qubes-ssh - improved decsription in spec

2025-01-26 06:25:54 -05:00 · 2022-07-31 16:01:28 +00:00 · 2022-07-31 16:01:28 +00:00 · d003c9b6a5
commit d003c9b6a5
parent 82e3036a41
1 changed files with 27 additions and 1 deletions
--- a/openvpn.spec
+++ b/openvpn.spec
@ -7,7 +7,33 @@ License:        GPLv3+
 SOURCE0:	openvpn

 %description
-Salt state to implement a VPN proxy in Qubes
+This package sets up VPN gateway.
+It follows the method detailed in the Qubes docs,
+https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md
+using iptables and CLI scripts.
+The package creates a qube called sys-vpn based on the debian-11-minimal
+template.  If the debian-11-minimal template is not present, it will
+be downloaded and installed - this may take some time depending on your
+net connection.
+
+There are minor changes to the firewall rules on sys-vpn to ensure
+blocking of outbound connections.
+
+After installing, copy your openvpn configuration file to /rw/config/vpn
+in sys-vpn
+Run the install.sh script provided to set up the VPN.
+Restart sys-vpn.
+
+To use the VPN, set sys-vpn as the netvm for your qubes(s).
+All traffic will go through the VPN.
+The VPN will fail closed if the connection drops.
+No traffic will go through clear.
+
+If you remove the package, the salt files will be removed.
+**The sys-vpn gateway will also be removed.**
+To do this ALL qubes will be checked to see if they use sys-vpn.
+If they do, their netvm will be set to `none`.
+

 %install
 rm -rf %{buildroot}