Manage, run, protect VPN connections in Proxy VMs.
This is closely based on the Qubes-vpn-support project.
Install qubes-repo-contrib
package using apt-get
or dnf
in template. Then, install qubes-tunnel
in the same way.
-
Create an AppVM, called for example
sys-vpn
, with theprovides network
option enabled using a template with the previously installedqubes-tunnel
package. Make a choice for the NetVM setting, such assys-firewall
. -
In
sys-vpn
settingsServices
tab, addqubes-tunnel-openvpn
service.
Note: There is no need for adding
network-manager
service.
-
As
root
or usingsudo
, insys-vpn
execute/usr/lib/qubes/qtunnel-setup --config
:root@sys-vpn:/home/user# /usr/lib/qubes/qtunnel-setup --config Enter VPN/tunnel login credentials. Leave blank if not required... Username: fepitre Password: Login info saved to /rw/config/qtunnel/tunneluserpwd.txt Done! Next, copy or link your config file to /rw/config/qtunnel/qtunnel.conf
-
Following what's the last sentence said, still as
root
or usingsudo
, insys-vpn
copy the OpenVPN config file from your service provider, for example calleduser_config.ovpn
to/rw/config/qtunnel/qtunnel.conf.conf
:root@sys-vpn:/home/user# cp user_config.ovpn /rw/config/qtunnel/qtunnel.conf
Restart sys-vpn
. This will autostart the VPN client and you should see a popup notification 'LINK IS UP'!
Regular usage is simple: Just use sys-vpn
as NetVM for other VMs and start them!
If when you restart sys-vpn
instead you receive continuous popup notifications stating 'Ready to start link', you may need to troubleshoot the connection. To troubleshoot the connection, you can monitor the systemd service that controls the vpn client with journalctl -u qubes-tunnel
and view any errors that appear.