Commit Graph

15 Commits

Author SHA1 Message Date
Andrew David Wong
f32bf85689
Fix table of contents (QubesOS/qubes-issues#1941) 2016-09-24 13:12:37 -07:00
Andrew David Wong
fbbe139432
Fix code block and image
QubesOS/qubes-issues#2317
2016-09-17 02:49:39 -07:00
ttasket
abfdb29393 Update vpn.md
Elaborate note about NM, and fix paths in step 3.
2016-09-16 07:30:30 -04:00
ttasket
93f0211f61 Update vpn.md
* Scripts and text mention openvpn only in the context of examples.
* Firewall commands slightly tweaked: Important blocking rules move to top. Removed superfluous check for qvpn OUTPUT rule.
* Clarifications, especially mentioning that NM shouldn't be enabled for iptables/scripts option (this was causing DNS to fail for people who tried both NM and scripts).
* Tells the user when and what they should test (iptables/scripts).
* Change script order to enable testing flow.
* Added Usage and Troubleshooting sections.

https://github.com/QubesOS/qubes-issues/issues/2317
2016-09-15 08:14:54 -04:00
Andrew David Wong
a0bee729e1
Clean up text and fix formatting (closes #162) 2016-06-06 02:39:39 -07:00
Andrew David Wong
9b2ce97fe8
Fix code block formatting (closes #161) 2016-06-06 02:31:37 -07:00
ttasket
fab1c3043c quotes 2016-06-05 02:57:51 -04:00
ttasket
9f512be79f fedora needs PATH assignment 2016-06-05 02:50:54 -04:00
ttasket
88b4097c23 Switch to 'su -' envs, quote vars, rm --dport 53
Thanks Marek!
2016-06-04 22:46:18 -04:00
ttasket
a09ec964ad Automatic; No manual coding of IP addresses.
This requires the user only to add a few lines to their ovpn config file, and copy a few scripts (verbatim). They do not have to figure out which IP addresses are appropriate and hard-code them--unless their VPN service is bereft of domain names. Even in that case, they can do it easily within the ovpn config file. This is much less error-prone and should work with a greater variety of services (large commercial services tend to change their IPs so using domain names and DHCP is preferable in that case).

Also converted firewall section (3) to one code block for much less cutting/pasting. Comments are still there as shell comments.

The only required template changes are adding openvpn itself and possibly disabling the default systemd service for it. Everything else should be there in /rw/config.

This doesn't include extra firewall protections against inadvertent net access from within the VPN VM. I'm thinking of proposing those additions in a separate edit.
2016-06-04 20:01:58 -04:00
john-david-r-smith
c6da0b0664 now using systemd to start openvpn 2016-05-26 09:02:52 +02:00
john-david-r-smith
a9ae590f6f removed unnecessary + dangerous iptables rule 2016-05-26 08:42:25 +02:00
john-david-r-smith
bed89b7eab fixed typo 2016-05-25 23:26:55 +02:00
john-david-r-smith
bccd9558b3 how to setup an openvpn connection using iptables 2016-05-25 22:55:27 +02:00
Axon
73a546854a
Clean up and organize privacy pages
* Logically organize the Whonix-related pages
* Move the VPN page to /configuration/
  * VPNs are used for more than just privacy, and many VPN setups and
    services either can't or don't claim to provide privacy.
* Remove `/privacy/` from URLs
  * These directory names are just for organizing the source pages,
    *unless* an actual page resides there. Since there is no
    /doc/privacy/ page, it's unnecessary and misleading to have this in
    the URLs. It also breaks uniformity, since none of the other pages
    have their informal group name in their URL (again, unless there's
    a page with that name).
2016-02-20 21:15:30 +00:00