hello everyone! at start, i m with qubes less than a week, so, hope for understanding
situation: in my area blocked open vpn and wireguard protocols, usual vpn services apps also unavailable. i use outline client app ( it is resistant to some of the most sophisticated forms of blocking, in my area deep packet filtering) as a vpn. i want to have connection on qubes like vpn over outline-tor, but i dont have idea, how i can do it right on qubes. at first, i cant use the cli as mullvad creating vm vpn for example- outline manager only run as app image… and when in vm app on whonix template i got outline client and run connection…its ruined tor browser connection. i understand that I’m doing everything wrong…and understand that outline must be separate as vm (right?), but i dont have any idea. help me please. how i can use vpn in my circumstances?
Create a separate sys-vpn qube, connect the qubes like this:
sys-net ↔ sys-firewall ↔ sys-vpn ↔ sys-whonix
The Outline VPN should work the same way as other VPN apps, you can follow this guide as an example:
But instead of installing mullvad app in the template, move the outline appimage to the sys-vpn qube and run it there.
Also you may need to apply the MTU fix:
Wireguard VPN setup
its not usual vpn technically and its a problem. here not possible to create configuration file, for client app outline uses only access key, its just line of numbers. also wireguard and open vpn blocked as protocol in my area
need to run a app on file manager in created sys-vpn qube? or i need use another way to run app, at first, does it matter in which directory the app Image should be?
It doesn’t matter.
Try to run it from the terminal first e.g.:
/home/user/Outline.Appimage
Maybe you’ll need to set the execution permission for it first:
chmod +x /home/user/Outline.Appimage
but why?
terminal return some error, but the app working
Outline is starting
loading web app from file:///*******************appName=Outline
Could not load active tunnel: [Error: ENOENT: no such file or directory, open ‘/home/user/.config/Outline/connection_store’] {
errno: -2,
- code: ‘ENOENT’,*
- syscall: ‘open’,*
- path: ‘/home/user/.config/Outline/connection_store’*
and then some libva errors about driver name and etc, think, its doesn’t matter.
i created conditionally empty (what should be there? i don’t know) file connection_store in Outline directory. repeatedly run app image in terminal:
[1813:1114/141047.183159:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.StartServiceByName: object_path= /org/freedesktop/DBus: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Outline is starting
again libva errors and etc
Because they work the same way in the system by creating a tunnel and routing the traffic through it.
But maybe there is some peculiarity that could cause for it to break, but I’m not familiar with Outline so I can’t tell for sure.
I never used Outline so no idea, check the issues with the same error:
Issues · Jigsaw-Code/outline-apps · GitHub
You can also allow all traffic in your qube for a test:
sudo nft chain ip qubes input '{ policy accept ; }'
sudo nft chain ip qubes forward '{ policy accept ; }'
modified my comment recently about it, maybe, you will be able to suggest something with updates
from that point of view, yes, of course, but now I’m focusing on that the methods that regular VPNs use aren’t right for me, and it’s related to the protocol, which is causing all of these problems
thnx, i will try
Maybe Outline is blocked by your ISP? Try to use it from a different device (not Qubes OS) using the same ISP.
no, its working as just app in Qubes too. my problem it is not understanding how to right configure it in qubes in a separate machine likely sys-vpn, when outline is just an application with gui and not have conf files like vpn and so on
As you can see in the guides linked in my first post, no changes in the VPN config files are required for Wireguard or Mullvad app to work, the same is probably true for Outline.