Easiest way to do VPN over TOR on Qubes? : Qubes | Torhoo darknet markets

So my current setup for a VPN Qube that only lets you connect to the VPN over the clearweb are as follows:

I've ran it through ai to rewrite it for me thats why it looks like it

Sure! Here’s a clearer, step-by-step guide for setting up a Qubes OS AppVM to connect exclusively to ProtonVPN using an OVPN file:

---

### Setting Up a Qubes AppVM for ProtonVPN

**Pre-Setup Steps:**

1. **Create an OnionMail Account:**
   - Open your Whonix VM in Qubes.
   - Sign up for an OnionMail account.

2. **Sign Up for ProtonVPN:**
   - Use your OnionMail account to sign up for ProtonVPN.

3. **Download the OVPN File:**
   - Log into your ProtonVPN account.
   - Navigate to the Downloads section.
   - Select 'GNU/Linux' as the platform and 'UDP' as the protocol.
   - Download the OVPN file corresponding to the fastest server option.

4. **Create Credentials File:**
   - In the Account section of ProtonVPN, copy your username and password.
   - Create a new text file named `cred.txt` and paste your username and password into it, formatted as follows:
     ```
     username
     password
     ```

5. **Transfer Files to Vault:**
   - Right-click both the OVPN file and `cred.txt`, then select 'Copy to another qube' and choose Vault.

6. **Edit the OVPN File:**
   - Open the OVPN file in Vault.
   - Append the following lines to the end of the file:
     ```
     auth-user-pass /home/user/QubesIncoming/vault/cred.txt
     redirect-gateway def1
     auth-nocache
     dhcp-option DNS 1.1.1.1
     ```

   - Alternatively, you can use the terminal to append these lines:
     - Navigate to the folder containing the OVPN file.
     - Open a terminal in that folder and run:
       ```bash
       echo "
       auth-user-pass /home/user/QubesIncoming/vault/cred.txt
       redirect-gateway def1
       auth-nocache
       dhcp-option DNS 1.1.1.1" >> <your-ovpn-file-name>.ovpn
       ```

---

### Main Instructions for Setting Up the AppVM:

1. **Create a New AppVM:**
   - In Qubes, create a new VM with the following settings:
     - **Type:** AppVM
     - **Template:** fedora-38-xfce
     - **Networking:** (none)
   - Enable the option to launch settings after creation.

2. **Configure Firewall Rules:**
   - In the Settings window, go to 'Firewall rules'.
   - Select 'Limit outgoing connections to...'.
   - Click the green plus sign and enter the IP addresses from your OVPN file (look for lines starting with `remote`).
     - Example:
       ```
       Address: <ip address>
       Protocol: UDP
       Port/Service: <port number>
       ```

3. **Add Network Manager Service:**
   - In the 'Services' tab, select 'network-manager' from the dropdown menu and click 'Add'.

4. **Run the New VM:**
   - Start the VM you just created.

5. **Transfer OVPN and Credentials Files:**
   - In Vault, find your OVPN file and `cred.txt`.
   - Right-click both files and select 'Copy to another qube', sending them to your new VM.

6. **Set Up VPN Connection:**
   - Click the new icon that appears in the top right corner of Qubes (matching your new VM's color).
   - Select 'VPN Connections' and then 'Add a VPN connection'.
   - Choose 'Import a saved VPN configuration...' from the dropdown menu.
   - Select the OVPN file from the 'QubesIncoming' folder.
   - Enter your username and password from `cred.txt` when prompted.
   - Leave the keyring password blank and select 'Continue' to store passwords unencrypted.

7. **Change Networking to sys-firewall:**
   - In the VM settings, change the network to 'sys-firewall'.

8. **Connect to the VPN:**
   - Click the new icon again and connect to your OVPN file (usually named 'node-...').
   - Ensure the box next to it is checked to activate the connection.

---

### Additional Notes:

- **Firewall Rules:** The firewall rules ensure that your VM only connects through the VPN.
- **Network Access for Other VMs:** If desired, you can allow other VMs to connect through this VPN VM by selecting it as their networking option.
- **Manual Connection:** You will need to manually connect to the VPN each time you start the VM. This is a security feature to ensure you don’t accidentally connect without the VPN.

If you have any questions or need further assistance, feel free to ask!

--- 

This guide should help someone set up their Qubes VM to connect securely to ProtonVPN.

I've ran the instructions through AI on tor in another Qube to hide any language correlation hopefully
All just for fun though my threat level is almost nothing lol

So basically i wanted this, but i set myself the challenge to set this up but have VPN over TOR, and since i dont want to pay for VPN (like i said low threat level so free VPN is fine with me), since i dont want to pay for the VPN, I'm using ProtonVPN, but when i have my network manager setup, and change the network of the Qube to sys-whonix so that it runs through tor, the network-manager won't let me connect to the ovpn file, seemingly because its trying too connect through TOR

Does anyone else know whats going on here as im way out of my knowledge i think in terms of how qubes works maybe? or mayb its just because ProtonVPN doesnt want anyone connecting through tor so that they can farm our data?

Any help anyone?

(Also any comments on the normal clearweb vpn qubes setup would be greatly appreciated any criticism or anything i would love to know if there is a better way to do this thats more private and more simple because it does take about 20 minutes every time i want to make a new vpn qube)