From e1ab1479f0b542b1d6fc44bf228f4d16e3e8b7ad Mon Sep 17 00:00:00 2001 From: unman Date: Tue, 6 Feb 2024 00:53:12 +0000 Subject: [PATCH] openvpn sys-vpn updated for nftables - Qubes 4.2 --- openvpn | 2 +- openvpn.spec | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/openvpn b/openvpn index 655843c..476413d 160000 --- a/openvpn +++ b/openvpn @@ -1 +1 @@ -Subproject commit 655843cd414ce4632d23e7dbd71a8edd84cd0487 +Subproject commit 476413dcd318ac1739f88eca40618c371da245f8 diff --git a/openvpn.spec b/openvpn.spec index a804a10..aeb045a 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,5 +1,5 @@ Name: 3isec-qubes-sys-vpn -Version: 1.4 +Version: 2.0 Release: 1%{?dist} Summary: Create an openvpn proxy in Qubes @@ -10,15 +10,20 @@ SOURCE0: openvpn This package sets up a VPN gateway, named sys-vpn, using openvpn. It follows the method detailed in the Qubes docs, https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md -using iptables and CLI scripts. +using nftables and CLI scripts. -The package creates a qube called sys-vpn based on the debian-11-minimal -template. If the debian-11-minimal template is not present, it will +The package creates a qube called sys-vpn based on the debian-12-minimal +template. If the debian-12-minimal template is not present, it will be downloaded and installed - this may take some time depending on your net connection. There are minor changes to the firewall rules on sys-vpn to ensure -blocking of outbound connections. +blocking of outbound connections via eth0. +When the VPN is inactive only DNS traffic is allowed from sys-vpn. +When the VPN is active, no traffic is allowed except through the VPN +tunnel. +If the VPN uses Google's 8.8.8.8 server for DNS, this will be changed +to use Quad-9 servers. After installing, copy your openvpn configuration file or zip file to sys-vpn. @@ -65,6 +70,8 @@ if [ $1 -eq 0 ]; then fi %changelog +* Mon Fri 05 2024 unman - 2.0 +- Change to nftables implementation * Mon Jun 12 2023 unman - 1.4 - Fix typo * Mon Feb 20 2023 unman - 1.3