I have been attempting to get openvpn set up and had run into numerous guides with different instructions. I end up getting tied up somewhere along the line, so I put one in-depth guide into ChatGPT to ask it to give me instructions, and it came up with a different instruction set to do this. Can anyone tell me how accurate these instructions are? I’ll try it out in a disposable qube just to see if it works, but I thought it was interesting.
- Open the Qube Manager by clicking on the “Q” button in the top left corner of your QubesOS desktop.
- Click the “Create VM” button and fill out the VM creation wizard with the following settings:
- Name: Choose a name for your ProxyVM
- Type: ProxyVM
- Template: Choose a template for your ProxyVM
- Networking: Select the default network settings or customize them as needed
- Color: Choose a color for your ProxyVM
- After creating the ProxyVM, open its settings by right-clicking on it and selecting “Settings”.
- In the “Services” tab, click the “+” button and select “network-manager” from the list of available services. Click “OK” to save the changes.
- Configure your VPN as described in the NetworkManager documentation linked in step 3.
- (Optional) To make your VPN start automatically, edit the
/rw/config/rc.localfile and add the following lines:
# Automatically connect to the VPN once Internet is up while ! ping -c 1 -W 1 126.96.36.199; do sleep 1 done PWDFILE="/rw/config/NM-system-connections/secrets/passwd-file.txt" nmcli connection up file-vpn-conn passwd-file $PWDFILE
Replace “file-vpn-conn” with the name of your VPN connection file. You can find this file in
/rw/config/NM-system-connections/secrets/ directory if it doesn’t exist yet. Place your VPN certificates and keys in this directory, and create a new file
/rw/config/NM-system-connections/secrets/passwd-file.txt with the following contents:
Replace "XXXXXXXXXXXXXX" with your actual VPN password. The contents of `passwd-file.txt` may differ depending on your VPN settings. See the [documentation for `nmcli up`](https://www.mankier.com/1/nmcli#up) for more information. * (Optional) To make the network fail-close for the AppVMs if the VPN connection breaks, edit the `/rw/config/qubes-firewall-user-script` file and add the following lines: bash 1. ``` # Block forwarding of connections through upstream network device # (in case the VPN tunnel breaks) iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP ip6tables -I FORWARD -o eth0 -j DROP ip6tables -I FORWARD -i eth0 -j DROP
- Configure your AppVMs to use the new VM as a NetVM by right-clicking on the AppVM and selecting “Settings”. In the “Applications” tab, select “Network” from the left-hand side, and then select the name of your ProxyVM from the “NetVM” drop-down menu.
Once you have completed these steps, your ProxyVM should be set up as a VPN gateway using NetworkManager, and your AppVMs should be able to use it as a NetVM to access the Internet through the VPN connection.