Disclaimer: this is my first attempt to write a guide. I tried to configure ProtonVPN in Qubes 4.3 with basic OpenVPN and it was in fact very simple and seems to work fine. I'd be very grateful if anybody has security improvements or other suggestions.


Guide to setup ProtonVPN ProxyVM for Qubes OS R4.3.0-rc2

In this guide I will detail how to configure a ProxyVM <ProtonVPN> to tunnel all connections through Proton VPN.

This is based on OpenVPN and not on tools from ProtonVPN. This is based on the official "Linux/OpenVPN" instructions from Proton.

See: https://protonvpn.com/support/linux-openvpn/

Step 1 - Create the VM

Create a standalone VM <ProtonVPN> using the Debian13-xfce template.

Use the default <sys-firewall> as NetVM.

Remember to click Provides Network.

After creation, go to Qube Manager, &lt;ProtonVPN&gt;, Settings-> Services and add Network Manager.

Step 2 - Install OpenVPN

Open the ProtonVPN terminal.

sudo apt install openvpn

sudo systemctl disable openvpn.service

Reboot ProtonVPN.

sudo apt install openresolv

sudo apt install wget

sudo wget "https://raw.githubusercontent.com/ProtonVPN/scripts/master/update-resolv-conf.sh" -O "/etc/openvpn/update-resolv-conf"

sudo chmod +x "/etc/openvpn/update-resolv-conf"

Step 4 - Download ProtonVPN OpenVPN configuration files

Go to your ProtonVPN account and find your credentials (username/password).

NOTE: These are specific for OpenVPN and they are not your usual username/password for accessing all Proton services.

In ProtonVPN create a file with two lines, one for the username the other for the password.

cd /rw/config/

sudo mkdir vpn

cd vpn

sudo nano ProtonCredentials

# write username on the first line

# write password on the second line

From ProtonVPN download your desired server configuration file. For example the "Switzerland UDF" file is called `sudo apt install

From ProtonVPN download your desired server configuration file. For example the "Switzerland UDF" file is called `sudo apt install

From ProtonVPN download your desired server configuration file. For example the "Switzerland UDF" file is called ch.protonvpn.udp.ovpn.

Note: You might want to choose a TCP configuration file, depending on your needs.

Place this file in /rw/config/vpn/

Now edit this file to include the reference to the credentials:

sudo nano /rw/config/vpn/protonvpn.udp.ovpn

# Find the line "auth-user-pass"

# Edit to:

auth-user-pass /rw/config/vpn/ProtonCredentials

Start the VPN service

Start the service with:

openvpn --cd /rw/config/vpn/ --config ch.protonvpn.udp.ovpn --daemon

Now go to Qube Manager and set as ProtonVPN as NetVM of some appVM.

Open Firefox in appVM and visit https://www.dnsleaktest.com/ to check that everything works as expected.

If it does, add the following line to /rw/config/rc.local to automatically start the VPN when ProtonVPN VM starts:

sudo /rw/config/rc.local

# Add

# openvpn --cd /rw/config/vpn/ --config ch.protonvpn.udp.ovpn --daemon