You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your guide to setting up Mullvad VPN on Qubes OS! It was very helpful to me. I wanted to mention a couple things I did in case they're helpful to anyone else.
I decided to start with a Debian 13 minimal template. From there, the minimal set of packages needed to set up a Mullvad ProxyVM seems to be: libasound2t64 libnspr4 libnss3 mullvad-vpn qubes-core-agent-networking systemd-resolved
Also, if it's of interest, my approach to firewalling is to use multihop and allowlist api.mullvad.net and some set of entry servers I might want to use in qvm-firewall for my ProxyVM. So qvm-firewall <ProxyVM qube name> list outputs something like:
NO ACTION HOST PROTOCOL PORT(S) SPECIAL TARGET ICMP TYPE EXPIRE COMMENT
0 accept 45.83.223.196/32 tcp 443 - - - api.mullvad.net
1 accept 185.209.196.74/32 udp - - - - de-fra-wg-004
[...]
XX drop - - - - - - -
(The IP address for api.mullvad.net is hardcoded into the app, so it's not necessary to allow DNS before connecting to the VPN.)
And I set up custom lists in the "Select location" selector so I can easily restrict the app to trying only these allowed servers.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
PrivSec.dev
Uh oh!
There was an error while loading. Please reload this page.
-
Thank you for your guide to setting up Mullvad VPN on Qubes OS! It was very helpful to me. I wanted to mention a couple things I did in case they're helpful to anyone else.
I decided to start with a Debian 13 minimal template. From there, the minimal set of packages needed to set up a Mullvad ProxyVM seems to be:
libasound2t64 libnspr4 libnss3 mullvad-vpn qubes-core-agent-networking systemd-resolvedAlso, if it's of interest, my approach to firewalling is to use multihop and allowlist api.mullvad.net and some set of entry servers I might want to use in qvm-firewall for my ProxyVM. So
qvm-firewall <ProxyVM qube name> listoutputs something like:(The IP address for api.mullvad.net is hardcoded into the app, so it's not necessary to allow DNS before connecting to the VPN.)
And I set up custom lists in the "Select location" selector so I can easily restrict the app to trying only these allowed servers.
Beta Was this translation helpful? Give feedback.
All reactions