mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-24 06:59:26 -05:00
f9ead06408
Updates happens multiple times, normally 2 to 3, even if we consider a state without includes. On states with multiple includes, it could easily get approximately 10 updates being ran. This behavior leads to unnecessary network bandwidth being spent and more time to run the installation state. When the connection is slow and not using the cacher, such as torified connections on Whonix, the installation can occurs much faster. Adding external repositories has to be done prior to update to ensure it is also fetched. Fixes: https://github.com/ben-grande/qusal/issues/29 |
||
---|---|---|
.. | ||
files | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
init.top | ||
install.sls | ||
install.top | ||
README.md |
sys-wireguard
Wireguard VPN in Qubes OS.
Table of Contents
Description
Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to other qubes through the VPN with fail closed mechanism.
Installation
- Top:
sudo qubesctl top.enable sys-wireguard
sudo qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply
sudo qubesctl top.disable sys-wireguard
- State:
sudo qubesctl state.apply sys-wireguard.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
sudo qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure
Usage
Use the VPN qube sys-wireguard
to enforce incoming and outgoing connections
from clients connected to the VPN with a fail safe mechanism.
To start using the VPN:
- Copy the Wireguard configuration you downloaded to
sys-wireguard
and place it in/home/user/wireguard.conf
. - Run from Dom0 to apply Qubes Firewall rules:
qvm-wireguard