VPN-support.md

@@ -146,3 +146,29 @@ Subtleties:
    stick, then move it to Persistent Storage?
  - How can we wait for the `VPN` to be ready, so that `tor` is started when it makes sense?
    We could just ignore this, start tor anyway, and hope this is good enough.
+
+#### Q: Will we need to write some UI that wraps NetworkManager and VPNs?
+
+I'm afraid we'll need to do some of it, if we want to have good UX.
+
+For example, we want to make it easy for the user to pick their VPN configuration file and import it (that is,
+the equivalent of `nmcli connection import type wireguard file xxx.conf`); maybe preventing them to do so if
+there is already a VPN defined. and after that, activate the VPN.
+
+#### Q: how does this fit into easy mode / hide mode?
+
+In theory, the two are orthogonal: one could want to hide that they are using Tor from their VPN, too.
+
+In practice, this depends on what kind of stories our personas have for using Tails.
+It might be that we assume that VPN mode ⇒  easy mode (over VPN).
+
+#### Q: How can the user get the VPN configuration file?
+
+If you were wondering: it won't fit in a (reasonably readable) QR code.
+
+So passing it on a USB stick would work. Obviously, you could put it into Tails' persistence. Worst case:
+ - run Tails with persistent storage enabled and vpn disabled
+ - go to mullvad.net, download your file, put it in persistent storage
+ - reboot, enable both persistent storage and vpn
+ - you can now pick your file from some UI
+