Disposable ProxyVM as VPN Gateway

I’ve created a ProxyVM to use as a VPN Gateway as described in this community guide, by using iptables and CLI scripts. Ideally, I’d like to convert it to a Disposable VM using the DispVM Customization guide here. However, the DispVM Customization guide specifies an exception around VM to VM communication with iptables.

What is the best practice to create a Disposable ProxyVM to use as a VPN Gateway which includes modifications to iptables? Is this a strict limitation of Disposable VMs? Could there be some work-around, for example, by placing an executable script in /rw/home/ and calling it from /rw/home/user/.config/autostart, or with some other work-around?

1 Like

You can create a proxy VM as usual, test it for everyting working and then you can convert Advanced settings of that Qube. Convert it to template for disposable VM.
qvm-prefs NordVPN template_for_dispvms True
Now set it as default disposable VM.
qubes-prefs default_dispvm NordVPN
Now create a static disposable named VM from it.
qvm-create -C DispVM -l green Nordstatic
qvm-features Nordstatic appmenus-dispvm ''

Set Nordstatic as your gateway for all VM that should pass through VPN.
Set firewall rules for this VM (Nordstatic) so that it can connect only to desired VPN IPs.

Don’t forget to set your previous default dispVM template as default after doing all this.