Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-09-20 16:16:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
76ce8b5428
qubes-doc/VPN.md
Zrubecz Laszlo 76ce8b5428 VPN changed
2014-05-23 12:18:21 +00:00

51 lines
2.6 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: wiki
title: VPN
permalink: /wiki/VPN/
---
VPN connections in Qubes
------------------------
The simplest case if you set up a VPN connection using the Network Manager inside one of your VMs. Setting up such a connection is really not Qubes specific and it is documented in Your Operating system documentation.
If you using the Qubes default OS (Fedora): [Establishing a VPN Connection](http://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators_Guide/sec-Establishing_a_VPN_Connection.html)
The Qubes specific part is choose the right VM for the VPN client:
### NetVM
The simplest case if you set up a VPN connection using the Network Manager inside your NetVM. Because the [NetworkManager?](/wiki/NetworkManager) already started you are ready to set up your VPN connection. However this has some disadvantages:
- You have to place (and probably save) Your VPN credentials inside the NetVM wich is directly connected to the outside world
- All your AppVMs wich are connected to the NetVM will be connected to the VPN (by default)
### ProxyVM
One of the best thing in Qubes that you can use a specian type of VMs called ProxyVM (or FirewallVM). The special thing is that your AppVMs see this as a NetVM, and the NetVMs see it as an AppVM. Because of that You can place a ProxyVM between your AppVMs and Your NetVM. This is how the default firewall VM is working.
Using a ProxyVM to set up a VPN clinet will gives you the ability to:
- Separate your VPN credentials from Your AppVM data.
- You can easily controll wich of your AppVMs are connected to your VPN by simply set it as a NetVM of the desired AppVM.
**To setup a ProxyVM as a VPN gateway you should:**
1. create a new VM and check the ProxyVM radiobutton
[![No image "Settings-NetVM.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-NetVM.png" attached to VPN")](/attachment/wiki/VPN/Settings-NetVM.png)
1. add the network-manager service to this new VM
[![No image "Settings-services.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-services.png" attached to VPN")](/attachment/wiki/VPN/Settings-services.png)
1. set up Your VPN as described in the Network Manager documentation linked above.
1. connect your AppVMs to use the new VM as a NetVM.
[![No image "Settings-NetVM.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-NetVM.png" attached to VPN")](/attachment/wiki/VPN/Settings-NetVM.png)
### AppVM
While the Network Manager is not started here (for a good reason) You can configure any kind of VPN client in your AppVM as well, however it is only suggested if you have to use a special VPN clinet.
Reference in New Issue View Git Blame Copy Permalink