Installation of AmneziaVPN: effective circumvention of internet blocks via DPI for China, Russia, Belarus, Turkmenistan, and Iran. VPN with Xray reality

Original forum link

Original poster

linuxuser1

Created at

2026-01-30 20:44:58

Posts count

Likes count

https://amnezia.org/ AmneziaVPN – an open‑source VPN, specifically designed for reliable circumvention of DPI-censorship filters in countries with strict internet control (China, Russia, Belarus, Turkmenistan, Iran). It uses modern protocols that make the connection less noticeable to DPI systems. It can also be self‑hosted.

AmneziaVPN doesn’t work on Debian 13 now.

Create a debian‑12-xfce template

Open Start → Settings → Qubes Tools → Qubes Template Manager.

Install the debian‑12‑xfce template.

After installation, update the template via Qubes Update

If servers for Qubes are blocked in your country, use Whonix with Snowflake bridges: Tor Control Panel → Configure → Bridges type → snowflake

Install Required Packages in the Template

Launch a terminal inside the debian‑12‑xfce template.

Run:

sudo apt install libxcb-cursor0 libxcb-xinerama0 libnss-resolve iptables

Download AmneziaVPN

Open a browser in the default‑dvm (a disposable VM).

Download the Linux version of AmneziaVPN: https://github.com/amnezia-vpn/amnezia-client/releases https://storage.googleapis.com/amnezia/amnezia.org

Copy the Downloaded File to the Debian Template

Right‑click the downloaded file, choose Copy to other qube, then select the target VM debian‑12‑xfce.

In the debian‑12‑xfce VM, open Thunar.

Navigate to your home directory → QubesIncoming → the folder whose name starts with disp…. Inside you’ll find the AmneziaVPN archive.

Extract the archive and run the installer.

Refresh the Application Menu

Open Qube Manager (click the blue cube icon on the panel).

Select debian‑12‑xfce, then click App Shortcuts at the top.

Click Refresh Applications to update the menu list.

Shut down debian‑12‑xfce (right‑click → Shutdown).

Create a new VPN AppVM

In Qube Manager, create a new AppVM based on the debian-12-xfce template. Name it sys‑vpn or sys-amnezia.

Go to App Shortcuts for sys‑vpn and move AmneziaVPN and Thunar to the right side.

Install AmneziaVPN in the sys‑vpn VM

Copy the AmneziaVPN installer file (the one you downloaded earlier) into sys‑vpn.

Extract the archive again inside sys‑vpn and run the installer (Otherwise, AmneziaVPN might fail to start).

Launch and configure AmneziaVPN

AppMenu → sys‑vpn → AmneziaVPN

Enable VLESS protocol.

Set up autostart if desired.

Set Up a Kill Switch (Manual Configuration)

The built‑in kill switch in the AmneziaVPN app does not work under Qubes OS, so configure it manually in sys‑vpn

Open a terminal in sys‑vpn and start Thunar with root privileges:

sudo thunar

Edit the file /rw/config/qubes-firewall-user-script and append the following rules at the bottom:

nft add rule ip qubes custom-forward tcp flags syn / syn,rst tcp option maxseg size set rt mtu
# Prevent the qube from forwarding traffic outside of the VPN
nft add rule qubes custom-forward oifname eth0 counter drop
nft add rule ip6 qubes custom-forward oifname eth0 counter drop

(The first command fixes slow connection issues on Linux by adjusting the MTU).

Route Traffic Through the VPN

Assign sys‑vpn as the Net qube for sys‑whonix and for any other AppVMs where you want to hide the IP address.

Edit Global Update Settings

Open Global Settings → Updates.

Enable “Disable checking for updates for all existing qubes.”

In the “Except for following qubes, for which checking for updates will be enabled” field, add sys‑vpn and sys‑whonix.

Remember that new AppVMs will be added to the exceptions list for update checks. You’ll need to manually delete any unnecessary AppVMs (with the real IP).