qubes-doc/VPN.md
Zrubecz Laszlo 69987eb018 VPN changed
2014-09-22 07:50:21 +00:00

3.0 KiB
Raw Blame History

layout title permalink
wiki VPN /wiki/VPN/

How To make a VPN Gateway in Qubes

The simplest case if you set up a VPN connection using the Network Manager inside one of your VMs. Setting up such a connection is really not Qubes specific and it is documented in Your Operating system documentation. If you using the Qubes default Guest OS (Fedora): Establishing a VPN Connection

The Qubes specific part is choose the right VM for the VPN client:

NetVM

The simplest case if you set up a VPN connection using the Network Manager inside your NetVM. Because the NetworkManager? already started you are ready to set up your VPN connection. However this has some disadvantages:

  • You have to place (and probably save) Your VPN credentials inside the NetVM wich is directly connected to the outside world
  • All your AppVMs wich are connected to the NetVM will be connected to the VPN (by default)

AppVM

While the Network Manager is not started here (for a good reason) You can configure any kind of VPN client in your AppVM as well, however it is only suggested if you have to use a special VPN client.

ProxyVM

WARNING: Currently the NetworkManager? not working in a ProxyVM as expected. Actually it will mess up the routing table and because of that your packets may not be routed to the VPN tunnel. - This surely occures if your VPN wanna to be the default gateway.

One of the best thing in Qubes that you can use a special type of VMs called ProxyVM (or FirewallVM). The special thing is that your AppVMs see this as a NetVM, and the NetVMs see it as an AppVM. Because of that You can place a ProxyVM between your AppVMs and Your NetVM. This is how the default firewall VM is working.

Using a ProxyVM to set up a VPN client will gives you the ability to:

  • Separate your VPN credentials from Your AppVM data.
  • You can easily control which of your AppVMs are connected to your VPN by simply set it as a NetVM of the desired AppVM.

To setup a ProxyVM as a VPN gateway you should:

  1. check (rpm -q qubes-core-vm) if you have the package qubes-core-vm version 2.1.36 (or later)
  2. create a new VM and check the ProxyVM radio button

![No image "Create_New_VM.png" attached to VPN](/chrome/common/attachment.png "No image "Create_New_VM.png" attached to VPN")

  1. add the network-manager service to this new VM

![No image "Settings-services.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-services.png" attached to VPN")

  1. set up Your VPN as described in the Network Manager documentation linked above.

  2. connect your AppVMs to use the new VM as a NetVM.

![No image "Settings-NetVM.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-NetVM.png" attached to VPN")