you need to use OpenVPN in TCP mode as Tor can’t route UDP packets (used by OpenVPN in UDP or by WireGuard which is exclusively using UDP)
Hey Solene you are amazing.
Quick question: is safer making vpn configuration with app or openvpn, when the app is open source ?
Safer in what regards?
Using openvpn or plain wireguard is less error prone, but the app is offering kill switch, DNS changes etc… that you may forget or implement in a wrong way.
The App binary could be compromised, which would be less likely for a package such as openvpn.
In absolute, the app is less secure, in practice I think it’s more convenient and as secure.
1 Like
Thank you for your answer.
Is there a way I could make ProtonVPN in this case start in system try so I won’t see the app displayed when the qube starts automatically.
Also can I disable this keyring asking everytime the qube starts.
Thank again!
Hey solene, I followed your steps above. The VM is created successfully, protonvpn starts automatically and connects successfully. But none of my internet traffic from my “personal” qube is showing I am connected to a vpn. What did I miss?
hi, did you assign those qubes the proton qube as a netvm?
Hello, net qube in qube manager basic tab is set to sys-net. I originally had it set as sys-firewall. Under services tab I have both qubes firewall and network manager checked off. firewall rules are set to default (allow all outgoing connections).
it seems you don’t fully understand what you are doing at the moment, I recommend you to read carefully Networking | Qubes OS and potentially Firewall | Qubes OS to understand the process. Otherwise you may expose information and it may be dangerous (depending on your threat model).
If you followed the guide, you created a new qube that is connecting to proton vpn, if you want a qube to have its network traffic router through the VPN, you need to modify its net vm to the proton vpn qube 
1 Like
Thank you for your patience! I will read what you have recommended. Thank you for your time!
I should follow this.right?
Not really, the guide is for wireguard and you need OpenVPN. It’s pretty close though, just import your configuration in network manager, make sure to generate one that use TCP and you should be fine.
Store a temporary password in gnome-keyring then login to protonvpn with your credentials. Restart the VM and enter your gnome-keyring credentials. Open seahorse and reset the keyring password with no password. This has worked for me.
1 Like
This only worked for so long. So, a different method:
Add the below to the bottom of .bash_profile, with “somepass” being your chosen filler password.
echo -n "somepass" | gnome-keyring-daemon --replace --unlock
On reboot, you’ll be asked to enter the password again; but this time there will be a box to check whether your wish to keep the keyring open on login. Click this. Reboot. Should disable all future gnome-keyring prompts.