New user, confused on VPN stuffs

Suspicious_Actions · April 22, 2022, 12:20pm

Maybe a windows analogy would help.

Assume you have an unlimited supply of HDDs.

So you install windows on one HDD. This is HDD with windows is your Template.

Maybe you know, that on windows you can store your personal files on another Partition that can be on another HDD.

This is your AppVM: You boot of your internal HDD, but you store your Desktop, Download folder and other personal files on an external HDD.

Launching your AppVM would be:

Copy your template (the windows installation) to a new HDD and boot from it
Plug in your external HDD, where your Desktop stuff like that is stored.

When you shutdown, you throw away the internal boot HDD, but keep the external HDD with your files to use the next time you boot.

You can create more AppVMs with the same template, by having other external HDDs to plug in. It is like having multiple computers with the same system, but different files.

You can install Software in these AppVMs, but if you restart the AppVM you copy your base template again to boot from, so your installed software would be gone. You would have to install it in this “master system” HDD to have the software in your AppVM.

You can create a disposable-template out of your external disk. Starting disposables form it would work like this:

Copy your template to a HDD and boot of it
Copy your external drive to another new one and plug it in.

after you are finished, you throw away both HDDs.

Again, you can install software or modify files in those, but as you throw them away after usage an copy from your templates when starting another disposable, all your changes (and installed software and malware) would be lost.

Maybe this is easier to imagine… maybe not. idk. If it confuses you: Don’t let this confuse you pls.

KarlinQubes · April 22, 2022, 1:34pm

Not sure if this will help but thought i’d drop it.

Welcome to Qubes, stick with it!

dropkicked-ego · April 24, 2022, 3:41am

KarlinQubes,

This is definitely easy mode. Thank you!

I am trying to learn as I go (lots of rabbit holes). Someone’s script doing it all for me is nice and easy. I’m also interested in the nuts and bolts of it so I can write my own scripts or tweak other people’s scripts.

I see hkbakke has a custom config file for the WireGuard network config. Which subnet/dns should be in there? Does it need to match my net-vpn (based on TemplateVM fedora-34-wireguard) IP/DNS? :EDIT: This is provided by my VPN provider. Sorry for the dumb Q.

I never had confusion on the purpose and usage. That is a good analogy though.

Windows does shit stupid. I’d rather fumble in Linux terminology.

Just to ensure I’m understanding the workflow here:

1.) Clone base template (fedora in this case) called fedora-34-wireguard, install WireGuard, shutdown
2.) Create new Qube
Name and label: net-vpn-narnia
Type: AppVM
Template: fedora-34-wireguard
Networking: default (sys-firewall)
Advanced Tab: Enable ‘Provides network access to other qubes’
3.) Repeat #3 named ‘net-vpn-missing_sock_universe’
4.) Configure Wireguard unique tunnels on each net-vpn-* AppVM, shutdown/restart
5.) Create AppVM named ‘fedora-34-vpn-narnia’ using networking ‘net-vpn-narnia’
6.) Create AppVM named ‘fedora-34-vpn-missing_sock_universe’ using ‘net-vpn-missing_sock_universe’
7.) … so let’s just rest.

Does this still hold true? If I did my 7 steps correctly?

Thanks for this rabbit hole.

dropkicked-ego · April 24, 2022, 4:38am

Got it all working now. Thank you again everyone!