Using IVPN on Qubes OS | PrivSec - A practical approach to Privacy and Security
This is my setup for IVPN on Qubes 4.2. It is essentially the same as my guide for Mullvad VPN, but adapted for IVPN.
It differs from solene’s guide and the official documentation’s first approach in that it uses systemd path to trigger /usr/lib/qubes/qubes-setup-dnat-to-ns
.
We have the following advantages:
- No
rc.local
(which is legacy stuff and shouldn’t be used anymore) required. - No overwriting of
/opt/ivpn/etc/firewall.sh
required. Since this file is provided by theivpn
package, there is an inherent risk that it will be overwritten during a package update. - You can also create multiple IVPN ProxyVMs from a single template instead of needing to use standalone VMs.
I also included a workaround for systemd-resolved
so that it will not fail to restart when you change DNS servers too quickly. Shoutout to @DVM for pointing this out in my previous post.