So trying to go for gold, and set up IVPN on Linux Qubes, with it points to NextDNS servers. Want to get the best of all worlds: filtration, encryption and compartmentalization.
I have almost got it right a few times but there are limitations.
I tried installing and running IVPN on my AppVM which I do browsing from. Works great, except that when I restart the AppVM it doesnt retain the login credentials. Not optimal when I just want it to start up and go.
I tried setting up a dedicated (standalone) VPN VM and then running internet from AppVM through it. This is where I hit a problem - when VPN is activated in IVPN in the VPN VM, internet becomes so slow in the AppVM browser its not worth it. As soon as VPN is deactivated, internet runs normal. Browsing on the VPN VM however is not affected and runs normally.
Bit at a loss. Theres only one youtube video I could find on using VPN with Qubes, but that goes into the VPN connections that comes with Qubes, not using a VPN application.
I just think it’d be such a winner if I could get this working. I could just roll with using a standalone VM for all my browsing but then I lose the security of vm data wipe everytime its restarted. Be good to get this set up conventionally - having a dedicated VM for the VPN.
Appreciate the guide, definitely looks a tad different to what I have been doing so will give it a go and let you know.
Currently I am just going with WireGuard. Tbf, I am a bit unsure what the trades offs are between the two. The main selling point for me is that its open sources, and that you can point it to NextDNS to get filtration without trading off encryption. NextDNS also allows you to add custom blocklists which is a big pro. Be great for family router.
Thank you, that previous link you sent was an absolute gem. Worked a charm. Needed to run a few things via old ChatGPT just for a bit of minor adjustment, but worked brilliant. Think my big problem was MTU packet size flow between Qubes. Moment I fixed that, everything started working!
So NextDNS can log your queries and IVPN can encrypt your https traffic and you can be the only traffic stream coming out of some M247 data center that consistently lacks DNS queries.
Is this really what you want?
You will putting yourself in a bracket of users potentially doing much more unusual things (ie torrenting etc) and also making yourself much, much easier for anyone sophisticated to track, although it’s possible they can track anyone who does anything and so blending in doesn’t matter.
NextDNS is also a US-based company and if the government secretly ordered them to log all IP addresses and lie to you its users about that or face fines or jail or prison, it seems quite possible they would comply.
If security is your only concern and privacy doesn’t matter at all, it’s fine?
I want encryption for privacy, and I want filtration for quality i.e. no porn, no social media, no gambling, no gaming. I use Linux Qubes for security and protection.
I don’t have all day to examine the small details.
What would you suggest if not IVPN and NextDNS? I am genuinely curious to hear your suggestion.
Edit: I will also add that I am currently the pursuant/claimant in a legal case against a business entity that is owned by a high profile member within the government of a 2nd world country that is not known for its human rights. My case is also strong. With this said, I want to ensure that I am protected from any malicious attack via digital means. This seems like the best option.
Again, any improvements or suggestions would be appreciated.
This is fine for that use case. If you’re threats are outside the US, and you have a specific threat that isn’t partners with a first world country, you’ll be fine.
IVPN apparently also has DNS servers internal to the server, so it would only be a threat if your threat model was the first world.
Anyone with access to nextdns info and the data sever outgoing traffic could link the nextdns times and outgoing traffic from a data server to determine which is your traffic. It likely doesn’t matter. There’s no indication anyone can do this, it’s theoretical, but some people think it may be done.
Mullvad has IP blocking for porn and gambling built in and social media, slides to turn on and off everything you mentioned. But either IVPN or Mullvad could in theory be honeypots that cooperate with your adversary. It’s possibly unlikely either are honeypots since both are very well-regarded and audited. IVPN is considered extremely trustworthy. If they are unlikely to hack you or retaliate, you should be fine with your setup. Tor is always safest in the highest risk situations supposedly.