you can check by disconnecting the VPN with the kill switch enabled, its purpose is to prevent network to work when the VPN is disconnected
exactly 
if the kill switch works, these qubes shouldn’t have Internet working when the VPN is not connected.
Proton announced on March 4, 2024, that the permanent kill switch now works on the Linux app.
Thanks for the heads-up, I confirm the killswitch is now working from the App 
I tried the new client in a new Qube following your instructions @solene , without hardening. I wasn’t able to get past the kill switch via browser or CLI.
Solene,
Thanks for an excellent setup guide. It worked great for my ethernet-connected studio processor. But I ran into a problem with my laptop, which is connected strictly wireless.
The app establishes a VM uplink eth0 connection in an unused “Ethernet Network”, but is not available as a VPN Connection under “WiFi Networks”. A cursory investigation yields no provision for pointing the app away from Ethernet to WiFi, that I’ve been able to determine. Being somewhat of a power user and an erstwhile hack, I’m well aware that it’s probably something simple. Can you enlighten me, or is this an issue for Protonvpn?
Thanks in advance,
<djr>
eth0 is the qube network interface to reach its netvm, it’s unrelated to Proton
where did you see this? If you don’t have a wifi network interface, you should never see “wifi networks” in network manager. Are you looking at this on sys-net?
No I’m not- my apologies: this is according to the icons in the Status Tray of my panel:
<IceCream-Cone-in-Forehead>
<djr>
looks good right? 
The app icon has a 
+ the purple network manager applet has a lock which means a VPN is connected.
Jawohl!
I’m just not used to that icon config.
Sheeesh. 
<djr>
(Tan Q. Beddymach!)
I have VM uplink eth0 connection in sys-vpn-protonvpn-app. but the qube doesn’t connect internet. how can I fix it?
did you configure some firewall rules for this qube?
does its netvm has internet access?
Yay! 
Thanks for this Guide
no. i didn’t touch anything firewall rules. But I’m using kicksecure VM insted of Fedora.
yes. sys-net has internet access.
sorry I can’t help you, I don’t know what kicksecure is doing. Maybe the qubes integration doesn’t work well.
I hope I don’t end up having this problem …
I really want KickSecure iso as a VM so to go in battle hardened when connecting to Google products such as GMail so to finish migrating stuff off GMail due to the Black Hat Cyber Stalking and Hacking me seemingly being well equipped with Google exploits specifically as a specialty however his other specialties include hacking servers, networks, and Operating Systems and using Python scripts as his main language it seems — so I don’t want to risk finding out if he has Hypervisor exploits as I would rather have a hardened Debian like KickSecure than a butt bunky Debian going out there to log back into GMail. I am banking on KickSecure having good enough armor on lol than the naked Debian that is expected for us to use on Qubes as default.
i will try by debian.
First of ann thanks for this guide Solene, not realising it was here I spent the better part of a day trying to work out how to make the gui appear before realisng your guide was here. It was far, far, more gratifying that it really should have been the first time I got your instructions working.
Part of the issue is I think the way that proton have written their instructions is that there is a line (the --refresh desktop one) which is essential, but the way proton have it on their website is that it implies that it might only need to be done if one had already installed it. Another is that wheneever I typed a question into the command line it immediately redirected me to the CLI app help. I’m sure there must have been a time when google wasn’t as perpetually useless as it seems to have become, but whenever that was it seems a long time ago now.
I seem to have come across a curious instance. When I clone a template and then install all the software on it with the intention of creating subsequent disposable Protonvpn-Appvms it doesnt seem to work, I need to then reinstall al the software on it as if the template had reverted to its creation state. Certainly the proton-vpn gui doesnt launch. But when I create clones of the protonvpn-template then it all works normally, that is to say the vpn app launches as one might expect. I have checked to ensure that the Appvms are based upon the ProtonVPN template and they are. It just seems curious why that might be.
you may try to log out and log in, if you clone them they will appear as the same device and won’t be able to connect at the same time. I got this issue with the VPN provider I’m working for and it took us a while to figure what was going on 
That probably why I seemed to have issues with accessing whonix and the clearness at the same time with them this morning then. I gave up in the end and got out tails. Of which version 6 seems very snazzy if but for the fact that, oxymoronic as it may seem, its easier getting sound/bluetooth working in qubes now than it is in tails!
Thanks for the comprehensive answer
thank you !!finally I succesed to make sys-protonvpn app with debian.
but I want to use this vpn firewall with Tor.
but when I conect like this, I fail to connect vpn surver.
sys-protonvpn → sys-whonix → sys-firewall → sys-net
How do you combine vpn and tor?
My goal is this
whonix ws → whonix gateway → protonvpn → internet