'Re: [qubes-devel] How to use VPN for encrypt traffic from Tor exit node of Whonix?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] How to use VPN for encrypt traffic from Tor exit node of Whonix?
From:       Chris Laprise <tasket () posteo ! net>
Date:       2018-05-02 23:49:27
Message-ID: 04094a93-5ede-9f4c-3f72-e515d6182ee9 () posteo ! net
[Download RAW message or body]

On 05/02/2018 03:32 PM, Daniil .Travnikov wrote:
> I want to encrypt with VPN my traffic from third onion (exit nodes) in Tor \
> connection. 
> So the main question is how to setup configuration in Qubes OS?
> 
> 
> 1. I must install VPN config in Whonix-gw template or in sys-whonix (proxyvm). It \
> means vpn inside whonix. 
> 2. I must install second ProxyVM with VPN which must have NetVM like whonix and \
> must connect with my AppVM? But in this case VPN will be after whonix, not inside. 
> 
> So what realisation would be safer from Tor Exit Nodes?
> 
> 
> What is the official opinion from Qubes developers?

IMO, number 2 is safer because both programs (e.g. Tor and OpenVPN) are 
isolated from each other.

You can read about Tor + VPN options on the Whonix site:

https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Separate_VPN-Gateway


Where it mentions "Qubes VPN documentation" you might try setting up 
qubes-tunnel instead, which is easier and more robust:

https://github.com/tasket/qubes-tunnel

-

Note that if you are running OpvenVPN through Tor, you'll probably need 
to configure the VPN to use TCP connections and most VPN providers use 
different addresses and ports for TCP.

-- 

Chris Laprise, tasket@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/04094a93-5ede-9f4c-3f72-e515d6182ee9%40posteo.net.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic