/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test and document VPN ProxyVM between anon-whonix and sys-whonix #2060

Closed
andrewdavidwong opened this Issue Jun 11, 2016 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
2 participants
@andrewdavidwong @adrelanos
@andrewdavidwong
Member

andrewdavidwong commented Jun 11, 2016

Patrick Schleizer wrote:

Andrew David Wong:

On 2016-06-08 13:15, a...r@s...t.org wrote:

Hello I read the guide on whonix site about how setup a VPN in
workstation but it is old and my VPN is a little different, it has
a GUI interface but also a setup for Open VPN (to work i have to
use GUI). Do I setup like a normal VPN in debian (network
connection, import configuration, certificate etc...) and change
firewall?

Thank you

Take a look at our VPN documentation if you haven't already. It was
recently updated:

https://www.qubes-os.org/doc/vpn/

VPN in Whonix-Gateway results in:

  • a) Connecting to a VPN before Tor
  • a) User -> proxy/VPN/SSH -> Tor -> Internet

VPN in Whonix-Workstation results in:

  • b) Connecting to Tor before a VPN
  • b) User -> Tor -> proxy/VPN/SSH -> Internet

These use cases are very different.

See also:
https://www.whonix.org/wiki/Tunnels/Introduction

https://www.qubes-os.org/doc/vpn/ is closer to:

  • a) Connecting to a VPN before Tor
  • a) User -> proxy/VPN/SSH -> Tor -> Internet

It would be interesting to wretch a Qubes VPN ProxyVM between
Whonix-Workstation and Whonix-Gateway. I.e. anon-whonix -> sys-vpn ->
sys-whonix. Which would then result in b).

You might still need bits from chapter "Prevent Bypassing the Tunnel-Link"

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Prevent_Bypassing_the_Tunnel-Link

Although it would not be for purposes of "Prevent Bypassing the
Tunnel-Link", but for connectivity. The following from that chapter
would still be required:

  • deactivate uwt wrappers
  • Tor Browser Remove Proxy Settings
  • Deactivate Misc Proxy Settings

So new documentation would be required for this. A lot stuff could be
re-used since all of the three above are wiki templates.

Anyone interested in this? Up to try this, document this, etc.?

Cheers,
Patrick

@andrewdavidwong andrewdavidwong added enhancement help wanted C: doc P: minor privacy C: Whonix labels Jun 11, 2016

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Jun 11, 2016

@adrelanos
@adrelanos
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jun 16, 2016

Member

@adrelanos: So, what (if anything) still needs to be done for this issue?
Member

andrewdavidwong commented Jun 16, 2016

@adrelanos: So, what (if anything) still needs to be done for this issue?
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Jun 20, 2016

Member
Member

adrelanos commented Jun 20, 2016

@andrewdavidwong andrewdavidwong closed this Jun 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment