Secure VPN VMs in Qubes OS

A fellow QubesOS user pointed me to this Github for fail-closed anti-leak point and click solution for using VPNs to enchance privacy from ISPs/Coffee shop Wifi.

Qubes-vpn-support at Github

It’s not my code, but I use it quite frequently.

2 Likes

Yes, that’s the best way I know of setting up a VPN in Qubes. Way more simple than the one on the official docs. It’s been quite helpful to me too!

Though I think if qubes is to head towards the goal of Qubes for at-risk populations, then we’ll also need a GUI way of doing it.

Kudos to @tasket!


@josh, just a quick tip on discourse. If you just paste a link, in most cases it generates a facy thing for it (a onebox, they call it). It looks like this:

2 Likes

Thanks for the tip @deeplow

2 Likes

There is also a conversation on a github issue that mentions that this VPN documentation is under review for being included in Qubes 4.1. Though I don’t know how updated that information is.

2 Likes

if you use Mullvad, then try this:
https://micahflee.com/2019/11/using-mullvad-in-qubes/

3 Likes

Thanks for the link and welcome tor the forum!

Mullvad also has a guide of their own for installing it on Qubes:

https://mullvad.net/es/help/qubes-os-4-and-mullvad-vpn/

edit: see the next comment. (thanks @tasket for pointing that out)

3 Likes

I suggest avoiding the Mullvad directions for Qubes and using
Qubes-vpn-support with that service instead. Hard coded IPs are usually
a red flag that the connection or their failsafe could break but they do
it one better and (needlessly) tell you to find then hard code a virtual
interface. There is also no check that the failsafe is in place – their
way will start the VPN and leave networking enabled if the failsafe
fails to run.

The only trick to using Mullvad with Qubes-vpn-support is keeping in
mind their unusual login format where the password is always ‘m’.

I’ve also tested Qubes-vpn-support with Mullvad’s wireguard service and
it works.

6 Likes