This would be a mistake, where did I write this? I can’t find it.
Dear @solene, I hope there will be releases on GH, but with qubes-miragevpn (which targets OpenVPN) there is few pain 
The creation of the VM is the same as for qubes-mirage-firewall (and implies to copy the unikernel into dom0), and then the configuration file only needs to be tared and imported in the root volume of the AppVM.
The real remaining issue comes from the user authentication process, the unikernel needs tls-auth in the config file and configuration without won’t work so far 
Seeing the network GUI screenshot (like the one sys-net has) I assumed you connected to sys-net. Now I recall that little interface appears on the taskbar panel if we add the network manager feature to the appvm.
I see you have omitted the NetVM when creating sys-vpn-openvpn. It might be better to specify sys-firewall as netVM in the appvm creation command, so people avoid the mistake of connecting it to sys-net, or at least, in adherence to the format of the old official guide.
1 Like
By default, qvm-create uses the netvm defined as default, which is sys-firewall on a stock installation. If someone changed this, they certainly had a good reason to do so. It’s still possible to change it easily using the qube settings manager. I wanted to avoid adding more parameters to the command if it’s not explicitly required.
Fair enough. I’d still add a very small note about this though. But up to you I’m fine either way.
For the Kicksecure 18 folks:
I’d like to emphasize adding your user user to the netdev group:
sudo usermod -aG netdev user
Then you can boot your AppVM in the normal user session boot mode and import the profile. In any other mode, nothing will work. I’ve tried for some good 1 or 2 hours. Maybe this saves someone some time.
I can also only agree that Wireguard is much less hassle to setup. Thanks for the post!
It’s still a draft, I’m not even sure I’m going to finish it. Openvpn is a real pain due to credentials, and mullvad will drop support so maybe other providers will drop it too.
1 Like
I would have stopped trying to figure it out and waste time on it, but I’m bound to what one of the companies I work for provides me with. It’s certainly a helpful resource, I wouldn’t have come to the netdev conclusion in a much longer time. Keep it up
1 Like
I’m scared by any reliance on one single solution (a.k.a. “monoculture”), in this case Wireguard 
Very fast, very simple, one encryption algorithm, one hashing algorithm, no possibility to downgrade connections to “no encryption”: LOVELY
And when the day comes, when there are weaknesses discovered in any of these nice things … we need to have a fall-back (IPsec, OpenVPN, … ssh?).
Some provider still have options for IPsec, I don’t think openvpn will disappear. I’m surprised mullvad is dropping it to be honest.
1 Like