On 04/22/2018 01:43 PM, Chris Laprise wrote:
> On 04/22/2018 12:52 PM,
js...@bitmessage.ch wrote:
>>
niepo...@gmail.com:
>>> I'm user of vpn bitmask software and accidentally, from time to time
>>> connection disconnect and there is few second to connect again.
>>>
>>> How is easiest way to set up firewall rules that prevent leaks with
>>> clear and unencrypted traffic?
>>
>> I'm pretty sure bitmask is supposed to block unencrypted connections
>> automatically when VPN connection drops (fail closed). The old version
>> of bitmask had problems when running in a qubes proxyVM (DNS leaks in
>> particular), but the new version in their debian stretch repo seemingly
>> fixes these problems. i'm not sure if not failing closed is still a
>> problem tho.
>>
>> If you're running the most recent version of bitmask in a proxyVM and
>> it's not failing closed, maybe run it in the appVM instead? Others will
>> have to answer the firewall question tho because i don't know much about
>> that.
>>
>
>
> The regular release doesn't prevent leaks in Qubes proxyVMs, but the
> next version will.
>
> If you want to use bitmask in a proxyVM you can either download the
> latest pre-release, or you can add a couple (internal) firewall rules to
> the proxyVM in /rw/config/qubes-firewall-user-script:
>
> iptables -I FORWARD -o eth0 -j DROP
> iptables -I FORWARD -i eth0 -j DROP
problem of configuring DNS correctly in the proxyVM. So you're better