What might be relevant to this discussion.
Since my creating a VPN-Qube for use at the level of -just beyond sys-firewall, I decided I could limit the install problems, if I tried to install it in a Standalone App Qube that used Fedora. So I chose Personal.
As an alternative, I tried to set up Mullvad VPN app inside a clone of Personal Qube. I used the install information from Mullvad itself on how to install to Linux. I know that one of the issues would be that earlier versions of Qubes used Gnome, now we use XFCE.
I could have installed the Gnome desktop (I am not clear on how to implement that into sys-net.)
I did not install the Gnome desktop.
I muddled on and used the install terminal suggestions from Mullvad, installing the stable version, not beta, of the Mullvad App GUI.
I got up to next to the end, and it would still not start the App. Mullvad help suggested some means of starting the App with some direct CLI commands. Finally getting the GUI App, which gave me a suggestion that it might be that I had a Firewall obstructing its connection to the Mullvad.
Since this attempt was an experiment to find issues. I changed the Personal\Settings\ to take a connection from sys-firewall to sys-net.
Went through using the CLI commands (from Mullvad Help) and killed the app. I tried the commands to explicitly start the App, and it only worked when I got to the last command –
The mullvad-daemon does not start
Try to start it using sudo systemctl start mullvad-daemon. If it does not help then run sudo /usr/bin/mullvad-daemon -v
The Mullvad GUI does not start
Try to kill the Mullvad app GUI using killall mullvad-gui and start it without GPU acceleration with this command:
/opt/Mullvad\ VPN/mullvad-vpn --disable-gpu
that is, ended up at the last step: – /opt/Mullvad\ VPN/mullvad-vpn --disable-gpu
The GUI for Mullvad showed and allowed me to enter my Passcode. Then the connection, which said it was going to Sweden, showed as IP in Belgium… ??
I could choose other cities, and the IP showed to be accurate in place.
All right there was a point in the install that offered a proof of correction of software with PGP key, which I did not verify.
Everything seemed functional, so I closed the terminal. and the connection crashed. Seems leaving the Terminal open, as I started Mullvad App GUI from there, is required.
I do not have a Tab in Personal\ ??for Mullvad VPN ??
I just did this last night, So I obviously have more tinkering to do to install Mullvad VPN in a Fedora 38 stand alone Qube. I have not verified it does not leak somehow. Which the Mullvad Help site explains how to detect and fix.
Before this I was working trying to get Proton VPN to work in sys-proton-vpn qube for the entire machine. After I had gotten to work, I had restarted the computer, and kept getting an “Enter Password” which would not work with my entering Password to my ProtonVPN account. Someone suggested it wanted for me to enter a Gnome password, even if I an not using Gnome, but XFCE.
Solene suggested that I had not finished the install method she had listed, which included securing. Well, you can read that. I was less interested in pursuing that as I do not pay for ProtonVPN, and I already know that the free versions of ProtonVPN are slow. I also know ProtonVPN withholds some options for pay for clients, not free use of their stuff. I think I will only tinker with that after I pony up some money to buy a ProtonVPN Mail, and ProtonVPN license.
This re-opens another consideration. For Qubes to rise above being an OS for fanboys, (those with additional Linux training) and it is more of a toolkit.
I do not criticize the point that the Qubes developers stop. They create a useful Xen Hypervisor, and install onto that some minimized Qubes of some Operating Systems, stitch it together so it is likely safe. But the Qubes developers leave the functioning of the individual App Operating Systems, now Fedora/Debian/Whonix to their respective groups. That is a good decision on the part of the Qubes Developers, else they would be bogged down in all kind of additional implementation problems with different hardware, and with every update to Fedora/Debian/Whonix.
To make Qubes useful, to amateurs, or even just Journalists/Business-People we need a ready to install Qubes for VPN: That is, whether it be from SALT, or a download of Qubes-sys-xxxxVPN. so it is click and install, only need login credentials to get it working.
What we have now is a hodge podge of CLI commands to enter on terminal which partially works for some, not others.
I may spend some more hours this week trying to -first, clean up the security issues on installing the Mullvad App GUI into a Stand Alone Qube.
Then go back to installing Mullvad App GUI into a sys-vpn-qube of its own.
and borrow some money to install the xxxvpn. Which has more complete–recent documentation of how to create the sys-qube for Qubes 4.2.
Cheers
