Qubes/riseup-vpn: Difference between revisions
(new guide) |
(avoid deprecated <source>) |
||
Line 3: | Line 3: | ||
First, install the debian-10-minimal template if you haven't already: |
First, install the debian-10-minimal template if you haven't already: |
||
< |
<syntaxhighlight lang="bash">me@dom0$ sudo qubes-dom0-update qubes-template-debian-10-minimal</syntaxhighlight> |
||
Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0. |
Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0. |
||
< |
<syntaxhighlight lang="bash">me@dom0$ qvm-run -u root debian-10-minimal xterm</syntaxhighlight> |
||
< |
<syntaxhighlight lang="bash">root@debian-10-minimal$ apt update && apt upgrade && apt install qubes-core-agent-networking qubes-core-agent-network-manager nftables</syntaxhighlight> |
||
Once that's done, shutdown the template. |
Once that's done, shutdown the template. |
||
Line 14: | Line 14: | ||
Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box. |
Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box. |
||
< |
<syntaxhighlight lang="bash">me@dom0$ qvm-run -u root sys-riseup-vpn xterm</syntaxhighlight> |
||
< |
<syntaxhighlight lang="bash"> |
||
root@sys-riseup-vpn$ apt install leap-archive-keyring |
root@sys-riseup-vpn$ apt install leap-archive-keyring |
||
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list |
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list |
||
root@sys-riseup-vpn$ apt update && apt install riseup-vpn |
root@sys-riseup-vpn$ apt update && apt install riseup-vpn |
||
</syntaxhighlight> |
|||
</source> |
|||
Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package. |
Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package. |
||
Line 25: | Line 25: | ||
Once it's all installed, we need to set the VPN to start when the VM boots. |
Once it's all installed, we need to set the VPN to start when the VM boots. |
||
< |
<syntaxhighlight lang="bash"> |
||
sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local |
sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local |
||
</syntaxhighlight> |
|||
</source> |
|||
And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks". |
And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks". |
Revision as of 06:35, 3 April 2021
How I set up the Riseup VPN on Qubes.
First, install the debian-10-minimal template if you haven't already:
me@dom0$ sudo qubes-dom0-update qubes-template-debian-10-minimal
Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0.
me@dom0$ qvm-run -u root debian-10-minimal xterm
root@debian-10-minimal$ apt update && apt upgrade && apt install qubes-core-agent-networking qubes-core-agent-network-manager nftables
Once that's done, shutdown the template.
Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box.
me@dom0$ qvm-run -u root sys-riseup-vpn xterm
root@sys-riseup-vpn$ apt install leap-archive-keyring
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list
root@sys-riseup-vpn$ apt update && apt install riseup-vpn
Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package.
Once it's all installed, we need to set the VPN to start when the VM boots.
sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local
And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks".