You can use qubes-tunnel then download the ovpn configuration in the protonvpn.
Step in ProtonVPN
Get the ProtonVPN config files:
Download the desired configuration files
- Log into your ProtonVPN dashboard at account.protonvpn.com/login
- Select Downloads on in the left navigation bar
- Find the OpenVPN configuration files section and chose
- Platform: Linux
- Protocol: UDP (recommended) / TCP if you experience slow VPN speeds (this utilizes port 443)
- Click the download icons for the server you wish to download
If you selected “Download All configurations”, extract the zip file to your desired location
Find your OpenVPN credentials:
For increased security, ProtonVPN is set-up with two separate credentials to authenticate a connection.
Learn more about how two pairs of credentials increase the security of ProtonVPN.
Log in to the ProtonVPN dashboard and click on Account tab. Here you will see your two type of credentials.
The credentials ProtonVPN Login are used in our applications . OpenVPN / IKEv2 Username is used on manual connections . So please configure the OpenVPN credentials to your preference as you will need to use them to establish a Linux VPN connection. Note : to use our NetShield DNS filtering feature, append the suffix +f1 to your username to block malware, or +f2 to block malware, ads, and trackers (for example 123456789+f2).
Step in qubes-tunnel
qubes-repo-contrib package using
dnf in template. Then, install
qubes-tunnel in the same way.
- Create an AppVM, called for example
sys-vpn , with the
provides network option enabled using a template with the previously installed
qubes-tunnel package. Make a choice for the NetVM setting, such as
Services tab, add
Note: There is no need for adding
root or using
sudo , in
/usr/lib/qubes/qtunnel-setup --config :
root@sys-vpn:/home/user# /usr/lib/qubes/qtunnel-setup --config
Enter VPN/tunnel login credentials.
Leave blank if not required...
Username: OpenVPN / IKEv2 Username
Password: OpenVPN / IKEv2 Password
Login info saved to /rw/config/qtunnel/tunneluserpwd.txt
Next, copy or link your config file to /rw/config/qtunnel/qtunnel.conf
- Following what’s the last sentence said, still as
root or using
sudo , in
sys-vpn copy the OpenVPN config file from your service provider, for example called
root@sys-vpn:/home/user# cp user_config.ovpn /rw/config/qtunnel/qtunnel.conf
sys-vpn . This will autostart the VPN client and you should see a popup notification ‘LINK IS UP’!
Regular usage is simple: Just use
sys-vpn as NetVM for other VMs and start them!
If when you restart
sys-vpn instead you receive continuous popup notifications stating ‘Ready to start link’, you may need to troubleshoot the connection. To troubleshoot the connection, you can monitor the systemd service that controls the vpn client with
journalctl -u qubes-tunnel and view any errors that appear.
If you follow corretly, you should be able to connect.