For far too long the community has been requesting an updated, official guide for setting up a secure VPN Gateway within Qubes OS. The existing documentation references instructions tailored for Qubes OS 4.1, which are no longer compatible with v4.2 or v4.3. As a result, many users are left searching through outdated resources or relying on unofficial, potentially insecure guides.
This ongoing issue has led to numerous forum threads and community discussions, highlighting the urgent need for clear, official guidance. Unfortunately, despite awareness of this gap, developer responses and support have been noticeably absent—mailing list threads and community requests have gone unanswered.
Given that Qubes OS prides itself on being a security-centric operating system, the absence of official VPN setup instructions is concerning. A properly configured VPN Gateway is a cornerstone of a comprehensive security posture, and the community’s trust hinges on transparent, supported guidance from the developers.
I urge the Qubes OS team to acknowledge this need and provide an official, up-to-date VPN Gateway setup guide. The community deserves clarity and confidence in their security configurations.
I will be raising this issue via the Qubes GitHub repository and mailing lists to emphasize the importance of official support.
Please support this petition by commenting or liking this post.
This is something I have in the backlog. This is also the reason I recently asked the community about what an update of the VPN guide should contain or not.
This would not be reasonable to do this for paid VPN service apps, because it’s highly dependent of upstream and it might be considered as advertising or commercial, but a plain wireguard or openvpn with all the extras you might want is totally reasonable as a part of the official documentation.
I don’t understand the tone of your message, I disagree with you and I don’t like the fact that you sent me a PM (actually, spam) about this. I wouldn’t be surprised if that text was produced by an AI.
What’s the point of a petition concerning the docs that everyone can edit? Especially when @solene is just thinking about an update of the community guide?
I don’t think that using a VPN is something that should belong to the official docs because I don’t see how it is better for security?
I think it should be there as it’s a really popular need for Qubes OS users, so it’s better to point them to a well written and well done setup, which should result into a secure result, rather than following various how-to/tutorials on the Internet and do it wrong.
The solution to this problem is a work of software so that such documentation is not necessary. Alternative to a work of software, such documentation is also a work product. You @longTimeQubesUser can campaign to request that someone produce either kind of work product all you want. The people with the relevant skills and tenacity to produce such a work product are busy with other things.
The open source Qubes project is not your local government you have been paying taxes to.
Produce the work product yourself or pay for the talent to spend their own time on producing the work product.
agreed. also @solene please consider adding to mullvad vpn to turn on network manager in services in the vpn qube being created so downstream qubes can receive that vpn connection if desired.
also writing in that you need to type in sudo nano to add the configurations of a system kill switch would be helpful for beginners like myself as well.
thx for your helpful guides. much appreciated and happy new year
Reading this makes me think you did not really understand how networking works in Qubes OS.
You should establish VPN connections from qubes that are dedicated to this, and use it as the netvm of qubes you want to use the VPN. This allow to chain VPN too for instance, which is not as easy and reliable on other operating systems. This also let you switch a Qube between vpns or remove the VPN of a single Qube by using sys-firewall for that Qube.
While I agree that an official easy guide would be nice (maybe even shipped in the ISO) this is no way to go about it. The Qubes team owes you nothing. Besides, there is plenty of community effort going on.
Sure it’s a bot or something like that:
I agree so much with you! 36 topics viewed and 149 posts read in 22m… lol
Sure it’s a bot or something like that:
i don’t know this guy, why do you PM @longTimeQubesUser ? i don’t know you!
we are agree with that perhaps not in the iso but with salt. Nevermind, I am against this kind of petition and even against any small pettiness on this forum
If it’s so important to you, then work a little and make us a great tutorial for sure, many people will help you as they can . As @solene says, you can participate in the documentation… Open-source is just that: utual aid between people
Such thing only exists as a form of self-deception.
It doesn’t need to be better for security, VPN is a useful networking tool overall.
Should VPN usage guide be included in QubesOS documentation?
No, it is not about QubesOS. if anything, it should be in the community guides or wiki that we don’t really have.
Yes, if the writer makes it about specifics of QubesOS networking and the reader won’t just come out with a working VPN config, but as a more knowledgeable person.
Also @solene if you to do such a thing, please don’t put any VPN providers there, write about protocols. Don’t cave in to the pressure, you are correct with this:
I don’t quite agree with you @otter2 because a vpn offers anonymity of course BUT it also offers security in relation with his encryption But it’s not the subject of this topic
Has brought up an interesting point, on the Philosophy of how,
Where the Qubes Developers stopped adding features.
that is somewhat Philosophical about Qubes OS Design – well --implementation.
I hope to start another thread, later today about I think the Qubes Developers view the OP needs, when they work on Qubes. That way I neither hijack this thread with my that is somewhat Philosophical about Qubes OS Design – well implementation of Qubes. That way the more knowledgeable folks here can, again, tell me about why/how I am wrong, and help all of us understand the design/implementation of Qubes.
What I do feel should be mentioned on this thread. There are some very knowledgeable, skilled individuals who we need to thank for writing the support documents we have, and for spending hours of their own time helping folks in trying to implement VPN into Qubes internet.
By singling out Solene seems wrong, because I miss a lot of others who work hard on helping others in implement features they want in Qubes. And there are a bunch of those.
Thanks to those who have provided their technical help in getting Qubes to work to be sometimes workable for those of us who did not get a Masters in CS.
There are many features that could benefit from documentation, and
very few people helping. As I frequently say:
The documentation is a community effort. Please help us improve it by
submitting a pull request.
And almost no one helps.
In this case, I agree that Qubes could benefit from an explanation of
how to set up a VPN - whether this should cover every protocol and every
approach? Should we follow Mullvad in focusing on wireguard and drop any
mention of openvpn? Should we explain different types of VPN? Should we
cover all the different protocols?
In general we do not replicate in the official documentation information
that is available elsewhere. We do try to explain the Qubes specific
character of some activities. I believe that is where we should focus
our efforts.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
@longTimeQubesUser as many have expressed, this is perhaps not the right approach. The need for an easier way to set up VPN is well in Qubes dev’s minds.
(As a moderator) I’ve removed the “SIGN THE PETITION” from the title, because honestly, the ones closes to the subject already know about this and have the motivation to do it. Encouragement is a much more powerful motivator in this community. Because after all, the docs maintenance are community-lead.
This is by no means a way of understating the problem you raise.
(And taking my moderator hat for a bit, I have a video in the works about setting up a VPN. It’s just a video form of the wireguard VPN guide, but hopefully it helps some that are more into video guides)
I agree with everything said so far, including OP. For Qubes users like me that have been following this project since the very beginning when Joanna Rutkowska was leading this project. When a new version was released (e.g., Qubes 3.2) you installed the new version and also the VPN gateway. Both were installed following the official guides. Back then, the VPN official guide was a key part of Qubes OS.
Everything changed with the release of Qubes 4.2. The official guide was not updated anymore. This might not be a problem for new users, but for old users that always installed both (the new version and also the VPN gateway) it is a real pain in the ***. You are being forced to hire external paid help to update the 4.1 existing VPN implementations (official guide and GitHub projects) that can break anytime when a new version is released.
The VPN situation right now is a mess: 40% users are using @solene guide, 30% outdated guides, 20% GitHub projects, 10% paid implementations. These figures are not accurate and only for example purposes, but you got the idea.
The takeaway is that 100% of Qubes users should use the same thing for VPN, and that must only be the official guide, as it always was the case.
The problem is that there is not one VPN - there are different types
of VPN, and different protocols. We will not document them all.
In my opinion the official documentation could/should be used by people
who have looked at guides to setting up a VPN that suits their purpose
and needs, and want to know how that knowledge can be applied in Qubes.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
perhaps not in the iso but with salt. Nevermind, I am against this kind of petition and even against any small pettiness on this forum
. As