Has anyone got a solution to setting up a Mullvad VPN connection with either an AppVM or Debian standalone qube?
I only ask because of the updates. Fedora gets update very frequently. Having to do that often for a standalone as well as the template is a bit of a pain.
A Debian standalone might be a good solution since it updates far less.
I know there is an appVM based solution but it also uses MirageOS, which has its own problems with updates (github based). I know there is this solution but it is standalone.
You can try to install Mullvad VPN app in template and add the path to its configuration files (if they’re outside of /home or /usr/local) to bind-dirs in AppVM based on this template.
I have a salt based solution here which creates a
Mullvad proxy, as well as a disposable template, and is Debian based.
It’s packaged as a rpm, as discussed here, so you can simply
install the package and the template and qubes will be created.
The disposable has the Mullvad VPN GUI and the Mullvad browser. (You can
use the browser with the VPM or without.)
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Is it 3isec-qubes-sys-vpn-1.4-1.fc32.x86_64.rpm? I thought that sounded a bit generic but you had been quite specific about Mullvad, and there’s a mullvad file on github.
One source I read says I should be looking for a detached signature, but you haven’t mentioned that and I can’t see it anywhere. I’m getting nowhere.
The key is definitely imported and gives the right fingerprint. Piping the .rpm file to more shows readable text for the description, so I don’t think its corrupted.
This is all in a dispVM. I will have to shutdown soon, so I will start again afresh in a few hours.
I installed mullvad-vpn using qubes-task-gui in r4.2, but am not able to run the Mullvad Browser in the disposable vm. Selecting Mullvad Browser in the start menu will open a dispvm, which promptly shuts down. I also tried using qvm-run -v … with the same result and no feedback. Opening a terminal in the dispvm and running ./start-mullvad-browser.desktop throws the error “no such file or directory”. while cd to /home/user/.local/share/applications/ and running ./start-mullvad-browser.desktop results in “permission denied”. I tried removing --detach from the file, as described in another thread, but to no effect. Not sure what else to try, so would appreciate any suggestions.
I was able to connect the vpn in sys-mullvad without any issues, but the browser wouldn’t run there either.
you cannot just verify the file with gpg commands because the signature
is not of the entire .rpm file. Instead, the signature is only associated
with the critical portions of the package.
Use the right tool:
rpm --import KEY
rpm -K PACKAGE
The output should show SIGNATURES OK
Alternatively, rpm -qi PACKAGE will show the key used to sign the
package.
On the Signature line you should see Key ID fdd1b8244731b36c for my
packages, as explained here
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
However, while I get the signature, your other instruction isn’t working, or I am misinterpreting it (so I guess others will too):
On the Signature line you should see Key ID fdd1b8244731b36c. This is the signing sub key of my Qubes OS signing key - you can confirm this with
gpg --edit-key unman
gpg --edit-key unman
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: key "unman" not found: No public key
Tried also with gpg --edit-key RPM-GPG-KEY-unman
I just don’t know enough to intuit what you mean.
But I trust the fingerprint matching your instructions.