Everyone knows and loves Mirage Firewall. Recently, I stumbled upon a mirage OpenVPN unikernel made for Qubes which didn’t seem to get much attention from the community. Their instructions are here.
I wanted to share this find and to know if people are using it, how it went, and with which vpns.
Is there a WireGuard version? Tested for leaks?
This seems to be OpenVPN only. I wouldn’t know if it was tested as there are only five total references to this I’ve found online.
I can confirm that it only targets OpenVPN because the code to use the vpn protocol has to be written with Ocaml. I tested a while ago and the tunnel can be established, and i can use it, but a bug causes the communication to break after a while. Unfortunately, this has not been deeply investigated yet due to time constraints.
To me, all client packets are transmitted through the tunnel, so there are no leaks. This could be an issue because the dns resolver needs to be modified in the clients appVM and doesn’t use Qubes’ default 10.139.1.[12]. I haven’t checked how this is handled with other vpn proposals.
I confirm the breakage after use.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Dear @unman , I updated the unikernel to the latest release of mirageOS and so far I don’t observe the tunnel crash anymore (but this may be related to a change in my openVPN server, or set of options used). Would you mind to try Update to Mirage 4.9 by palainp · Pull Request #18 · robur-coop/qubes-miragevpn · GitHub and let me know if you’re still experiencing tunnel issues (which would indicate that certain options are leading to errors, and help correct them 
). If so, you can report your test in the PR or here (or both) according to your preference