mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
a564b3a703
Ideally, it would be a Qrexec socket service, but it doesn't handle DNS, only accepting IPs. The dev qube is now non-networked and network, especially to remote git repositories can be acquired via the proxy that is going to be installed in every netvm. |
||
---|---|---|
.. | ||
files | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
init.top | ||
install.sls | ||
install.top | ||
README.md |
sys-wireguard
Wireguard VPN in Qubes OS.
Table of Contents
Description
Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to other qubes through the VPN with fail closed mechanism.
Installation
- Top:
sudo qubesctl top.enable sys-wireguard
sudo qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply
sudo qubesctl top.disable sys-wireguard
- State:
sudo qubesctl state.apply sys-wireguard.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
sudo qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure
Usage
Use the VPN qube sys-wireguard
to enforce incoming and outgoing connections
from clients connected to the VPN with a fail safe mechanism.
To start using the VPN:
- Copy the Wireguard configuration you downloaded to
sys-wireguard
and place it in/home/user/wireguard.conf
. - Run from Dom0 to apply Qubes Firewall rules:
qvm-wireguard