Please help me with some questions below.
I have created new template VM, based on Fedora 32.
I use NordVPN, it uses wget, to download package, to template VM.
For security, Template VM has no internet access, but wget need Internet connection.
So I attach sys-net to template VM for temporary, to download NordVPN.
It means security has been compromised.
How do we install software that is not supported by package manager ?
Do we need to use disposable VM to install it, then copy into template VM ?
Or there is another way ?
I create App VM, based on Fedora template VM, which has NordVPN installed.
I attach sys-firewall, to the App VM, & turn on the VPN, and it works.
What I don’t understand is, if it works already, then why we need the scripts,
provided in https://github.com/tasket/Qubes-vpn-support ?
Is it being used to create proxy VM ?
So without the script, proxy VM will not be able,
to supply internet access to App VM ?
Also in its features’ description, the script provides fail closed & protect leak possibility.
Also it isolates tunnel within proxy VM.
Does it mean, the nordVPN itself is not enough ?
so we need to use the script, to protect from leak possibility & isolate tunnel ?
So without the script, if we only have NordVPN, on template VM only,
then there will be leak possibility and tunnel is not isolated ?
On step 2, in Qubes-vpn-support, how do I get the VPN config files for NordVPN ?
From which folder ? Because NordVPN doesn’t mention, the file location.
About WhoNix, Tor-Over-VPN and VPN-Over-Tor,
If we want VPN encryption, start from our Laptop,
so it is secure from any man-in-the-middle, Router admin and also ISP,
which one we have to choose ? Tor-Over-VPN or VPN-Over-Tor ?
How to setup auto login and auto connect ?
I have turned on auto connect on App VM terminal, but it dissapear after reboot.
So currently, I need to login & connect manually, for each time I use the App VM.