Alright guys I need a little help here, and know yall can point me in the right direction.
current setup
I have a qubes 4.2 os setup with mostly fedora40.xfce machines minus my sys-vpn machine that is a debian-12.xfce that was recommended from the mullvad website Mullvad on Qubes OS 4. I have a TP-Link AX1800 router that is set as a openvpn server, with dynamicDNS with a domain for my home. The mullvad sys-vpn works as intended and all of my machines point to it as their netvm, then it looks at sys-firewall as its netvm, and finally sys-firewall looks at sys-net. no firewall changes have been made that stayed persistent. The router generated a config file that i imported to my phone and was able to connect to my home network no issue. the dynamicDNS is from Dyn and it works as intended as well through thhe openvpn connect app.
Task
I built an application scrypted in python on a postgresql databse that I would like to host on the fedora machine that i built it on and allow my partner to have access to it simultaneously as me with disrupting eachothers workflow, having incidents of error, or data loss. I dont want to see his display when he is using it and dont want my controls being messed with when he is inputting commands. I want us to both share a database. i might also make it have mobile application ability at some point but thats later. so I need to find out the best strategy to get his windows 11 machine connected to my appvm. i have already generated a ovpn config file that i sent to him for testing and he said it worked but he is so computer illiterate that id need test results to verify it.I am new to qubes, but my bachelors is in IT and I have comptia A+ net+ sec+ and cloud + certs so I am not completely lost in the woods but the simple task of opening the firewall has been kicking my butt. anyways, here are my solutions and im not sure how off i am.
VPN Solution one
Create another sys-vpn instance named App-vpn or something similar. following this guide Fedora 40 Minimal(OpenVPN) - Qubes 4.2 - Six Easy Steps. Use the config files certs and keys from the openvpn on the router and adjust where needed. i tried to do this but the router doesnt give you files but rather text you are suppose to copy. I copied the text over using mousepad but didnt give it a suffix intially and the certificates werent visible when i tried to import. So i changed the names to have a .PEM but still werent visible. I know very rookie question but how should the text be copied and named to make them available for import?
VPN Solution 2
use my current sys-vpn that is currently running mullvad-vpn and have it run a secondary openvpn instance that will allow the windows 11 machine access to the app.
In both of these solutions i would only need to have an openvpn client configured not another server since my router is working as advertised.
I have tried multiple ways to open the firewalls and test but have been led astray using chatgpt and other posts that werent specific to my build so any guidance would appreciated.
Final Task
once the pc is connected to my machine i need to have a solution for him to be able to select the app to start or preferrably for him to be presented with app main page after providing his network credentials
solution 1
Turn on the openvpn connect app that has us setup as point to point. he would then use vnc viewer to connect to my machine. a script would be created to listen for connections from his devices and when that happens he will be automatically connected to his own desktop environment of the machine with the app that wont be visible to me nor will he take over my controls. once he disconnects the desktop environment goes away.
solution 2
Install nginx or apache and greate a local web server. setup webserver to host the app on a specific port. Develop a simple login portal using HTML/CSS/JavaScript that will be served by your web server.Modify the web server configuration to automatically launch the application after successful login.
Since AI has led me astray many times wanted to know if option two is possible since it appears to be best option
Sorry for being so long winded been getting my butt kicked over last couple days. I appreciate all of you guys for the information youve shared.
Thank you