VPN/Firewall Redundant?
39 views
Skip to first unread message
jimmy....@gmail.com
Feb 11, 2017, 1:35:20 PM2/11/17
to qubes-users
Assuming one wants to have all internet traffic go through a VPN, is having both a VPN proxyVM and a firewall VM redundant? In other words, does the proxyVM with the VPN running in it serve as a firewall just as well? Or is there still some reason to have two separate VMs in this use case?
Unman
Feb 11, 2017, 6:26:14 PM2/11/17
to jimmy....@gmail.com, qubes-users
On Sat, Feb 11, 2017 at 10:35:20AM -0800, jimmy....@gmail.com wrote:
> Assuming one wants to have all internet traffic go through a VPN, is having both a VPN proxyVM and a firewall VM redundant? In other words, does the proxyVM with the VPN running in it serve as a firewall just as well? Or is there still some reason to have two separate VMs in this use case?
>
This will depend on what configuration you have on the VPN Proxy.
> Assuming one wants to have all internet traffic go through a VPN, is having both a VPN proxyVM and a firewall VM redundant? In other words, does the proxyVM with the VPN running in it serve as a firewall just as well? Or is there still some reason to have two separate VMs in this use case?
>
It would be possible to combine firewall and VPN Proxy in one qube,
particularly if you were always using the same downstream qubes attached
to the proxy. This would be straightforward and could be done with a
custom set of rules loaded in /rw/config/rc.local, either directly or
using iptables-restore.
imo a cleaner approach is to use "native" Qubes firewall capability -
there isn't a great overhead in doing so, and it should minimise the risk
of leaks.
Reply all
Reply to author
Forward
0 new messages