing so, yes, thanks for clarifying. > > > > > >> FWIW, the resources at those links are meant to be adaptable for > > >> non-OpenVPN setups, and they don't impose any particular type of routing > > >> (other than forbidding access that most call 'leaks'). As for accessing > > >> the LAN directly through a VPN VM, there are simple ways to make an > > >> exception for it. > > > > > > That's what I don't get. All I want to do is have the VPN connect, > > > nothing else. So that my AppVM can talk through it to the external. > > > > OK, this sounds like you want to connect to a remote LAN. > > > > > > >>> > > >>> I also want to have one where everything that is going to happen on the > > >>> remote network is pushed through the VPN, and everything else remains > > >>> using the local connection. > > >>> > > >>> So there are 2 ways I'm looking at having it work. > > >>> > > >>> But at first, I just want a standard PPTP connection. > > >> > > >> There are plenty of guides out there. But when searching for examples > > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > > >> endpoint) so that may be the best type of guide to use. > > > > > > Exactly, and as a router it should connect a VPN. > > > I used to have it able to do it. So that's why I don't understand why it > > > isn't working. Since I had it able to do it once before, ages ago, and > > > nothing has changed since then, and now it isn't working. So it's odd. > > > Thus I figured maybe something has changed. > > > > I want to say "Not much has changed in R3.2 networking", but the Linux > > distros in the templates have changed somewhat over the years. In any > > case, you'll need to review your configuration and maybe post setup > > steps to get specific troubleshooting advice. > > > > At this point, you could focus on fixing the existing configuration or > > consider a new setup. Unfortunately I haven't noticed other Qubes users > > posting about PPTP and haven't used it myself for a very long time (only > > used it on Windows). That may be because PPTP is considered insecure > > (one reason to switch to OpenVPN or protocol). > > > > > > -- > > > > Chris Laprise, tas...@posteo.net > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > I'll chime in here. You can ignore the firewall scripts and such in that VPN > doc if you don't care about DNS leaking and such (depends of course on your > attack model). For all intensive purposes, connecting to your VPN from a > proxy VM is the same as from an app VM. What do you mean by "DNS leaking"? Well, from a proxy I can connect multiple AppVMs, and the AppVMs connect to Proxy DNS which will be set to the network. That is how I need it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b031598-08ce-4dbe-a32d-6d7a5bcaa2a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, 14 March 2018 23:28:58 UTC+11, Chris Laprise wrote: > On 03/13/2018 09:53 PM, Drew White wrote: > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > >> On 03/13/2018 08:20 PM, Drew White wrote: > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > The current VPN doc is here: > > https://www.qubes-os.org/doc/vpn/ > >>> > >>> Thanks for the reply Chris, but that is not what I was looking for as I > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > >> > >> I think you mean "not an OpenVPN..."? > > > > I am guessing so, yes, thanks for clarifying. > > > >> FWIW, the resources at those links are meant to be adaptable for > >> non-OpenVPN setups, and they don't impose any particular type of routing > >> (other than forbidding access that most call 'leaks'). As for accessing > >> the LAN directly through a VPN VM, there are simple ways to make an > >> exception for it. > > > > That's what I don't get. All I want to do is have the VPN connect, nothing > > else. So that my AppVM can talk through it to the external. > > OK, this sounds like you want to connect to a remote LAN. I thought that is what VPNs are for? Well that is their primary intention, to connect from where you are to a remote network. I should have clarified that in the first place due to many people these days connecting to remote networks as a 255.255.255.255 and only doing it to connect out to the internet for privacy and security. I shall endeavor to mention that in the future if it ever arises again. > > >>> > >>> I also want to have one where everything that is going to happen on the > >>> remote network is pushed through the VPN, and everything else remains > >>> using the local connection. > >>> > >>> So there are 2 ways I'm looking at having it work. > >>> > >>> But at first, I just want a standard PPTP connection. > >> > >> There are plenty of guides out there. But when searching for examples > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > >> endpoint) so that may be the best type of guide to use. > > > > Exactly, and as a router it should connect a VPN. > > I used to have it able to do it. So that's why I don't understand why it > > isn't working. Since I had it able to do it once before, ages ago, and > > nothing has changed since then, and now it isn't working. So it's odd. Thus > > I figured maybe something has changed. > > I want to say "Not much has changed in R3.2 networking", but the Linux > distros in the templates have changed somewhat over the years. In any > case, you'll need to review your configuration and maybe post setup > steps to get specific troubleshooting advice. I'm still using F23 for it. Perhaps there is something else inside the Qubes Networking that has an issue with it after updating for security. I'll have to just go through settings and try and try and try. Just go from one settings to another and trying to connect after altering each setting. > At this point, you could focus on fixing the existing configuration or > consider a new setup. Unfortunately I haven't noticed other Qubes users > posting about PPTP and haven't used it myself for a very long time (only > used it on Windows). That may be because PPTP is considered insecure > (one reason to switch to OpenVPN or protocol). Well not many people use PPTP anymore, as it has some inherent insecurities in it. Unfortunately some of the older hardware only has PPTP built into it. (personal opinion below) There is no good Qubes Template out there yet. They all use NetworkManager and SystemD, and that's just shit. If they had a template that had no SystemD then things would work so much better and faster. What else, other than NetworkManager can be used? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46ebf574-1bd2-4e3f-b615-acc004eb23e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, March 14, 2018 at 7:28:58 AM UTC-5, Chris Laprise wrote: > On 03/13/2018 09:53 PM, Drew White wrote: > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > >> On 03/13/2018 08:20 PM, Drew White wrote: > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > The current VPN doc is here: > > https://www.qubes-os.org/doc/vpn/ > >>> > >>> Thanks for the reply Chris, but that is not what I was looking for as I > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > >> > >> I think you mean "not an OpenVPN..."? > > > > I am guessing so, yes, thanks for clarifying. > > > >> FWIW, the resources at those links are meant to be adaptable for > >> non-OpenVPN setups, and they don't impose any particular type of routing > >> (other than forbidding access that most call 'leaks'). As for accessing > >> the LAN directly through a VPN VM, there are simple ways to make an > >> exception for it. > > > > That's what I don't get. All I want to do is have the VPN connect, nothing > > else. So that my AppVM can talk through it to the external. > > OK, this sounds like you want to connect to a remote LAN. > > > >>> > >>> I also want to have one where everything that is going to happen on the > >>> remote network is pushed through the VPN, and everything else remains > >>> using the local connection. > >>> > >>> So there are 2 ways I'm looking at having it work. > >>> > >>> But at first, I just want a standard PPTP connection. > >> > >> There are plenty of guides out there. But when searching for examples > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > >> endpoint) so that may be the best type of guide to use. > > > > Exactly, and as a router it should connect a VPN. > > I used to have it able to do it. So that's why I don't understand why it > > isn't working. Since I had it able to do it once before, ages ago, and > > nothing has changed since then, and now it isn't working. So it's odd. Thus > > I figured maybe something has changed. > > I want to say "Not much has changed in R3.2 networking", but the Linux > distros in the templates have changed somewhat over the years. In any > case, you'll need to review your configuration and maybe post setup > steps to get specific troubleshooting advice. > > At this point, you could focus on fixing the existing configuration or > consider a new setup. Unfortunately I haven't noticed other Qubes users > posting about PPTP and haven't used it myself for a very long time (only > used it on Windows). That may be because PPTP is considered insecure > (one reason to switch to OpenVPN or protocol). > > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 I'll chime in here. You can ignore the firewall scripts and such in that VPN doc if you don't care about DNS leaking and such (depends of course on your attack model). For all intensive purposes, connecting to your VPN from a proxy VM is the same as from an app VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/290c5244-2b3b-4b23-a0b5-65220f8f5528%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On 03/13/2018 09:53 PM, Drew White wrote: On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: On 03/13/2018 08:20 PM, Drew White wrote: On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. I think you mean "not an OpenVPN..."? I am guessing so, yes, thanks for clarifying. FWIW, the resources at those links are meant to be adaptable for non-OpenVPN setups, and they don't impose any particular type of routing (other than forbidding access that most call 'leaks'). As for accessing the LAN directly through a VPN VM, there are simple ways to make an exception for it. That's what I don't get. All I want to do is have the VPN connect, nothing else. So that my AppVM can talk through it to the external. OK, this sounds like you want to connect to a remote LAN. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. There are plenty of guides out there. But when searching for examples keep in mind that a Qubes proxyVM behaves much like a router (not a PC endpoint) so that may be the best type of guide to use. Exactly, and as a router it should connect a VPN. I used to have it able to do it. So that's why I don't understand why it isn't working. Since I had it able to do it once before, ages ago, and nothing has changed since then, and now it isn't working. So it's odd. Thus I figured maybe something has changed. I want to say "Not much has changed in R3.2 networking", but the Linux distros in the templates have changed somewhat over the years. In any case, you'll need to review your configuration and maybe post setup steps to get specific troubleshooting advice. At this point, you could focus on fixing the existing configuration or consider a new setup. Unfortunately I haven't noticed other Qubes users posting about PPTP and haven't used it myself for a very long time (only used it on Windows). That may be because PPTP is considered insecure (one reason to switch to OpenVPN or protocol). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e4112e7-d663-b292-9f49-4ed3ec282c54%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > On 03/13/2018 08:20 PM, Drew White wrote: > > On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > >> The current VPN doc is here: > >> > >> https://www.qubes-os.org/doc/vpn/ > > > > Thanks for the reply Chris, but that is not what I was looking for as I was > > wanting to use pptp VPN connections (and similar), not a Qubes VPN. > > I think you mean "not an OpenVPN..."? I am guessing so, yes, thanks for clarifying. > FWIW, the resources at those links are meant to be adaptable for > non-OpenVPN setups, and they don't impose any particular type of routing > (other than forbidding access that most call 'leaks'). As for accessing > the LAN directly through a VPN VM, there are simple ways to make an > exception for it. That's what I don't get. All I want to do is have the VPN connect, nothing else. So that my AppVM can talk through it to the external. > > > >> It is in need of an update (Qubes 4.0 and ease of use) and we're waiting > >> for review and approval of new scripts and documentation. > > > > I'm using Qubes 3.2, because that's the most recent version that is > > runnable. > > > > The thing is, a VPN is created from inside the Guest to call outside, so > > there should be nothing needed to be altered other than allowing the proxy > > to have access to the outside world. > > > > Once the VPN is created, that connection is used for everything that is not > > on the internal network. > > It depends on the routes setup for the VPN, and this goes for PPTP, > OpenVPN, whatever. The default routing that for-pay VPN providers use is > "route everything upstream" but user has some control. If you > run/control the remote end also, then it all depends on what you want. That is true, and that is something I can do. I have done many many things with the VMs before anyone even thought about doing it, because I used Qubes for Development purposes. So routing isn't too hard for it. If I have any isues with the Routing sides of it I'll be sure to ask. > > > > I also want to have one where everything that is going to happen on the > > remote network is pushed through the VPN, and everything else remains using > > the local connection. > > > > So there are 2 ways I'm looking at having it work. > > > > But at first, I just want a standard PPTP connection. > > There are plenty of guides out there. But when searching for examples > keep in mind that a Qubes proxyVM behaves much like a router (not a PC > endpoint) so that may be the best type of guide to use. Exactly, and as a router it should connect a VPN. I used to have it able to do it. So that's why I don't understand why it isn't working. Since I had it able to do it once before, ages ago, and nothing has changed since then, and now it isn't working. So it's odd. Thus I figured maybe something has changed. Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19a05075-3ff8-4c51-a726-7871d34d2887%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On 03/13/2018 08:20 PM, Drew White wrote: On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. I think you mean "not an OpenVPN..."? FWIW, the resources at those links are meant to be adaptable for non-OpenVPN setups, and they don't impose any particular type of routing (other than forbidding access that most call 'leaks'). As for accessing the LAN directly through a VPN VM, there are simple ways to make an exception for it. It is in need of an update (Qubes 4.0 and ease of use) and we're waiting for review and approval of new scripts and documentation. I'm using Qubes 3.2, because that's the most recent version that is runnable. The thing is, a VPN is created from inside the Guest to call outside, so there should be nothing needed to be altered other than allowing the proxy to have access to the outside world. Once the VPN is created, that connection is used for everything that is not on the internal network. It depends on the routes setup for the VPN, and this goes for PPTP, OpenVPN, whatever. The default routing that for-pay VPN providers use is "route everything upstream" but user has some control. If you run/control the remote end also, then it all depends on what you want. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. There are plenty of guides out there. But when searching for examples keep in mind that a Qubes proxyVM behaves much like a router (not a PC endpoint) so that may be the best type of guide to use. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18c93786-c2fe-44b0-c43b-5e217c044367%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > The current VPN doc is here: > > https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > It is in need of an update (Qubes 4.0 and ease of use) and we're waiting > for review and approval of new scripts and documentation. I'm using Qubes 3.2, because that's the most recent version that is runnable. The thing is, a VPN is created from inside the Guest to call outside, so there should be nothing needed to be altered other than allowing the proxy to have access to the outside world. Once the VPN is created, that connection is used for everything that is not on the internal network. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. Sicnerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcb704b6-6342-4ee5-94ff-0b5adb115a2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On 03/13/2018 07:24 PM, Drew White wrote: Hi folks, I've searched and searched and I am unable to locate the information I require. I'm trying to get a VPN to work from a ProxyVM. It is failing with no reason why. From the NetVM I am able to connect the VPN. What is it that I am doing wrong please? There has to be something? Doesn't matter if I use Debian or Fedora as the ProxyVM. Thanks in advance. Sincerely, Drew. The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ It is in need of an update (Qubes 4.0 and ease of use) and we're waiting for review and approval of new scripts and documentation. You can get something very close to the proposed update by using Qubes-vpn-support instead: https://github.com/tasket/Qubes-vpn-support This one is much easier to setup, reconnects more reliably and now supports Qubes 4.0. BTW If for some reason you prefer to use Network Manager in a proxyVM instead of the scripts, the anti-leak firewall script (proxy-firewall-restrict) will still work. All you have to do (insteal of running "install") is replace qubes-firewall-user-script, for example: ln -s -f /rw/config/proxy-firewall-restrict /rw/config/qubes-firewall-user-script -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/155a6313-8372-a9ec-9b44-02bc79d47153%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN from a ProxyVM
Hi folks, I've searched and searched and I am unable to locate the information I require. I'm trying to get a VPN to work from a ProxyVM. It is failing with no reason why. >From the NetVM I am able to connect the VPN. What is it that I am doing wrong please? There has to be something? Doesn't matter if I use Debian or Fedora as the ProxyVM. Thanks in advance. Sincerely, Drew. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ed936ad-69ee-475c-8b36-547e841a416f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
