Is this possible to accomplish in maybe 60 minutes or less?
qube1>clientapp>defaultfirewall>sys-vpn1>firewall2>net
qube2>clientapp>defaultfirewall>sysvpn2>firewall2>net
wireguard or openvpn works.
I need them to simultaneously route different connections. For instance,
qube 1 and qube2 run at the same time using the same sys-net.
Is possible?
My connections:
sys-net->sys-firewall->sys-vpn-youtube->app-youtube
sys-net->sys-firewall->sys-vpn-forums->app-forums
sys-net->sys-firewall->sys-vpn-shops->app-shops
sys-net->sys-firewall->sys-vpn-untrusted->disp666
go figure out
This is very possible. All you have to do is set up two VPN qubes (with different providers/accounts/destinations according to how separate you want it to be). You will, as you correctly assumed, have to have two distinctly separate qubes to do this, but you just connect the different qubes to the different VPNs.
Absolutely, this is exactly what Qubes OS networking features, you can even stack multiple VPNs if you want.
It’s really cool to do it in Qubes! I use 4 VPNs. I set up 4 sys‑vpns in 20 min
You make vpn template, then you make first sys-vpn, configure it and then clone it whatever you want. Then you configure every vpns to your needs.
Excellent, now I have read many a guide that says to have a pre-vpn firewall. You have forgone that for convenience?
Fantastic. Now that you mention stacking multiple VPNs you mean like a chain correct?
So we have the following:
clientapp>prefirewall-vpn>VPN1>(default)firewall>VPN2>Sys-net
does client app see the IP address of VPN1 or VPN2 in the chain?
Now let’s consider we are under a network we do not control.
clientapp>prefirewall-vpn>VPN1>(default)firewall>sys-net
If this network we are connecting to also uses a tunnel will that cause an issue?
secondly, Which IP address will clientapp see VPN1 or the last link in the chain (e.g., the tunnel vpn at sys-net)?
When setting up the firewall for the clientapp where do I best do that with this setup? Which qube? Can I do it in the client app qube or should I do it elsewhere? Let’s use something simple as an example. I want to block all other connections except outgoing and incoming mail (everything else is blocked)
let’s use outlook or gmail as an example!
The key server settings for IMAP are:
Incoming Server (IMAP) imap.gmail.com
Port: 993 (with SSL/TLS)
For the outgoing server (SMTP):
Outgoing Server (SMTP):smtp.gmail.com
Port: 465 (with SSL) or 587 (with TLS/STARTTLS)
Interesting? Why the separate providers? Better security? One goes the other may still be in tact kind of logic?
I think you may have misunderstood. I was suggesting different providers, different accounts or just different IPs, depending on what your needs are. For instance, if you just need it to look like it’s coming from different countries, then just set up the different VPN vms to use different destination IPs. But if you want it to appear more separate (and understand that this requires more than just VPN setup) you should consider separate accounts or even separate providers.
You didn’t give any information as to why you’re setting up different VMs, so I don’t know what your goal is, so I made generalities in my response.
Don’t need pre-firewall. I don’t block anything on sys-firewall. I have default sys-firewall config. My threat level is I don't want aggregated advertisement.