Best Position to Install NordVPN or other VPN

n0thum4n · June 8, 2023, 2:28pm

In your opinion, thinking about privacy, where NordVPN or other VPN application should be installed?

TemplateVM debian-11?
debian-11-dvm?
sys-firewall?
sys-net?
or in the AppVMs?

The idea is to make all traffic that uses USB Wifi Dongle pass throw VPN.
In case of two USB Wifi Dongle, the #1 should use NordVPN and #2 should use, for example, protonvpn.

fsflover · June 8, 2023, 3:38pm

Qubes provides security through compartmentalization. Following this principle, you achieve the highest security by separating everything.

Therefore, a dedicated VPN qube is preferable:

github.com

Qubes-Community/Contents/blob/master/docs/configuration/vpn.md


How To make a VPN Gateway in Qubes
==================================

<div class="alert alert-info" role="alert">
  <i class="fa fa-info-circle"></i>
  <b>Note:</b> If you seek to enhance your privacy, you may also wish to consider <a href="/doc/whonix/">Whonix</a>.
  You should also be aware of <a href="https://www.whonix.org/wiki/Tunnels/Introduction">the potential risks of VPNs</a>.
</div>

Although setting up a VPN connection is not by itself Qubes specific, Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure. This document is a Qubes-specific outline for choosing the type of VM to use, and shows how to prepare a ProxyVM for either NetworkManager or a set of fail-safe VPN scripts.

Please refer to your guest OS and VPN service documentation when considering the specific steps and parameters for your connection(s); The relevant documentation for the Qubes default guest OS (Fedora) is [Establishing a VPN Connection.](https://docs.fedoraproject.org/en-US/Fedora/23/html/Networking_Guide/sec-Establishing_a_VPN_Connection.html)

### NetVM

The simplest case is to set up a VPN connection using the NetworkManager service inside your NetVM. Because the NetworkManager service is already started, you are ready to set up your VPN connection. However this has some disadvantages:

- You have to place (and probably save) your VPN credentials inside the NetVM, which is directly connected to the outside world
- All your AppVMs which are connected to the NetVM will be connected to the VPN (by default)

This file has been truncated. show original

aloion · June 8, 2023, 9:02pm

Did you even bother to read the official documentation?

go to Documentation | Qubes OS
Ctrl+f for “How to set up a ProxyVM as a VPN Gateway”
implement it
next time search the official documentation
stop using commercial vpns and create your own

n0thum4n · June 8, 2023, 10:46pm

Yes, I have read Documentation.
Please, learn how to read and interpret texts and after that read my post again to note that I’m raising a discussion and asking opinions.
PS: The post is in General Discussion sector, not in User Support.

n0thum4n · June 8, 2023, 10:49pm

That’s a interest point of view.
Maybe for a private investigator use qubes for different profiles and VPN installed in a TemplateVM should be an usage way.