Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-12-10 05:30:36 -05:00
Code Issues Projects Releases Packages Wiki Activity

Clean up and organize privacy pages

Browse source 
* Logically organize the Whonix-related pages
* Move the VPN page to /configuration/
  * VPNs are used for more than just privacy, and many VPN setups and
    services either can't or don't claim to provide privacy.
* Remove `/privacy/` from URLs
  * These directory names are just for organizing the source pages,
    *unless* an actual page resides there. Since there is no
    /doc/privacy/ page, it's unnecessary and misleading to have this in
    the URLs. It also breaks uniformity, since none of the other pages
    have their informal group name in their URL (again, unless there's
    a page with that name).
This commit is contained in:
Axon 2016-02-20 21:15:30 +00:00
parent d27949b5b4
commit 73a546854a
No known key found for this signature in database
GPG key ID: 8CE137352A019A17
8 changed files with 24 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

58
configuration/vpn.md Normal file
View file

@ -0,0 +1,58 @@
---
layout: doc
title: VPN
permalink: /doc/vpn/
redirect_from:
- /doc/privacy/vpn/
- /en/doc/vpn/
- /doc/VPN/
- /wiki/VPN/
---
How To make a VPN Gateway in Qubes
----------------------------------
Setting up a VPN connection is really not Qubes specific and is documented in your operating system documentation. The relevant documentation for the Qubes default Guest OS (Fedora) is [Establishing a VPN Connection](https://docs.fedoraproject.org/en-US/Fedora/23/html/Networking_Guide/sec-Establishing_a_VPN_Connection.html)
The Qubes specific part is to choose the right VM for the VPN client:
### NetVM
The simplest case is to set up a VPN connection using the NetworkManager service inside your NetVM. Because the NetworkManager service is already started, you are ready to set up your VPN connection. However this has some disadvantages:
- You have to place (and probably save) your VPN credentials inside the NetVM, which is directly connected to the outside world
- All your AppVMs which are connected to the NetVM will be connected to the VPN (by default)
### AppVM
While the NetworkManager service is not started here (for a good reason), you can configure any kind of VPN client in your AppVM as well. However this is only suggested if your VPN client has special requirements.
### ProxyVM
**WARNING:** *You need to use Qubes 3.1-rc2 (or later)! In the previous releases the NetworkManager service was not working in ProxyVMs as expected.* ([#1052](https://github.com/QubesOS/qubes-issues/issues/1052))
One of the best thing in Qubes is that you can use a special type of VM called a ProxyVM (or FirewallVM). The special thing is that your AppVMs see this as a NetVM, and your NetVMs see it as an AppVM. Because of this, you can place a ProxyVM between your AppVMs and your NetVM. This is how the default FirewallVM functions.
Using a ProxyVM to set up a VPN client gives you the ability to:
- Separate your VPN credentials from Your NetVM
- Separate your VPN credentials from Your AppVM data.
- Easily control which of your AppVMs are connected to your VPN by simply setting it as a NetVM of the desired AppVM.
**To setup a ProxyVM as a VPN gateway you should:**
1. Create a new VM and check the ProxyVM radio button.
![Create\_New\_VM.png](/attachment/wiki/VPN/Create_New_VM.png)
2. Add the `network-manager` service to this new VM.
![Settings-services.png](/attachment/wiki/VPN/Settings-services.png)
3. Set up your VPN as described in the NetworkManager documentation linked above.
4. Configure your AppVMs to use the new VM as a NetVM.
![Settings-NetVM.png](/attachment/wiki/VPN/Settings-NetVM.png)
5. Optionally, you can install some [custom icons](https://github.com/Zrubi/qubes-artwork-proxy-vpn) for your VPN