This uses qubes-tunnel to set up a VPN net qube.
Overview
[sys-net]
↑
[sys-firewall]
↑
[sys-vpn] ← [vpn-template]
↑
[your app qube]
Steps
- Create
vpn-template as a TemplateVM from debian-11. Then in that template run
sudo apt install qubes-repo-contrib qubes-tunnel -y
- Create app qube
sys-vpn from the previously created template vpn-template, in the Advanced tab activate Provides network access to other qubes
- In the settings of
sys-vpn add the service qubes-tunnel
- Obtain Open VPN Username & Password, e.g. on ProtonVPN at https://account.protonvpn.com/account and then run the following in
sys-vpn and provide username & password when prompted:
sudo /usr/lib/qubes/qtunnel-setup --config
- Download Open VPN config file (e.g. on ProtoVPN at https://account.protonvpn.com/downloads ) and store it as
/rw/config/qtunnel/qtunnel.conf in sys-vpn
- Set
sys-vpn as net-qube of any app qube that should be behind VPN.
- If you are any custom port forwarding, apply the config to this
sys-vpn qube as well.
This uses qubes-tunnel to set up a VPN net qube.
Overview
Steps
vpn-templateas a TemplateVM fromdebian-11. Then in that template runsys-vpnfrom the previously created templatevpn-template, in the Advanced tab activateProvides network access to other qubessys-vpnadd the servicequbes-tunnelsys-vpnand provide username & password when prompted:/rw/config/qtunnel/qtunnel.confinsys-vpnsys-vpnasnet-qubeof any app qube that should be behind VPN.sys-vpnqube as well.