Add an article about qubes-miragevpn

articles/qubes-miragevpn.md

@@ -0,0 +1,82 @@
+---
+date: 2024-06-24
+article.title: qubes-miragevpn, a MirageVPN client for QubesOS
+article.description: A new OpenVPN client for QubesOS
+tags:
+  - OCaml
+  - vpn
+  - unikernel
+  - QubesOS
+author:
+  name: Romain Calascibetta
+  email: romain.calascibetta@gmail.com
+  link: https://blog.osau.re/
+---
+
+We are pleased to announce the arrival of a new unikernel:
+[qubes-miragevpn][qubes-miragevpn]. The latter is the result of work begun
+several months ago on [miragevpn][miragevpn].
+
+Indeed, with the ambition of completing our unikernel suite and the success of
+[qubes-mirage-firewall][qubes-mirage-firewall] - as well as the general aims of
+QubesOS - we thought it would be a good idea to offer this community a unikernel
+capable of acting as an OpenVPN client, from which other virtual machines (app
+qubes) can connect so that all their connections pass through the OpenVPN
+tunnel.
+
+## QubesOS & MirageOS
+
+Unikernels and QubesOS have always been a tempting idea for users in the sense
+that a network application (such as a firewall or VPN client) could be smaller
+than a Linux kernel: no keyboard, mouse, wifi management, etc. Just network
+management via virtual interfaces should suffice.
+
+In this case, the unikernel corresponds to this ideal where, starting from a
+base ([Solo5][solo5]) that only allows the strictly necessary (reading and
+writing on a virtual interface or block device) and building on top of it all
+the application logic strictly necessary to the objective we wish to achieve
+reduces, in effect, drastically:
+1) the unikernel's attack surface
+2) its weight
+3) its memory usage
+
+
+We won't go into all the work that's been done to maintain and improve
+[qubes-mirage-firewall][qubes-mirage-firewall] over the last 10
+years<sup>[1](#fn1)</sup>, but it's clear that this particular unikernel has
+found its audience, who aren't necessarily OCaml and MirageOS aficionados.
+
+In other words, [qubes-mirage-firewall][qubes-mirage-firewall] may well be a
+fine example of what can actually be done with MirageOS, and of real utility.
+
+<hr>
+
+<tag id="fn1">**1**</tag>: [marmarek][marmarek], [Mindy][yomimono] or
+[mato][mato] were (and still are) heavily involved in the work between QubesOS
+and MirageOS. We'd also like to thank them, because if we're able to continue
+this adventure, it's also thanks to them.
+
+## QubesOS & MirageVPN
+
+So, after a lengthy development phase for MirageVPN, we set about developing a
+unikernel for QubesOS to offer an OpenVPN client as an operating system. We'd
+like to give special thanks to [Pierre Alain][palainp], who helped us to better
+understand QubesOS and its possibilities.
+
+The unikernel is available here: https://github.com/robur-coop/qubes-miragevpn
+A tutorial has just been created to help QubesOS users install and configure
+such an unikernel: https://robur-coop.github.io/miragevpn-handbook/
+
+In the same way as [qubes-mirage-firewall][qubes-mirage-firewall], we hope to
+offer a solution that works and expand the circle of MirageOS and unikernel
+users!
+
+[qubes-miragevpn]: https://github.com/robur-coop/qubes-miragevpn
+[miragevpn]: https://github.com/robur-coop/miragevpn
+[qubes-mirage-firewall]: https://github.com/mirage/qubes-mirage-firewall
+[glossary]: https://www.qubes-os.org/doc/glossary/
+[solo5]: https://github.com/Solo5/solo5
+[palainp]: https://github.com/palainp
+[marmarek]: https://github.com/marmarek
+[yomimono]: https://github.com/yomimono
+[mato]: https://github.com/mato