One of the best thing in Qubes that you can use special type of VMs called ProxyVM (or FirewallVM). The special thing is that your AppVMs see this as a NetVM, and the NetVMs see it as an AppVM. Because of that You can place a ProxyVM between your AppVMs and Your NetVM. This is how the sys-firewall VM is working by default.
Using a ProxyVM to set up a VPN client gives you the ability to:
- Separate your VPN credentials from Your NetVMs,
- Separate your VPN credentials from Your AppVM data,
- Easily control which of your AppVMs are connected to your VPN by simply setting it as a NetVM of the desired AppVM,
- Use it as a FirewallVM for the connected AppVMs
Te instructions below assumes that you:
- are using Qubes OS, (version 3.1-rc2 or newer)
- have a separate ProxyVM for VPN connections
- using NetworkManager for connecting to your VPN servers
In this case if you want some nice green/red padlock icon instead of the NetworkManager defaults, follow these instructions:
In Your ProxyVM:
- Create a directory:
mkdir -p /home/user/.icons/Adwaita
- Unzip the icon pack:
unzip -d /tmp ~/QubesIncoming/<source vm>/qubes-artwork-proxy-vpn-master.zip
- copy the relevant files into that newly created directory:
cp -a /tmp/qubes-artwork-proxy-vpn-master/* /home/user/.icons/Adwaita/
- Reboot Your customized ProxyVM and enjoy the results :)
Yes, this means we just overriding the default Adwaita icons. Much more elegant solution would be:
- create a real new icon theme
- set this theme as default for your ProxyVM