Debian
- download latest
gnosisvpn_amd64.debpackage from releases - then run the installation procedure
- in a terminal these steps look as follows:
# assuming download to default location, replace <arch> placeholder. Run installation procedure.
$ sudo apt install ~/Downloads/gnosisvpn_<arch>.debThis step is mandatory when installing a newer version of Gnosis VPN. The older version should be first uninstalled.
- in a terminal run
sudo apt remove gnosisvpn
- in a terminal run
sudo systemctl restart gnosisvpn.service
The Gnosis VPN app is built on GTK3, which runs through the legacy X11 compatibility layer on Wayland. This can cause incorrect scaling when display scaling is set manually. Find the scaling option for legacy (X11) apps in your desktop environment's display settings and set it to "Scaled by the system". On KDE, this is typically found under Display Configuration:
| Folder | Purpose | Owner | Permissions | Default Value / Notes | FHS / Debian best practice |
|---|---|---|---|---|---|
/etc/gnosisvpn/ |
Configuration directory | gnosisvpn:gnosisvpn |
0755 |
Contains env file, network config files, and a config.toml symlink pointing to the active network |
✓ Standard — /etc/<package> is the correct FHS location for application config |
/var/lib/gnosisvpn/ |
State and cache directory | gnosisvpn:gnosisvpn |
0775 |
Service working directory; holds .cache/wg0_gnosisvpn.conf (WireGuard config written at runtime) |
Location is standard, but 0775 (group-writable) is permissive — 0750 is more typical for service state dirs that hold sensitive files |
/var/log/gnosisvpn/ |
Log directory | gnosisvpn:gnosisvpn |
0755 |
gnosisvpn.log is written here; rotated daily, 7-day retention |
Location is standard. Modern alternative: log to stdout/stderr and let journald manage it (journalctl -u gnosisvpn) — no dedicated directory or logrotate needed |
/run/gnosisvpn/ |
Runtime directory | root:root |
0755 |
Created by systemd at service start, not by the installer scripts | ✓ Standard — /run (superseded /var/run) is the correct FHS location for runtime data |
/etc/apt/keyrings/ |
APT signing keys | root:root |
0644 (file) |
gnosisvpn-archive-keyring.gpg copied from bundled /usr/share/gnosisvpn/ during postinstall |
✓ Current best practice — introduced by Debian/Ubuntu ~2022, replaces the deprecated /etc/apt/trusted.gpg.d/
|
/etc/apt/sources.list.d/ |
APT repository source | root:root |
0644 (file) |
gnosisvpn.sources written during postinstall; URI https://download.gnosisvpn.io/linux/apt, suite stable, component main
|
✓ Standard — .sources (DEB822 format) is the modern recommendation over the legacy .list format |
/etc/apparmor.d/local/ |
AppArmor local drop-ins | root:root |
0644 (file) |
wg-quick drop-in allowing wg-quick to read /var/lib/gnosisvpn/.cache/wg0_gnosisvpn.conf; Ubuntu-only |
✓ Standard — /etc/apparmor.d/local/ is the canonical location for site-local AppArmor overrides |
/usr/share/gnosisvpn/ |
Shared package resources | root:root |
0644 (files) |
Bundles the APT keyring GPG file used during postinstall | ✓ Standard — /usr/share/<package> is the FHS location for architecture-independent read-only data |
/usr/share/doc/gnosisvpn/ |
Documentation | root:root |
0644 (files) |
Copyright notice and changelog; removed on uninstall (not purge) | ✓ Required by Debian policy — every package must ship a copyright file here |
| Path | Purpose | Default | FHS / Debian best practice |
|---|---|---|---|
/usr/lib/systemd/system/gnosisvpn.service |
Systemd unit | Enabled and started post-install | ✓ Correct modern path — /usr/lib/systemd/system/ is for vendor-installed units; the older /lib/systemd/system/ is deprecated |
/etc/logrotate.d/gnosisvpn |
Log rotation policy | Daily, 7 days, gzip | ✓ Standard for file-based logs — not needed at all if switching to journald |
/etc/gnosisvpn/config.toml |
Symlink to active network config | Points to config-jura.toml (default network: jura) |
Workable but non-standard — the Debian convention for selecting between variants is update-alternatives; a drop-in dir /etc/gnosisvpn/config.d/ is another common pattern |
/etc/gnosisvpn/gnosisvpn.env |
Service environment variables |
RUST_LOG=info, log to /var/log/gnosisvpn/gnosisvpn.log, static routing forced |
Differs — Debian convention for service environment files is /etc/default/<package> (i.e. /etc/default/gnosisvpn), which is where admins expect to find and override service settings |