Sometimes I Leak and I Like It

but mostly i hate it

like some other qubes member on forum, i use whonix, whonix very good with tor and no java. i routed all through just sys-whonix when first start to qubes

but one day was reading more about programming languages and i come across important programming article about Shyla Jennings and cloudflare will not let me read it

so like many others i adds VPN qube on top of whonix so i can do more study

now i route browser-qube through VPN-qube that routes networking through whonix

in VPN-qube, I added firewall rules to only allow connection to VPN IP and select “limit connections” and add VPN IP address

it does not matter

sometimes web page traffic goes through whonix in tor circuits outside of VPN

i know this because unlike probably most of other young devout women in my country, i watch my onion circuits when on qubes and I see the IP address going into sys-whonix

When VPN work there one IP address under one circuit with multiple circuits open and the IP address is VPN address and everything go through it. when it fails vpn IP address stays listed, but vpn qubes show no lock, IP address from VPN stays and shows listed under a group of tor connections (1 circuit) as whonix waits for more traffic. while this happens, other Tor circuit connections quickly absorb and send data from “browser-qube” and now transporting data from all sorts of IP that come from web browser, web browser will still load pages

sometimes i leak and i like it because i can see what traffic was go through the VPN but mostly i am very angry at stupid qube for leaking

usualy leaks happen when VPN goes down. It does good VPN and is not disconnect easy, problem is not VPN, problem is bad VPN qube should block all traffic when not connected to right IP

tell me what I done wrong

this can create risk because when connecting from “unusual” VPN IP and then VPN goes down, then website now sees traffic coming from blacklisted “evil” Tor IP

how stop make this?

1 Like

If you only added firewall rules in Qube Settings then DNS and ICMP will still be allowed. Read the note at the bottom of Firewall rules tab in Qube Settings and also this:
Firewall | Qubes OS

You need to make the network fail-close for the AppVMs if the connection to the VPN breaks.
You can read how to do it here:
Contents/docs/configuration/vpn.md at master · Qubes-Community/Contents · GitHub
Also you can use this script:
GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS

1 Like