Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 03/13/2018 11:05 PM, brendan.h...@gmail.com wrote: If I pull the WiFi card out and don’t connect the Ethernet port to anything, then I configure qubes to use only a usb WiFi adapter (as I indicated above), I’m pretty sure that the ME engine won’t be able to use any of the three network interfaces to phone home. For ME to work over a network, it has to have a driver for the network adapter. It is unlikely to have one for the USB adapter. I would re-read what I stated before - a hypothetical backdoor can easily use simple P2P DMA writes it doesn't need drivers. Don't you think the makers of such a thing would have planned for such a contingency? many people use USB mobile internet cards or wifi adapters. I’m pretty sure that ME is one reason Lenovo firmware has a WiFi card whitelist. No its to get people to buy their own card upgrades (ex: $100+ at purchase) instead of cheaper ones under the guise of FCC rules, it existed long before ME. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b54c7e2-b364-44c4-00aa-3626c24971c7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Wed, 14 Mar 2018, taii...@gmx.com wrote: > On 03/13/2018 11:05 PM, brendan.h...@gmail.com wrote: > > > If I pull the WiFi card out and don’t connect the Ethernet port to anything, > > then I configure qubes to use only a usb WiFi adapter (as I indicated > > above), I’m pretty sure that the ME engine won’t be able to use any of the > > three network interfaces to phone home. For ME to work over a network, it > > has to have a driver for the network adapter. It is unlikely to have one for > > the USB adapter. > I would re-read what I stated before - a hypothetical backdoor can easily use > simple P2P DMA writes it doesn't need drivers. Given that should attack should make sure that device won't crash when such a hypotetical backdoor is using DMA while something else is using the device through the normal driver at the same time, I'd seriously consider removing at least the "simple" qualifier from there. Alternatively, the attack needs synchronization besides DMA which also invalidates your claim that simple P2P DMA is enough. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1803140939280.5829%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On 03/13/2018 09:53 PM, Drew White wrote: On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: On 03/13/2018 08:20 PM, Drew White wrote: On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. I think you mean "not an OpenVPN..."? I am guessing so, yes, thanks for clarifying. FWIW, the resources at those links are meant to be adaptable for non-OpenVPN setups, and they don't impose any particular type of routing (other than forbidding access that most call 'leaks'). As for accessing the LAN directly through a VPN VM, there are simple ways to make an exception for it. That's what I don't get. All I want to do is have the VPN connect, nothing else. So that my AppVM can talk through it to the external. OK, this sounds like you want to connect to a remote LAN. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. There are plenty of guides out there. But when searching for examples keep in mind that a Qubes proxyVM behaves much like a router (not a PC endpoint) so that may be the best type of guide to use. Exactly, and as a router it should connect a VPN. I used to have it able to do it. So that's why I don't understand why it isn't working. Since I had it able to do it once before, ages ago, and nothing has changed since then, and now it isn't working. So it's odd. Thus I figured maybe something has changed. I want to say "Not much has changed in R3.2 networking", but the Linux distros in the templates have changed somewhat over the years. In any case, you'll need to review your configuration and maybe post setup steps to get specific troubleshooting advice. At this point, you could focus on fixing the existing configuration or consider a new setup. Unfortunately I haven't noticed other Qubes users posting about PPTP and haven't used it myself for a very long time (only used it on Windows). That may be because PPTP is considered insecure (one reason to switch to OpenVPN or protocol). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e4112e7-d663-b292-9f49-4ed3ec282c54%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes won't boot 'kernel panic', where is AppVm data?
Le lundi 12 mars 2018 01:21:31 UTC+1, awokd a écrit : > On Sun, March 11, 2018 10:03 pm, ale10203...@gmail.com wrote: > > Hello, I am currently locked out of my qubes system because of a "kernel > > panic" error I encounter when I boot the system, after the grub screen. I > > don't really know what to do. The only thing I did before this to happen > > is to try to install AEM (without success), it may be the reason for > > this. Is there any fix to this? > > Haven't tried AEM, unfortunately. > > > I still have my qubes installation media, > > I can run the troubleshooting mode. I have qubes R4-rc4. > > I am also searching for the place to search for my appvms data so I can > > backup them and then re-install qubes (I use qubes for some months now), > > I can't find the appvm data anywhere... thanks for your answers ! > > Qubes R4.0 uses LVM instead of files- each disk in each AppVM is a > separate LVM logical partition. Short version is you mount the decrypted > disk, then you scan it for LVM partitions, and then mount the filesystem > inside the LVM partition you want to recover. Have only done it once or > twice, can't remember exact commands, but search for something like LUKS > LVM rescue. Thanks a lot ! I got a little in trouble searching about LVM partitions but after all I managed to backup my important data on a removable media from a live system before reinstalling qubes. Thanks again ! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb77b50d-e69d-405d-b781-b23b1338172d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to update default template VM?
Hi All, I did install RC4 from 3.2, I cannot get update the default templatevm even assigned sys-firewall, how to fix this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21aba539-a952-442e-b48c-77e67fe7e48d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, March 14, 2018 at 7:28:58 AM UTC-5, Chris Laprise wrote: > On 03/13/2018 09:53 PM, Drew White wrote: > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > >> On 03/13/2018 08:20 PM, Drew White wrote: > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > The current VPN doc is here: > > https://www.qubes-os.org/doc/vpn/ > >>> > >>> Thanks for the reply Chris, but that is not what I was looking for as I > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > >> > >> I think you mean "not an OpenVPN..."? > > > > I am guessing so, yes, thanks for clarifying. > > > >> FWIW, the resources at those links are meant to be adaptable for > >> non-OpenVPN setups, and they don't impose any particular type of routing > >> (other than forbidding access that most call 'leaks'). As for accessing > >> the LAN directly through a VPN VM, there are simple ways to make an > >> exception for it. > > > > That's what I don't get. All I want to do is have the VPN connect, nothing > > else. So that my AppVM can talk through it to the external. > > OK, this sounds like you want to connect to a remote LAN. > > > >>> > >>> I also want to have one where everything that is going to happen on the > >>> remote network is pushed through the VPN, and everything else remains > >>> using the local connection. > >>> > >>> So there are 2 ways I'm looking at having it work. > >>> > >>> But at first, I just want a standard PPTP connection. > >> > >> There are plenty of guides out there. But when searching for examples > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > >> endpoint) so that may be the best type of guide to use. > > > > Exactly, and as a router it should connect a VPN. > > I used to have it able to do it. So that's why I don't understand why it > > isn't working. Since I had it able to do it once before, ages ago, and > > nothing has changed since then, and now it isn't working. So it's odd. Thus > > I figured maybe something has changed. > > I want to say "Not much has changed in R3.2 networking", but the Linux > distros in the templates have changed somewhat over the years. In any > case, you'll need to review your configuration and maybe post setup > steps to get specific troubleshooting advice. > > At this point, you could focus on fixing the existing configuration or > consider a new setup. Unfortunately I haven't noticed other Qubes users > posting about PPTP and haven't used it myself for a very long time (only > used it on Windows). That may be because PPTP is considered insecure > (one reason to switch to OpenVPN or protocol). > > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 I'll chime in here. You can ignore the firewall scripts and such in that VPN doc if you don't care about DNS leaking and such (depends of course on your attack model). For all intensive purposes, connecting to your VPN from a proxy VM is the same as from an app VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/290c5244-2b3b-4b23-a0b5-65220f8f5528%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to update default template VM?
On Wed, Mar 14, 2018 at 06:47:34AM -0700, Michael MENG wrote: > Hi All, > I did install RC4 from 3.2, I cannot get update the default templatevm even > assigned sys-firewall, how to fix this? > Hi Michael Which template are you using as default? What error are you getting when you run an update? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180314141401.o65suv6bwpkknszw%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Missing hard disk free space
Hi, I am pretty confused with thin lvm pools and free disk space. I attached part of lvs output. Is root qubes_dom0-root? 36.96% of data means near 77gb? df on dom0 only shows near 6GB... Is the meta value fine? I should have near 100gb of free space and I am nearly full :/ Regards. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4167148-718d-635a-b439-43b28ecedf1b%40riseup.net. For more options, visit https://groups.google.com/d/optout. [user@dom0 ~]$ sudo lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert pool00 qubes_dom0 twi-aotz-- 209.05g 98.16 50.12 root qubes_dom0 Vwi-aotz-- 209.05g pool00 36.96 swap qubes_dom0 -wi-ao 7.63g
[qubes-users] cant connect to outsidet network after setting static ip
so i have vm that i had network connectivity as part of the guide that is listed below i set a static ip to the vm, after which i cant connect to anything even after statically binding the ip to the previous ip but to no avail iv tried to connect the vm to both sys-firewall and sys-net directly any ping attempt from said vm returns destination host unreachable the other vm's are unaffected and still have network connectivity -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75d426a7-fc7f-4173-a7ac-e69768aacdd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: cant connect to outsidet network after setting static ip
On Wednesday, March 14, 2018 at 6:23:22 PM UTC+2, shon.b...@gmail.com wrote: > so i have vm that i had network connectivity > as part of the guide that is listed below > i set a static ip to the vm, after which i cant connect to anything > even after statically binding the ip to the previous ip > but to no avail > iv tried to connect the vm to both sys-firewall and sys-net directly > any ping attempt from said vm returns destination host unreachable > the other vm's are unaffected and still have network connectivity thanks in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f78d49d4-3032-4e58-9249-3a6812b76433%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: cant connect to outsidet network after setting static ip
On Wednesday, March 14, 2018 at 6:23:22 PM UTC+2, shon.b...@gmail.com wrote: > so i have vm that i had network connectivity > as part of the guide that is listed below > i set a static ip to the vm, after which i cant connect to anything > even after statically binding the ip to the previous ip > but to no avail > iv tried to connect the vm to both sys-firewall and sys-net directly > any ping attempt from said vm returns destination host unreachable > the other vm's are unaffected and still have network connectivity said guide https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20your%20first%20server.md thank you in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d08f31a1-a7cc-45d7-810c-f8cc6969b678%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can a Windows StandaloneVM be made into a TemplateVM?
> I copied > /var/lib/qubes/appvms/win7/root.img > /var/lib/qubes/appvms/win7/private.img > to > /var/lib/qubes/vm-templates/win7-x64-template/root.img > /var/lib/qubes/vm-templates/win7-x64-template/private.img > Hi, can I ask how you did that? When I look into the directories you mention (in R4), I don't find these files (but only "icon.png" and "firewall.xml"). Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/39bfd2d2-6a71-4999-b94f-32d6147adfcc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to update default template VM?
Check the RPC Policy; for updates. /etc/qubes-rpc/policy/qubes.UpdatesProxy Make sure your sys-net is the correct one. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/176f39f0-af9b-4669-81fa-158af4f1a648%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4rc5 + win7 HVM :: Can't resize Windows
Hello, On 03/13 10:06, Alex wrote: > > I'm afraid I'm unable to help with your question. However, if you managed to > run windows in seamless mode under Qubes 4rc5, as far as I know, you are > further advanced than all the tips and discussions I could find[1][2][3]. > Would you share with us how did you manage to get seamless mode working ? > The related options in qvm-prefs appear to be gone since Qubes R4. as I found out, seamless is not working for me. I thought it was, but it was just because the Windows VM crashed shortly after boot. Therof no windows :-) Even when I have disabled seamless mode the win7 VM boots up fullscreen. As mentioned windows can't be resized. I'm currently following my setup guide in order to check if it is maybe related to the highres display resolution on my office laptop. [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180314172500.br2ukwwtohfuhbrj%40my-privmail. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Cannot retrieve repository data
On Sunday, May 22, 2016 at 12:42:50 AM UTC+2, jsdi...@gmail.com wrote: > I am attempting to install qubes for the first time. > > Installed via USB, all went well. > > Booted in for the first time, following the install guide instructions > > Attempt to run the first command: > > qubes-dom0-update --enablerepo=qubes-templates-community > qubes-template-whonix-gw qubes-template-whonix-ws > > > ##Konsole then returns: > > Using sys-whonix as UpdateVM to downlo... > > Running command on VM: 'sys-whonix' > > Checking for dom0 updates... > > ##then an error > > Cannot retrieve repository metadata (repomd.xml) for repository: fedora. > Please verify its path and try again > > ## what do? I am having a similar issue: When I try to update anything (in RC4), I get the "Cannot retrieve repository metadata" error message. My internet is otherwise working. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1af01fe-704a-41c9-9494-7516a91bb32d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4rc5 :: Howto LVM-snapshots from AppVMs
hello, I would like to use LVM snapshots in order to simplify administration and troubleshooting in QUBES. As I found it seems that there are lots of logical volumes from a running VM: For an AppVM: /dev/qubes_dom0/vm--private /dev/qubes_dom0/vm--private-snap /dev/qubes_dom0/vm--volatile /dev/qubes_dom0/vm--root-snap Can someone provide guidance how to make use of LVMs snapshot feature to make a snapshot and later restore the snapshot? [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180314180459.tidlrwcjyh7k2gcx%40my-privmail. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4rc5 :: Howto LVM-snapshots from AppVMs
On Wed, March 14, 2018 6:04 pm, [799] wrote: > hello, > > I would like to use LVM snapshots in order to simplify administration and > troubleshooting in QUBES. As I found it seems that there are lots of > logical volumes from a running VM: Not implemented yet, but will be: https://github.com/QubesOS/qubes-issues/issues/3256 You might also be able to use LVM snapshot commands directly, but I can't say what effect that might have on Qubes... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9786f9609a981928f59913fa993e4f14.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to update default template VM?
Hi Unman, I use fedora26 default, it prompt update icon, so i try to click "update qubes", but it doesnt popup anything, i tried to connect sys-firewall to it still no function. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ba0884f-d807-41d5-80ce-e631254392e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Wednesday, 14 March 2018 23:28:58 UTC+11, Chris Laprise wrote: > On 03/13/2018 09:53 PM, Drew White wrote: > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > >> On 03/13/2018 08:20 PM, Drew White wrote: > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > The current VPN doc is here: > > https://www.qubes-os.org/doc/vpn/ > >>> > >>> Thanks for the reply Chris, but that is not what I was looking for as I > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > >> > >> I think you mean "not an OpenVPN..."? > > > > I am guessing so, yes, thanks for clarifying. > > > >> FWIW, the resources at those links are meant to be adaptable for > >> non-OpenVPN setups, and they don't impose any particular type of routing > >> (other than forbidding access that most call 'leaks'). As for accessing > >> the LAN directly through a VPN VM, there are simple ways to make an > >> exception for it. > > > > That's what I don't get. All I want to do is have the VPN connect, nothing > > else. So that my AppVM can talk through it to the external. > > OK, this sounds like you want to connect to a remote LAN. I thought that is what VPNs are for? Well that is their primary intention, to connect from where you are to a remote network. I should have clarified that in the first place due to many people these days connecting to remote networks as a 255.255.255.255 and only doing it to connect out to the internet for privacy and security. I shall endeavor to mention that in the future if it ever arises again. > > >>> > >>> I also want to have one where everything that is going to happen on the > >>> remote network is pushed through the VPN, and everything else remains > >>> using the local connection. > >>> > >>> So there are 2 ways I'm looking at having it work. > >>> > >>> But at first, I just want a standard PPTP connection. > >> > >> There are plenty of guides out there. But when searching for examples > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > >> endpoint) so that may be the best type of guide to use. > > > > Exactly, and as a router it should connect a VPN. > > I used to have it able to do it. So that's why I don't understand why it > > isn't working. Since I had it able to do it once before, ages ago, and > > nothing has changed since then, and now it isn't working. So it's odd. Thus > > I figured maybe something has changed. > > I want to say "Not much has changed in R3.2 networking", but the Linux > distros in the templates have changed somewhat over the years. In any > case, you'll need to review your configuration and maybe post setup > steps to get specific troubleshooting advice. I'm still using F23 for it. Perhaps there is something else inside the Qubes Networking that has an issue with it after updating for security. I'll have to just go through settings and try and try and try. Just go from one settings to another and trying to connect after altering each setting. > At this point, you could focus on fixing the existing configuration or > consider a new setup. Unfortunately I haven't noticed other Qubes users > posting about PPTP and haven't used it myself for a very long time (only > used it on Windows). That may be because PPTP is considered insecure > (one reason to switch to OpenVPN or protocol). Well not many people use PPTP anymore, as it has some inherent insecurities in it. Unfortunately some of the older hardware only has PPTP built into it. (personal opinion below) There is no good Qubes Template out there yet. They all use NetworkManager and SystemD, and that's just shit. If they had a template that had no SystemD then things would work so much better and faster. What else, other than NetworkManager can be used? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46ebf574-1bd2-4e3f-b615-acc004eb23e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On Thursday, 15 March 2018 01:07:53 UTC+11, Matty South wrote: > On Wednesday, March 14, 2018 at 7:28:58 AM UTC-5, Chris Laprise wrote: > > On 03/13/2018 09:53 PM, Drew White wrote: > > > On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: > > >> On 03/13/2018 08:20 PM, Drew White wrote: > > >>> On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: > > The current VPN doc is here: > > > > https://www.qubes-os.org/doc/vpn/ > > >>> > > >>> Thanks for the reply Chris, but that is not what I was looking for as I > > >>> was wanting to use pptp VPN connections (and similar), not a Qubes VPN. > > >> > > >> I think you mean "not an OpenVPN..."? > > > > > > I am guessing so, yes, thanks for clarifying. > > > > > >> FWIW, the resources at those links are meant to be adaptable for > > >> non-OpenVPN setups, and they don't impose any particular type of routing > > >> (other than forbidding access that most call 'leaks'). As for accessing > > >> the LAN directly through a VPN VM, there are simple ways to make an > > >> exception for it. > > > > > > That's what I don't get. All I want to do is have the VPN connect, > > > nothing else. So that my AppVM can talk through it to the external. > > > > OK, this sounds like you want to connect to a remote LAN. > > > > > > >>> > > >>> I also want to have one where everything that is going to happen on the > > >>> remote network is pushed through the VPN, and everything else remains > > >>> using the local connection. > > >>> > > >>> So there are 2 ways I'm looking at having it work. > > >>> > > >>> But at first, I just want a standard PPTP connection. > > >> > > >> There are plenty of guides out there. But when searching for examples > > >> keep in mind that a Qubes proxyVM behaves much like a router (not a PC > > >> endpoint) so that may be the best type of guide to use. > > > > > > Exactly, and as a router it should connect a VPN. > > > I used to have it able to do it. So that's why I don't understand why it > > > isn't working. Since I had it able to do it once before, ages ago, and > > > nothing has changed since then, and now it isn't working. So it's odd. > > > Thus I figured maybe something has changed. > > > > I want to say "Not much has changed in R3.2 networking", but the Linux > > distros in the templates have changed somewhat over the years. In any > > case, you'll need to review your configuration and maybe post setup > > steps to get specific troubleshooting advice. > > > > At this point, you could focus on fixing the existing configuration or > > consider a new setup. Unfortunately I haven't noticed other Qubes users > > posting about PPTP and haven't used it myself for a very long time (only > > used it on Windows). That may be because PPTP is considered insecure > > (one reason to switch to OpenVPN or protocol). > > > > > > -- > > > > Chris Laprise, tas...@posteo.net > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > I'll chime in here. You can ignore the firewall scripts and such in that VPN > doc if you don't care about DNS leaking and such (depends of course on your > attack model). For all intensive purposes, connecting to your VPN from a > proxy VM is the same as from an app VM. What do you mean by "DNS leaking"? Well, from a proxy I can connect multiple AppVMs, and the AppVMs connect to Proxy DNS which will be set to the network. That is how I need it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b031598-08ce-4dbe-a32d-6d7a5bcaa2a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN from a ProxyVM
On 03/14/2018 08:47 PM, Drew White wrote: On Wednesday, 14 March 2018 23:28:58 UTC+11, Chris Laprise wrote: On 03/13/2018 09:53 PM, Drew White wrote: On Wednesday, 14 March 2018 12:25:12 UTC+11, Chris Laprise wrote: On 03/13/2018 08:20 PM, Drew White wrote: On Wednesday, 14 March 2018 11:06:22 UTC+11, Chris Laprise wrote: The current VPN doc is here: https://www.qubes-os.org/doc/vpn/ Thanks for the reply Chris, but that is not what I was looking for as I was wanting to use pptp VPN connections (and similar), not a Qubes VPN. I think you mean "not an OpenVPN..."? I am guessing so, yes, thanks for clarifying. FWIW, the resources at those links are meant to be adaptable for non-OpenVPN setups, and they don't impose any particular type of routing (other than forbidding access that most call 'leaks'). As for accessing the LAN directly through a VPN VM, there are simple ways to make an exception for it. That's what I don't get. All I want to do is have the VPN connect, nothing else. So that my AppVM can talk through it to the external. OK, this sounds like you want to connect to a remote LAN. I thought that is what VPNs are for? They can be. Some configs are for remote LANs, others for connecting to Internet. Well that is their primary intention, to connect from where you are to a remote network. I should have clarified that in the first place due to many people these days connecting to remote networks as a 255.255.255.255 and only doing it to connect out to the internet for privacy and security. I shall endeavor to mention that in the future if it ever arises again. I also want to have one where everything that is going to happen on the remote network is pushed through the VPN, and everything else remains using the local connection. So there are 2 ways I'm looking at having it work. But at first, I just want a standard PPTP connection. There are plenty of guides out there. But when searching for examples keep in mind that a Qubes proxyVM behaves much like a router (not a PC endpoint) so that may be the best type of guide to use. Exactly, and as a router it should connect a VPN. I used to have it able to do it. So that's why I don't understand why it isn't working. Since I had it able to do it once before, ages ago, and nothing has changed since then, and now it isn't working. So it's odd. Thus I figured maybe something has changed. I want to say "Not much has changed in R3.2 networking", but the Linux distros in the templates have changed somewhat over the years. In any case, you'll need to review your configuration and maybe post setup steps to get specific troubleshooting advice. I'm still using F23 for it. Perhaps there is something else inside the Qubes Networking that has an issue with it after updating for security. I'll have to just go through settings and try and try and try. Just go from one settings to another and trying to connect after altering each setting. I suggest moving your settings to F26 (i.e. change the template of your VM). What else, other than NetworkManager can be used? F26 has pptp-setup package. It lets you use shell commands: http://pptpclient.sourceforge.net/ Of course, Qubes proxyVMs have Network Manager disabled by default. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbe49a6b-9c45-15a2-5b8f-0d16cd540bb6%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] please remind me how to remove orphaned Domain: menu items, the AppVM is gone, but I still see it listed in the Application 'Q' menu in 3.2
On 2018-03-13 16:36, awokd wrote: > On Wed, March 14, 2018 12:30 am, yreb...@riseup.net wrote: >> please remind me how to remove orphaned Domain: menu items, the AppVM is >> gone, but I still see it listed in the Application 'Q' menu in 3.2 >> >> but not in qvm-ls ; I don't want to remove the wrong config file >> somewhere , I can't seem to find it in the old group postings, though >> I know it's there > > Look in the R3.2 section: > https://www.qubes-os.org/doc/managing-appvm-shortcuts/ ok, I did remove the dir /var/lib/qubes/appvms/ , however have not as yet rebooted to see, but as of now it still persists if I do qvm-sync-appmenus it just tells me that fooVM doesn't exist this isn't how I recall sync'ing menus before ..hmm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9aaacecca5ee252f88b306c07cf3a5a7%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from an SSD?
T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from an SSD? I'm looking at buying an i7 T520 that is listed as working on the HCM list on a website, for like $250, I see them cheaper on ebay but , the thing has 4GB ram , by adding a DVD tray / caddie for an SSD and an SSD and 4GB ram, I add another $140 or so to the cost so am wondering if this technically would not have the issue where dual booting is considering insecure, if I'm actually booting from 2 separate HDs ; and/or if doing the Qubes 4.0 install is going to be any tricker or easier with 2 HD, assuming, I wasn't planning on doing another dual boot off 1 HD again thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a377e5897e6e92f43ecfeef04de45e03%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to show boot entries?
Hello, guys. I want to show boot entries so that I can select certain kernel to boot, and I'm using EFI/qubes/xen.efi as boot binary. Currently, it will directly boot the default kernel. Could anyone give some advices? BTW, here is the reason: I have multiple kernels installed and kernel-latest-4.15.6-1 may raise kernel panic errors on Raven Ridge platform, but kernel-4.14.18-1 works just fine. Thanks! D.F. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3557ca44-d5f9-467c-a09b-5733c6a51dc8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
