It doesn’t. I recommended it back then because I just needed something to work without spending days researching and this one did the trick.
Meanwhile I have become acquainted with an even simpler and better method based on the NetworkManager.
- create a VPN qube
- use NetworkManager to setup the OpenVPN connection
- set the firewall rules of the VPN qube such that it can only connect to the VPN server(s) and nothing else
This works without any scripts and if the VPN connection fails/dies the Qubes firewall makes sure no other traffic is possible (sine the respective VPN qube can only connect to the VPN server).
And yes… you can do this entirely in the GUI and you have visual feedback. For bonus points you can add a simple script to automatically connect / reconnect.
See this post by Micah Lee for details.