I mean a GUI network mapper.
Ohh, yeah. 
I just don’t think that a leak proof VPN ever exists. VPN is just not designed for such thing.
Moreover in my use cases most of my VPNs are not even providing a default route, so those are needs the ‘leaked’ by purpose.
Sure, there is a guide by community effort called Qubes VPN, but that is trying to provide features that a pure VPN solution does not have at all.
I surely not really understand that warning - maybe because of the ‘too smart’ vpn clients that are messing up with your packetfilter… but that’s simply not apply for my use cases.
My vpn’s are only addig routes, and do not messing up the packetfilter I have set up.
Even it’s not match with my threat model and use case, but at least now I understand the reasons, thanks.
1 Like
I do not understand for many years, why do people trust VPN?
Are you really sure that Admin in this VPN company really does not see your traffic ?
Stupid people.
If your ISP provider opens one extra “daughter” company and call it: Dark VPN.
Would you buy it ?
But you do not know that.
People are blind trusting third companies just because there are some keywords for everybody on their website.
We need better technology
Blockchain based
Would you trust this?
you correct
not necessary blockchain based, it just need to be decentralized (just discover dvpn)
not bad, though, i see suspicious thing like apple device everywhere, a raspberry pi rack would do the same (possibly even better)
There is a difference between VPN and a VPN provider. Many people here seem to be able to setup their own VPN servers and be independent of third parties.
Calling everybody stupid who uses VPN only shows your intellect and adds nothing to the discussion. BTW, Blockchain is a buzzword, too just as VPN or cloud, and you are using it, obviously without understanding the principe (as ppc pointed out).
But yeah, I get your point.
I use the basic qubes 4.0 configuration without any VPN or Proxy, only whonix/tor. It is sufficient for most cases.
1 Like
AppVM → VPN (CH) → Sys Firewall → Sys Net → Internet [For most of my browsing]
AppVM → Sys Firewall → Sys Net → Internet [For one Qube that needs to be able to hit a local network and the firewall messes with that]
DispVM → Sys Firewall → Sys Net → Internet [For watching videos / streaming that don’t like when a VPN is used]
VPN is ProtonVPN. Those guys seem trusty. They can read my mail, so seeing my traffic isn’t that much extra.
1 Like
Ain’t your appVM traffic will be in Switzerland to browse things, such as far-right papers or commie papers?
Yes, that is correct. The appVM traffic will be routed via Switzerland.
Yes, I just can’t get enough of those far right commie papers.
2 Likes
I’d do this for very, very specific cases that most probably wouldn’t include browsing the clear net nor tor, otherwise it could easily be turned out that I hide myself behind - myself.
Absolutely!
Is it necessarily “stupid”? Maybe they realize that the same risks apply to ISP providers who routinely expose user information to websites that are visited and are notorious for violating user privacy.
There do seem to be a few VPN providers who at least make an effort to inform users about many aspects of online privacy that are not shared by 99% of other ISP and VPN providers (ex.guides provided by iVPN and Mullvad). These same providers also offer payment methods (ex. cash with no personal details required) that make it more difficult to identify users even if they are bad actors. I don’t know of any ISP that offers such options.
That’s not to say they couldn’t be bad actors, but when all factors are considered, a VPN does seem to offer the user at least some additional potential for increasing online privacy - if for no other reason than it distributes risk beyond a single ISP.
2 Likes
Details on this???
@ephile , @fgogachaddict8
Zenmap is a component of Kali linux and there is a Qubes template for Kali.
I was able to get Zenmap working in Qubes 4.1 in a Kali VM. At first it was not functional but after adding some dependencies to the Kali template, Zenmap runs fine
I don’t see how zenmap is supposed to work in a Qubes environment - it
wont be able to map qubes at all unless you make significant changes to
the forwarding, and it wont show offline qubes or qubes attached to
other netvms.
You are correct it won’t map Qubes network of VMs but it will work to map my home LAN and any WAN I care to map. Before Qubes I used to maintain several specialized laptops and my pentesting machine featured Kali with NMAP and Zenmap tools. I use them for pentesting and hardening my non Virtual networks. Now I have abandoned the separate machines and effectively do all those tasks with specialized VMs under Qubes
Well, of course. But this thread was specifically about Qubes
network design.
yes
Newest Design
Whonix:
@tag:anon-vm → sys-whonix → sys-vpn → sys-firewall1 → sys-net
clear:
@tag:clear-vm → sys-firewall → sys-net
Kali:
@tag:kali-vm → sys-vpn3 → sys-firewall → sys-net
Kicksecure:
@tag:kicksecure-vm → sys-vpn1 → sys-firewall → sys-net
Other:
@tag:other-vm → sys-vpn2 → sys-firewall → sys-net
This is my production setup.
I have about 50 VMs spread around two physical boxes.
The box with the most VMs sports five different VMs each assigned a 10GbE NIC, and each connected to one of five different physical networks. Joining them all is a central hub VM (connected to the five NetVMs using qubes-arbitrary-network-topology) that uses xen-netfront/netback to route among all those networks (easily 40+ other devices including many ESP32s).
Major upgrades of said box involve taking down this box and that’s a solid ten minutes to finish restarting. The box runs Nextcloud, Home Assistant, Network UPS Tools, Grafana, Alertmanager, Prometheus, Node-RED, ESPHome, Syncthing, Matrix, Jenkins plus slaves, and a metric fuckton of other stuff, all in under 32 GB of physical RAM. Remember that each VM is running its own copy of node_exporter.
No user data files are stored there! That server can burn away and be 100% faithfully recreated using SaltStack.
I use a salt-ssh-based custom firewalling setup that lets me configure all of the firewalls in less than 3 minutes from a central location. Could be faster, and soon may be with Qubes 4.2.
ALL THE VMS USE THE SAME TEMPLATE. Judicious use of /run/qubes-services (easy with Salt macros) means each VM only runs exactly what it needs.
1 Like