Thank you @tanky0u and @solene !
After some experiments, I have managed to configure the Wireguard VPN and I find it better than the OpenVPN configuration above. The latter stops working after the machine goes to sleep. Instead the Wireguard configuration works fine, it appears.
This is what I did:
- Create a standalone Debian 13 machine
vpn, with “Provides Network” option and service “Network Manager”. sudo apt install wireguardnmcli connection import type wireguard file <configuration file>where the configuration file (.conf) has been downloaded from ProtonVPN website.- Look in the configuration file for a line that looks like:
Endpoint = 5.5.5.5:67890. Then go to the Settings (Qube Manager) of the vmvpn, then to firewall, and limit all outbound connections to5.5.5.5.
That’s it!
With the above commands, the VPN connection (re-)starts automatically when vpn starts or after the machine wakes up from sleep.
NOTE: If I understand correctly, this setup still allows leaks for ping/ICMP packets. But this should not be an issue if you plan to use the VPN after tor. Indeed Whonix automatically blocks all such packets (as well as UDP packets).
Further read: Wireguard VPN setup