This would be a mistake, where did I write this? I can’t find it.
Dear @solene, I hope there will be releases on GH, but with qubes-miragevpn (which targets OpenVPN) there is few pain 
The creation of the VM is the same as for qubes-mirage-firewall (and implies to copy the unikernel into dom0), and then the configuration file only needs to be tared and imported in the root volume of the AppVM.
The real remaining issue comes from the user authentication process, the unikernel needs tls-auth in the config file and configuration without won’t work so far 
Seeing the network GUI screenshot (like the one sys-net has) I assumed you connected to sys-net. Now I recall that little interface appears on the taskbar panel if we add the network manager feature to the appvm.
I see you have omitted the NetVM when creating sys-vpn-openvpn. It might be better to specify sys-firewall as netVM in the appvm creation command, so people avoid the mistake of connecting it to sys-net, or at least, in adherence to the format of the old official guide.
By default, qvm-create uses the netvm defined as default, which is sys-firewall on a stock installation. If someone changed this, they certainly had a good reason to do so. It’s still possible to change it easily using the qube settings manager. I wanted to avoid adding more parameters to the command if it’s not explicitly required.
Fair enough. I’d still add a very small note about this though. But up to you I’m fine either way.