[1] Stock Android with Google Apps

Currently provided as package updates in Debian Testing

VPN functionality will be added to Gnome-Control-Center in the future, but for now you can configure this via nmcli. This guide will explain how to import an OpenVPN connection, and then configure other connections to require it as a “secondary”.

1. Add OpenVPN support for NetworkManager by running sudo apt install network-manager-openvpn.

2. Import your OpenVPN .ovpn file by running sudo nmcli connection import type openvpn file {yourovpnfile.ovpn}

3. Until this is integrated with gnome-keyring, you must store your username and password in the .nmconnection file (currently insecure due to lack of disk encryption, which is coming in the future as well). Edit your VPN config in /etc/NetworkManager/system-connections, where the file is {youropenvpnfilename}.nmconnection. Change the password-flags to 0. At the bottom of the [vpn] block, add username={your username}. Then, below the [vpn] block, add the following:

[vpn-secrets]
password={your vpn password}

4. Obtain the UUID of your VPN connection by running sudo nmcli con show {your vpn connection name}; the UUID is the second line.

5. In the same directory, you can now modify any connection, including your cellular one, to bring up and require the VPN connection by adding this to the end of the [connection] block: secondaries={UUID}; (dont forget the trailing semi-colon).

6. Restart NetworkManager with sudo systemctl restart NetworkManager for the changes to take effect.

TODO

TODO

Implemented on some system daemons using unit files

Use `sudo systemd-analyze security` to check the current status

Provided optionally by firejail. Not enabled by default.

Protects from unauthorized USB devices being connected. Provided optionally by the usbguard package. Not enabled by default.

See https://wiki.debian.org/ReproducibleBuilds

Also see https://wiki.debian.org/PrivacyIssues