My VPN setup re-explained

Thinkpad x220 also, and some Purism.

3 Likes

The future looks good if Qubes developers make sure the os performs well on these antique laptops. For the rest of us who are not that purist, Qubes will be lightning fast. But who knows, maybe Intel allows disabling ME from BIOS in the future, if there’s enough demand.

1 Like

thanks @unman @turkja

what does 10.139.1.1 and 10.139.1.2 in each VM represent ?
i guess both are public and private IP address of each VM

okay, so conclusion: (in case still wrong, please correct it)

  • without VPN , the DNS server configuration in sys-net will be used.
  • with VPN, the DNS server configuration in VPN will be used.

But who knows, maybe Intel allows disabling ME from BIOS in the future, if there’s enough demand.

maybe if there is worldwide petition , to disable ME , also AMD related BIOS, it would be better.
but i feel that a bit hard , for analogy, by referring to sequel Lord of the ring,
once someone hold the ring, it is very hard for anyone to give up.

I don’t think the ME is evil conspiracy to rule us all. It’s just a management device, and it has valid use cases, like the power management etc. But some obscure, undocumented, exploitable remote services are not ok, so it would be very nice of Intel to be able to disable all the risky components if the user desires.

1 Like

thanks @unman @turkja

These are just placeholders to allow the DNS traffic to pass up the Qubes
network.
At the netvm level, this traffic is forwarded up until it is
“captured” by some netvm - usually sys-net.

Yes, and a Tor proxy netvm will also capture DNS traffic.

1 Like

thanks @unman

2 Likes