Best practices for VPN access?

I use Mullvad and I have followed the official guide from Mullvad using wireguard: WireGuard on Qubes OS - Guides | Mullvad VPN

From my perspective the only way to have access to each server connection Mullvad offers is to have 1 qube per Mullvad server connection.

For instance lets say I have an AppVM qube called ‘tv-shows’ from which I’m watching content, this qube is receiving a network connection from a NetVM qube which is connected to ‘au-bne-wg-302’ a Mullvad server hosted in Brisbane, Australia. This qube is setup via the steps outlined by the Mullvad guide.

I then want to watch a tv-series which is region locked, I now need another NetVM qube which is connected to a server in a different location i.e. ‘at-vie-wg-003’ which is hosted in Vienna, Austria.

I then need to change the network setting of the ‘tv-shows’ qube to the other NetVM qube that is connected to the server in Vienna, Austria ‘at-vie-wg-003’.

I understand I could create a single networking qube and install the Mullvad app instead, this would allow me to change the network connection via command line or using a GUI. However, from the perspective of best practices is the method I have outlined correct?

How is everyone else handling this?

In the instructions when you go to add the wg-quick up command in /rw/config/rc.local you may instead put a bash execution of a script that does whatever you wish and then executes wg-quick up on a given conf file. You can get creative and use Xfce-panel bindings through genmon to create a toggle or a small gui to change if you wish. Don’t forget to put all the IPs you would need in that qube’s firewall restrictions. You must edit them through the command line using qvm-firewall in dom0 if you followed the entire linked guide.

Interesting, do you have any setup scripts you could share?