Re: Best practice for managing default routes over only VPN connections?

From: "Stuart D. Gathman" <stuart gathman org>
To: Chris Laprise <tasket openmailbox org>
Cc: "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Best practice for managing default routes over only VPN connections?
Date: Mon, 7 Nov 2016 13:49:47 -0500 (EST)

Cool!  I had not had time to find out exactly what qubes did, but you
explained it very well.  I suspect that's not *all* qubes does, but
I'll be installing a prepackaged VM router (or hacking my own).  What a great
concept.

On Mon, 7 Nov 2016, Chris Laprise wrote:

FWIW... If the OP is inquiring about a 'fail closed' configuration that canprevent any traffic leaking from the tunnel, then he may want to look atQubes OS where users can define a 'Proxy VM' to control all traffic in thisway. This means the VPN is running inside a forwarding *router* andpreventing leaks becomes a much simpler matter of stopping any forwarding toclearnet NICs.
https://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html

https://www.qubes-os.org/doc/vpn/
You can get the same effect with a dedicated physical router, but then you'dhave to carry that around (and router devices get exploited a lot thesedays).


--
              Stuart D. Gathman <stuart gathman org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

Follow-Ups:
- Re: Best practice for managing default routes over only VPN connections?
  - From: Chris Laprise

References:
- Best practice for managing default routes over only VPN connections?
  - From: Paul Swanson
- Re: Best practice for managing default routes over only VPN connections?
  - From: Thomas Haller
- Re: Best practice for managing default routes over only VPN connections?
  - From: Chris Laprise

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]