PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Fix grammar

Browse Source 
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
This commit is contained in:
friendly-rabbit-35 2024-05-22 21:40:46 +00:00 committed by GitHub
parent 5ecf913f94
commit 1e210a88aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/posts/qubes/Using Mullvad VPN on Qubes OS.md
View File

@ -11,7 +11,7 @@ Mullvad is a fairly popular and generally trustworthy VPN provider. In this post
## Preparing your TemplateVM
I recommend that you make a new TemplateVM based on latest Fedora GNOME template and remove all unnecessary packages that you might not use. This way, you can minimize the attack surface while not having to deal with missing dependencies like on a minimal template. With that being said, if you do manage to get the minimal template to fully work with Mullvad, feel free to [open a discussion on GitHub](https://github.com/orgs/PrivSec-dev/discussions) or [contact me directly](https://tommytran.io/contact) and I will update the post accordingly.
I recommend that you make a new TemplateVM based on the latest Fedora GNOME template and remove all unnecessary packages that you might not use. This way, you can minimize the attack surface while not having to deal with missing dependencies like on a minimal template. With that being said, if you do manage to get the minimal template to fully work with Mullvad, feel free to [open a discussion on GitHub](https://github.com/orgs/PrivSec-dev/discussions) or [contact me directly](https://tommytran.io/contact) and I will update the post accordingly.
I run [this script](https://github.com/TommyTran732/QubesOS-Scripts/blob/main/fedora-gnome/fedora-gnome.sh) on my template to trim it down.
@ -31,7 +31,7 @@ sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mul
sudo dnf install -y mullvad-vpn
```
To workaround [issue 3803](https://github.com/mullvad/mullvadvpn-app/issues/3803), we will using systemd path to run `/usr/lib/qubes/qubes-setup-dnat-to-ns` every time Mullvad modifies `/etc/resolv.conf`. Create the following files:
To work around [issue 3803](https://github.com/mullvad/mullvadvpn-app/issues/3803), we will be using systemd path to run `/usr/lib/qubes/qubes-setup-dnat-to-ns` every time Mullvad modifies `/etc/resolv.conf`. Create the following files:
- `/etc/systemd/system/dnat-to-ns.service`
```
@ -72,7 +72,7 @@ Next, enable the systemd path:
sudo systemctl enable dnat-to-ns.path
```
Finally, shutdown the TemplateVM:
Finally, shut down the TemplateVM:
```bash
sudo shutdown now
@ -105,4 +105,4 @@ With this current setup, the ProxyVM you have just created will be responsible f
Instead, I highly recommend that you [create a minimal Mirage FirewallVM](/posts/qubes/firewalling-with-mirageos-on-qubes-os/) and use it as a firewall **behind** the Mullvad ProxyVM. Other AppVMs then should use the Mirage Firewall as the net qube instead. This way, you can make sure that firewall rules are properly enforced.
![MirageOS](/images/mirageos.png)
![MirageOS](/images/mirageos.png)