Secure VPN VMs in Qubes OS

A fellow QubesOS user pointed me to this Github for fail-closed anti-leak point and click solution for using VPNs to enchance privacy from ISPs/Coffee shop Wifi.

Qubes-vpn-support at Github

It’s not my code, but I use it quite frequently.


Yes, that’s the best way I know of setting up a VPN in Qubes. Way more simple than the one on the official docs. It’s been quite helpful to me too!

Though I think if qubes is to head towards the goal of Qubes for at-risk populations, then we’ll also need a GUI way of doing it.

Kudos to @tasket!

@josh, just a quick tip on discourse. If you just paste a link, in most cases it generates a facy thing for it (a onebox, they call it). It looks like this:


Thanks for the tip @deeplow


There is also a conversation on a github issue that mentions that this VPN documentation is under review for being included in Qubes 4.1. Though I don’t know how updated that information is.


if you use Mullvad, then try this:


Thanks for the link and welcome tor the forum!

Mullvad also has a guide of their own for installing it on Qubes:

edit: see the next comment. (thanks @tasket for pointing that out)


I suggest avoiding the Mullvad directions for Qubes and using
Qubes-vpn-support with that service instead. Hard coded IPs are usually
a red flag that the connection or their failsafe could break but they do
it one better and (needlessly) tell you to find then hard code a virtual
interface. There is also no check that the failsafe is in place – their
way will start the VPN and leave networking enabled if the failsafe
fails to run.

The only trick to using Mullvad with Qubes-vpn-support is keeping in
mind their unusual login format where the password is always ‘m’.

I’ve also tested Qubes-vpn-support with Mullvad’s wireguard service and
it works.