Firewall rule not enforced

Hi,
I have 1 Openvpn service Qube whose network Qube is sys-whonix, sys-whonix then connects to sys-firwall which then connects to sys-net.

Now I connect another Qube, with network Qube as the OpenVpn one. Now when connected to VPN (in the OpenVpn Qube) the network passes through VPN as expected and when not connected it goes through TOR. Now I added a firewall rule on the Openvpn Qube to only connect to the VPN service, but this is not being enforced, if VPN is turned off the traffic passes through TOR. I want to make sure the network also goes through VPN!

Hi

Where did you add the firewall rule, and what kind of rule did you use?

Added the firwall rule on the VPN Qube, by going into Qube setting, I selected the Limit Outgoing connections to… and added in the IP , Port , protocol for the particular VPN server I am using. But still as soon as the VPN disconnects the network starts passing through TOR

sys-whonix does not support the Qubes firewall, so your
added rule is not honoured.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

1 Like

Interesting.

@wowowow a solution would be to add a firewall qube between your vpn and sys-whonix, so your vpn qube’s firewall rules will be applied in the firewall qube where the rules will work

If you do this you make circuit isolation difficult because the traffic
arriving at sys-whonix appears to originate from a single IP address.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

What do you mean by circuit isolation?