Phew! From the header ( "avalibel" ) I thought someone was being accused of defamation. BTW, a very easy way to have a VPN is to download the opera installer to your AppVMs, keep it there, and then just (re)install it on boot. A big advantage of this - I think - is that yo don't have to wipe your history and cookies as you have a freshly installed browser each boot-up. This is kind of cool because they keep coming up with persistent cookies and various junk they download onto our browsers. A "disposable" browser such as this creates should create another ring of security. Correct me if I'm wrong... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This email is confidential to the recipient named in the original. If you receive and are not the named recipient *please delete and notify sender* thank you in advance for your adherence.
---------- Forwarded message --------- From: 799 <one7tw...@gmail.com> Date: Sat, Aug 17, 2019 at 6:35 PM Subject: Re: [qubes-users] The VPN avalibel in Qubes To: Chris Laprise <tas...@posteo.net> Cc: qubes-users <qubes-users@googlegroups.com> Hello Chris, On Sat, 17 Aug 2019 at 04:35, 799 <one7tw...@gmail.com> wrote: > Chris Laprise <tas...@posteo.net> schrieb am Di., 13. Aug. 2019, 23:10: > >> (...) >> The easiest & most comprehensive/secure VPN config for Qubes is here: >> >> https://github.com/tasket/Qubes-vpn-support >> [...] >> > I thought about a way to simplify the installation of your VPN-Script & the deployment of a VPN-Proxy VPN even further. My Qubes-Installation & configuration is all done by scripts which I start from dom0, this allowas to rebuild my complete Qubes system without much work. I have written a scripted install, which is building a VPN-ProxyVM based on my own sys-template for sys-net / sys-usb / sys-firewall (which is itself based on a fedora-29-minimal template). All steps to build the vpn-proxy VPN including configuration for privateinternetaccess.com is done through the script. Only step has to be done manually: Adding vpn-handler-openvpn to the Qubes Setting / Services Tab. QUESTION: I know that this can also be done via dom0 CLI, but I am missing the right command. Can someone help? [799] PS: This is the script, which will build the VPN-ProxyVM. (Hint: I like to keep my templates small and therefor packages which I only need during setup will be installed in the AppVM (and be lost on reboot). In this case git/unzip/wget are only used to setup everything - they're not needed for running the ProxyVPN): ---- start ---- Template=t-fedora-29-sys AppVM=sys-vpn2 qvm-create --template=$Template --label=blue $AppVM qvm-prefs --set $AppVM provides_network True qvm-run --auto --pass-io --no-gui --user root $AppVM \ 'dnf install -y git wget unzip && \ mkdir -p /rw/config/vpn && \ cd /root && \ git clone https://github.com/tasket/Qubes-vpn-support.git && \ cd Qubes-vpn-support && \ bash ./install' qvm-run --auto --pass-io --no-gui --user root $AppVM \ 'cd /rw/config/vpn && \ wget https://www.privateinternetaccess.com/openvpn/openvpn-ip.zip && \ unzip openvpn-ip.zip && \ # Link to your favorite VPN-Entry Point here I'm using Switzerland && \ ln -s Switzerland.ovpn vpn-client.conf' qvm-shutdown --wait $AppVM # MANUAL step (at the moment): # Add "vpn-handler-openvpn" to the Settings > Services Tab qvm-start $AppVM ---- end ---- As mentioned above the AppVM is based on my own sys-template named t-fedora-29-minimal. If you want to rebuild, this is how you build this template from dom0. It can be used for sys-net / sys-firewall / sys-usb): ---- start ---- template=fedora-29-minimal systemplate=t-fedora-29-sys #remove old template qvm-kill $systemplate qvm-remove -f $systemplate #clone template qvm-clone $template $systemplate # update template qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf update -y' # install a missing package for fedora-29-minimal # without it, gui-apps will not start # not needed in the latest fedora-29-minimal template (after april 2019) qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf install -y e2fsprogs' # Install required packages for Sys-VMs # Hint: you might need to add your own wifi-firmware-drivers here instead of iwl6000g2a... qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \ qubes-core-agent-networking polkit qubes-core-agent-network-manager \ notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \ iwl6000g2a-firmware qubes-input-proxy-sender iproute iputils \ NetworkManager-openvpn NetworkManager-openvpn-gnome \ NetworkManager-wwan NetworkManager-wifi network-manager-applet' # Optional packages you might want to install in the sys-template: qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf -y install nano less pciutils xclip' # Set new template as template for sys-vms qvm-shutdown --all --wait --timeout 120 qvm-prefs --set sys-usb template $systemplate qvm-prefs --set sys-net template $systemplate qvm-prefs --set sys-firewall template $systemplate ---- end ---- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sbWbACK0jddxgBGibRRPLzXO57ZLursddDs-bFYA7W8w%40mail.gmail.com <https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sbWbACK0jddxgBGibRRPLzXO57ZLursddDs-bFYA7W8w%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOy3qD94v3HLOufOcgp%2B6d7E92POeN4GXGwYSLdhAobKmnvjnw%40mail.gmail.com.