MirageOS is a library operating system with which you can create a unikernel for the sole purpose of acting as Qubes OS’s firewall. In this post, I will walk you through how to set this up. Advantages Small attack surface. The unikernel only contains a minimal set of libraries to function, so it has a much smaller attack surface than a general purpose operating system like a Linux distribution or openBSD....
Before We Start… I sent Proton an email regarding this issue in late August 2022 and was told they are working on fixing it, though it will take some time as it requires some architectural changes in how the killswitch works. The Leak Ideally, when implementing a killswitch, a VPN client should drop all connections on non-VPN interfaces except when the connection is to the VPN provider’s servers. This is necessary to prevent accidental leaks, at least by unprivileged applications....
Lokinet is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will provide a quick (and non exhaustive) list of its pros and cons from an end user perspective and go over how to set it up on Qubes OS. Advantages Provides anonymity by removing trust in a service provider (as opposed to a traditional VPN) Better versatility than Tor by supporting any IP based protocols (Tor only supports TCP) Generally faster speed than the Tor Network Disadvantages Only works well on Debian-based distributions....
Mullvad is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official Mullvad client in a ProxyVM on Qubes OS. This method is a lot more convenient than the official guide from Mullvad (which recommends that you manually load in OpenVPN or Wireguard profiles) and will let you seamlessly switch between different location and network setups just as you would on a normal Linux installation....
This post will go over setting up Split GPG, then setting up Split SSH with the same PGP keys. Effectively, we are emulating what you can do with a PGP smartcard on Qubes OS. Split GPG Follow the official Qubes OS documentation to set this up. Note that if you already have a PGP key with a passphrase, you can remove it by installing pinentry-gtk to vault’s TemplateVM, then do gpg2 --edit-key <key_id> and passwd to set an empty passphrase....