Re: Best practice for managing default routes over only VPN connections?

Cool!  I had not had time to find out exactly what qubes did, but you
explained it very well.  I suspect that's not *all* qubes does, but
I'll be installing a prepackaged VM router (or hacking my own).  What a great

On Mon, 7 Nov 2016, Chris Laprise wrote:

FWIW... If the OP is inquiring about a 'fail closed' configuration that can prevent any traffic leaking from the tunnel, then he may want to look at Qubes OS where users can define a 'Proxy VM' to control all traffic in this way. This means the VPN is running inside a forwarding *router* and preventing leaks becomes a much simpler matter of stopping any forwarding to clearnet NICs.

You can get the same effect with a dedicated physical router, but then you'd have to carry that around (and router devices get exploited a lot these days).

              Stuart D. Gathman <stuart gathman org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]