VPN is a constantly recurring hot topic for Qubes OS users. There are already several topics
here on the Qubes Forum but also on Qubes OS docs, Github and private blogs.
If you are interested in setting up a VPN on Qubes OS you can use the official sources, like VPN | Qubes Community. But I guess, it is someone similar to the Qubes OS hardware choice, first you do your research on the VPN provider afterwards you (try) to get it installed and configured on Qubes OS.
Therefore, I would like to have your opinion on: Does it make sense to have a VPN provider list that points users to sources on how to configure / what possibilities do I have / how other users did it …?
It should not include a rating of the VPN provider itself (price, security features, location etc.) but we have a Qubes OS rating (1-3) on:
Configuration effort (graphical vs. terminal, # of steps, …)
Usability (user control / interaction by icon or by terminal)
Robustness (auto-restart, easy server switch, using Qubes OS standards, …)
Security (split-VPN, disconnect, login data storage…)
Does this make sense to you at all?
Or should we simply do a link collection first
… or just open a Qubes Community topic for each VPN provider with a default title and body structure?
Lately, there have been a lot of questions suggesting that these people have little to no experience with Linux. The thing that all providers have in common is that you either use a shiny (more or less) little app with a graphical user interface where everything is pretty self explanatory. Often the steps you have to do in order to connect are pre-configured the way it works for most users. Just choose a server and click connect.
Apart from that you can always configure and download your ovpn.file. You have to select your platform, protocol and server. There are also advanced configurations that are useful for routers/firewalls or other stuff.
The thing is, once you configured and downloaded these files, setting up a connection is almost always the same. It is rather trivial but:
There are people who copy everything, for example, there are screenshots showing where to put your credentials. Some people just copy “your user name” and " your password" instead of putting their individual login credentials there. There are milder cases where people aren’t aware that there are different login credentials for the provider and for setting up a connection.
Then there are people who want to connect to a server that requires a paid subscription.
It can happen that a connection times out because a server is being maintained or down etc. Always try more than one server.
The list is endless and of course, there can be more complex problems. It just doesn’t help to state “doesn’t work”.
There are many things one should try before concluding “It doesn’t work”. Also, one should name the things you tried.
I’ve tried half a dozen providers with Linux and all worked fine. With Qubes it was the same.
Hello,
I think there should be in the official documentation of Qubes-OS, a procedure of how to set up a VPN with openvpn and its own open vpn server (in Proxmox for example)
Just to be totally autonomous and not to depend on a vpn provider.
As for the vpn providers, I think it would be interesting that they offer you Templates of official or unofficial ProxyVpn, as Whonix already does or that they offer directly on their site a “Qubes” as they already do for virtual appliances.
It won’t happen most likely because it’s incredibly hard to manage documentation. Quoting from core vs. external documentation:
The main difference between core (or official) and external (or community or unofficial) documentation is whether it documents software that is officially written and maintained by the Qubes OS Project. The purpose of this distinction is to keep the core docs maintainable and high-quality by limiting them to the software output by the Qubes OS Project. In other words, we take responsibility for documenting all of the software we put out into the world, but it doesn’t make sense for us to take on the responsibility of documenting or maintaining documentation for anything else.
But as a community effort like the Community-recommended computers maintained by @sven may work as long as someone can commit to maintaining that list. And the forum may be a good place for that.