Help me understand sys-gui-vnc and how to appropriately secure it

Hi everyone,

I’ve been considering switching to running sys-gui-vnc since there’s quite often times when I’m away from my primary (qubes) computer and still need to regularly use it. I am well aware that this isn’t an ideal security model, however it’s become a pretty big deal so it’s probably going to be my solution for the foreseeable future. The current plan for my model is in the diagram, however I’m not sure what the best way to connect the remote device and sys-remote is. I’d ideally like to implement further auth methods such as U2F, TOTP, or password protection.

Is my understanding of this setup fine? I feel as though there may be other things I would need to do, and what might the best option here be? Connect sys-remote directly to the netvm? Create a seperate netvm? Use cross-qube rules between sys-remote and sys-firewall with an ssh tunnel? Something else I haven’t thought of?

1 Like

This one is a gem! Don’t know how I missed it in my research haha. While it really does look like a good solution, I think I’d still prefer to have a direct connection that doesn’t rely on tor, mainly because of latency issues, which is why I went the wg route.

1 Like