Why QubesOS Proxy-VPN Setups Suck and How to Improve Them

I’ve cloned default pristine fedora template to tmpl-protonvpn-fc42.
In that template I’ve installed ProtonVPN-app GUI.
On base of that template I’ve made sys-vpn-tmpl - for ease of creation.
Then I’ve cloned sys-vpn-tmpl to:

1. sys-vpn-crypto
2. sys-vpn-forums
3. sys-vpn-shopping
4. sys-vpn-torrent
5. sys-vpn-untrusted
6. sys-vpn-youtube

I’ve run proton in each of those sys qubes to login and configure. Some vpn’s have same exit country as mine, some have not.

Then I use (if you set particular sys vpn as Net qube in appVM then it starts with that appVM):

1. sys-vpn-crypto with app-crypto
2. sys-vpn-forums with app-forums
3. sys-vpn-shopping with dvm-shopping
4. sys-vpn-torrent with app-torrent
5. sys-vpn-untrusted with dvm-untrusted
6. sys-vpn-youtube with app-youtube

Simple.
I use no qube vpn with app-email, app-devel, dvm-banking and no sys use vpn as well.
Few qubes have no network.

I use one selected protonvpn wireguard server on my OpenWRT router.
Selected, because my old local e-mail provider don’t work with most local vpn servers - strange monkeys.