(WIP) QubesOS R4 support

[tlaurion]

@tasket: what else should be done here to adapt openpyn to QubesOS R4?

In QubesOS debian-9 template:

sudo apt install openvpn unzip wget python3-setuptools
sudo apt install python3-pip

In Qubes proxyVM:

sudo mkdir -p /rw/config/qubes-bind-dirs.d/
sudo tee /rw/config/qubes-bind-dirs.d/50_user.conf <<< "binds+=( '/etc/systemd/system/' )"
sudo /usr/lib/qubes/bind-dirs.sh umount
sudo /usr/lib/qubes/bind-dirs.sh
sudo python3 -m pip install openpyn --upgrade
sudo openpyn --init
sudo systemctl enable openpyn
sudo systemctl start openpyn

Qubes proxyVM qube settings -> Service: add openpyn

---

That proxyvm cannot be used by other qubes.

[tasket]

@tlaurion The first thing I'd do is switch the "up" and "down" script to the one that Qubes-vpn-support (or qubes-tunnel) uses... qubes-vpn-ns or qtunnel-connect. This will get DNS working right.

Second, I'd disable the openpyn firewall routine when Qubes is detected (check for file /var/run/qubes/this-is-proxyvm) and use a firewall script from Qubes-vpn-support/qubes-tunnel. This means the firewall is configured at install time (since you want to have Qubes activate it at boot from /rw/config/qubes-firewall.d/90_tunnel-restrict), not at run time.

---

An alternative might be to integrate in the other direction, for example adapt the config selection routine for qubes-tunnel. Not sure how openpyn does it, but ability to select sites is what I had in mind for the future systray icon: https://github.com/tasket/Qubes-vpn-support/issues/17