Curiously, how do you prevent VPN leaks? I have firewall rules set up in my VPN proxy VM (primarily blocking IPs that are not associated with the VPN servers).
Qubes documentation seems to warn against running network services (ex. VPN) in VMs that run the Qubes firewall service (ex. sys-firewall). Not surprisingly, they suggest compartmentalizing the two functions. They also seem to recommend a second firewall be used between the client (appVM) and proxy (VPN) for other reasons.
Or perhaps I am misunderstanding something? The term “firewall” is used loosely at times. Either way, even if the potential benefit is a toss up, it seems that firewalls based on a minimal templates don’t impact resources too much to worry about it…
[source: Firewall | Qubes OS]
Another discussion about this topic: