Questions on using Mullvad on qubes

i have got mullvad running on qubes and its working fine after following the instructions from mullvad,

1/ does the limiting outgoing connections to the VPN servers mean my IP cant be leaked as the network only connects to the VPNs or nothing at all?

2/ with no GUI how can i be sure the killswitch is actually working and my IP does not leak when connection drops?

3/ how can i enable multi hops ?

thanks for any answers, im familiar with qubes but just a bit confused on this one

  1. I guess you’re talking about firewall rules? If so, adding the VPN server entry IP in sys-firewall will ensure that only this IP can receive network packets from your system.

  2. Try it, use an AppVM attached to your VPN VM and turn the VPN off. Then use the AppVM to access a website and see if it works or not. If the firewall and the iptables rules are correct, you won’t be able to access anything without the VPN being active.

  3. It depends if you decided to use OpenVPN or Wireguard. OpenVPN don’t really have any multihop beside the “bridge” with ssh which involve more steps. If you use Wireguard, then you can use the multihop port they provide for each servers and use it in your wireguard configuration.

1: yeah firewall rules in the VPN template so was hoping it would only connect to mullvad and not leak my real IP at all

2: oh yeah lol cant believe i didnt think of that lol thanks worked perfect

3: and set up using open vpn so dont think i can do a multihop option unfortunately

thanks for the response you was very helpful

1 Like

For the answer to #3, you could just chain two openvpn/wireguard vms, or you could use the official socks5 proxy from mullvad under their wireguard servers which you can search here

You have to be connected to a wireguard server for the proxy to work, but from there you can chain as many proxies as you want and multi hop.

This tutorial is gold: Using Mullvad VPN in Qubes

Ignore the outdated UI elements; it’s written for an older version of Qubes but it still works like a charm and addresses your first two points.

I don’t know about multi-hop but I’ve had success chaining different VPN VMs in the past with and without Whonix/Tor in between (hint: if it doesn’t work, make sure the first VPN is using TCP port 443)