Qubes/riseup-vpn: Difference between revisions

From Legoktm
(new guide)
 
(avoid deprecated <source>)
Line 3: Line 3:
First, install the debian-10-minimal template if you haven't already:
First, install the debian-10-minimal template if you haven't already:


<source lang="bash">me@dom0$ sudo qubes-dom0-update qubes-template-debian-10-minimal</source>
<syntaxhighlight lang="bash">me@dom0$ sudo qubes-dom0-update qubes-template-debian-10-minimal</syntaxhighlight>


Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0.
Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0.


<source lang="bash">me@dom0$ qvm-run -u root debian-10-minimal xterm</source>
<syntaxhighlight lang="bash">me@dom0$ qvm-run -u root debian-10-minimal xterm</syntaxhighlight>
<source lang="bash">root@debian-10-minimal$ apt update && apt upgrade && apt install qubes-core-agent-networking qubes-core-agent-network-manager nftables</source>
<syntaxhighlight lang="bash">root@debian-10-minimal$ apt update && apt upgrade && apt install qubes-core-agent-networking qubes-core-agent-network-manager nftables</syntaxhighlight>


Once that's done, shutdown the template.
Once that's done, shutdown the template.
Line 14: Line 14:
Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box.
Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box.


<source lang="bash">me@dom0$ qvm-run -u root sys-riseup-vpn xterm</source>
<syntaxhighlight lang="bash">me@dom0$ qvm-run -u root sys-riseup-vpn xterm</syntaxhighlight>
<source lang="bash">
<syntaxhighlight lang="bash">
root@sys-riseup-vpn$ apt install leap-archive-keyring
root@sys-riseup-vpn$ apt install leap-archive-keyring
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list
root@sys-riseup-vpn$ apt update && apt install riseup-vpn
root@sys-riseup-vpn$ apt update && apt install riseup-vpn
</syntaxhighlight>
</source>


Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package.
Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package.
Line 25: Line 25:
Once it's all installed, we need to set the VPN to start when the VM boots.
Once it's all installed, we need to set the VPN to start when the VM boots.


<source lang="bash">
<syntaxhighlight lang="bash">
sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local
sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local
</syntaxhighlight>
</source>


And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks".
And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks".

Revision as of 06:35, 3 April 2021

How I set up the Riseup VPN on Qubes.

First, install the debian-10-minimal template if you haven't already: 

me@dom0$ sudo qubes-dom0-update qubes-template-debian-10-minimal

Then install the basics for networking to work. The minimal template doesn't have passwordless sudo, so you'll have to open the terminal from dom0. 

me@dom0$ qvm-run -u root debian-10-minimal xterm

root@debian-10-minimal$ apt update && apt upgrade && apt install qubes-core-agent-networking qubes-core-agent-network-manager nftables

Once that's done, shutdown the template.

Now we're going to create a standalone VM based off of the debian-10-minimal template. I named it sys-riseup-vpn. Make sure you check the "provides network" box. 

me@dom0$ qvm-run -u root sys-riseup-vpn xterm

root@sys-riseup-vpn$ apt install leap-archive-keyring
root@sys-riseup-vpn$ echo "deb http://deb.leap.se/client release buster" > /etc/apt/sources.list.d/leap.list
root@sys-riseup-vpn$ apt update && apt install riseup-vpn

Breaking that down, we need to first install the leap GPG keys for the external apt repository we add to be verified. We could just download the keys from their website, but using the packaged version from Debian adds an additional trust factor that we got the right keys. Then we add the external apt repository and install the riseup-vpn package.

Once it's all installed, we need to set the VPN to start when the VM boots. 

sys-riseup-vpn$ echo "/usr/bin/riseup-vpn" >> /rw/config/rc.local

And that's it! Shutdown the VM, set another VM to use it for networking, and then watch as the Riseup VPN loads in your indicator menu. You can verify that you're proxying through Riseup by visiting any of the "check my IP address" websites and seeing that your ISP is "Riseup Networks".

Retrieved from "https://legoktm.com/w/index.php?title=Qubes/riseup-vpn&oldid=192"