On 04/09/2018 08:22 AM, billol...@gmail.com wrote:
So, I recently installed R4 on my laptop and things seem to be going smoothly.
I'm ready to get my VPN working.
I use mullvad, and I'm having trouble connecting the instructions in the
documentation with how mullvad works -- as least as far as using the GUI.
Before I screw something up, I was hoping that someone else is using Mullvad
and can point out a flaw in my plan to:
1) Turn on the debian template
2) Install mullvad
3) Run mullvad
I'm going to assume (naively, I suppose), that that's all there is to it. I've
never tried to do anything with mullvad from the command line. If I have to,
can anybody point me to some documentation on what I should do?
That's not quite all there is to it. :)
You may not have seen Mullvad's guide for Qubes:
https://mullvad.net/en/guides/qubes-os-and-mullvad-vpn/
Unfortunately their firewall script for Qubes has issues; for one, it
would be better to just remove everything that uses $virtualif and don't
bother trying to manually match an IP address to it. Otherwise, your DNS
requests could fail or get sent elsewhere (beyond Mullvad).
Another problem is they have you dedicate a standalone VM to the VPN,
which wastes space and requires separate updates.
-
Since their software looks like its openvpn with a GUI on top, I'd
suggest trying to configure openvpn for Qubes with this tool instead:
https://github.com/tasket/Qubes-vpn-support
It sets up a Qubes-specific openvpn service and correctly configures the
firewall to forward DNS and prevent leaks. I suggest installing it into
a proxy VM (on Qubes 4.0 that's an appVM with "provides network" selected).
The only missing ingredient you'll need to supply is mullvad's set of
openvpn config files. These can be downloaded here:
https://mullvad.net/en/download/config/
The downloaded file can be unzipped in the proxyVM and the resulting
files moved to the /rw/config/vpn folder.
For the username/password, you can copy their file to the one
Qubes-vpn-support expects:
sudo cp mullvad_userpass.txt userpassword.txt
-
If it works, then...
1) If I open up a vm based on the fedora template, I assume that the VPN will
still be in force for it as well.
You can connect VMs running any type of OS to a proxyVM.
2) I assume I have to keep the debian template running, else mullvad will quit,
right?
If you use Qubes-vpn-support, its not an issue since you can use the
regular Debian template.
3) Can I open and run mullvad in a debian vm that is not the template? Should
I do that instead of turning on the template vm?
Using their software/instructions its not practical for normal Qubes use
since most network apps (browsers, email, etc) are run from
template-based appVMs. You would have to keep re-installing their
program each time you started an appVM you wished to use over the VPN.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/afdfcd06-97bd-18cf-1d13-a5675870f91c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
