[qubes-users] Port-forwarding through VM's and a WiFi Router in Qubes 4.0 through Debian-9

[AlphaMufasaOmega]

Qubes OS version:

$4.0
Basically I have a router that my wifi is connected to and I am trying to learn 
how to successfully Port forward in msfconsole from qubes 4.0 Obviously there 
is a net-vm ans a sys-usb vm and it is hard to see whether or not my 
applications are working due to this conundrum :) I would also like to put the 
a listener through whonix if at all possible!
Affected component(s):

msfconsole
sys-net vm
firewall vm
whonix vms
Steps to reproduce the behavior:
Expected behavior:

Port forwarding works the same as a simple linux machine connected to wifi

Actual behavior:

Can't tell if I have to change my tactics for port forwarding from a normal 
computer due to the fact that there are so many virtual machines along with the 
Wifi Router

General notes:

No response form a listener due to the fact that there are multiple port 
forwarding obstacles infected program seems to be functioning normally as 
far as I can tell but it does not show up in my listener

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7241cd96-c2f7-4f84-b47b-101ba2e383e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Crossover on Qubes

[sebastien]

Le jeudi 20 septembre 2018 17:04:30 UTC+2, Black Beard a écrit :

> 
> Can i use Crossover on my Qubes OS?

Yes but not for all usages.

I did install it using first a dedicated template (clone of fedora-28).
Then clone the template in a appVM.

BUT
You won't be able to run Office because it does require directX and the GPU 
acceleration.

I did successfully installed / used non GPU accelerated apps.

> 
> If yes, is there some tutorial to install this Software?

Just install the crossover rpm.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e601518e-a172-4fe9-a750-9b3f88034fe6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Dom0 (System tools) shortcuts suddenly disappeared

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Patrick:
> Hello, on my 4.0 platform somehow I'm now missing the "Display"
> shortcut. I'm thinking I may have accidentally dragged it into the
> desktop and then deleted it. I found this thread and tried a couple
> things but still not there.
> 
> How can I at least manually run a command to launch the display,
> just to see if it's all there,

$ xfce4-display-settings

> and then how to reinstall the shortcut?

$ sudo qubes-dom0-update --action=reinstall xfce4-settings

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbqfj0XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfHgEP/iRzIF+KNXd5SxK7vPa1ZCIz
6M6QnajTr7kOIgAtTqNnO0u2VBpIu/y63/e8D1j98kYP0p0Qt09Rl9YombqXeuc1
YYGQOqTVTDQw1ijGdH6ThojIbIdYXCQ6kv/+zoUa0lgUpSycbNkadNkhApnSJVu8
RCsDpUliBAemIqly6Qp1mdcCUMyCHi8UDVEZHw3HmTwXzJHIkKMCsRmCucRzYf/g
WOisQjCpDPFacevqVdmNmwZR4F89DoboECheq84YjIZ9PDgRvC0pssrw0WZTDi+9
bff6zx43VG8BX2ocTQSeNPVS5du8g9HDWae7ArD0w7sd0shh2EhdZLD+VAtpiEzb
+pwgDaCf17x5fNaZA/hCJnZHp8Fzipcko79mTxYZobtVz6ERVDizhfAi80Kz5bSf
tVCPBTZRAxE5EwDEKGevT6msAfusTDor5m91Hwu1Kwnaq/Q1vNmSH/zNhh8w0n5p
fELVv/12WzsjBaR2/czfyfbQKFVpCaibjFBkJC0ldjxfA1dxDiX6X9oc7ksClEtd
cwEm5p6WvfLNJY57WG+Xvx1C7u2BJtxesZPJrCenBQ6YLQ6enxVy7hSkzMO7jSyJ
FVgxAGM9JP3X9WguQqm8a31+dB9v7fnZ1MMfjdHAtxiw0MjSgjJrpn1mUDj6p2ez
GbLEP92eMuJNwrpf7Swk
=eBa8
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180925085932.GA1978%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] External monitor resolution

[Holger Levsen]

On Mon, Sep 24, 2018 at 06:52:30PM -0300, Franz wrote:
> I understand that the Lenovo x230 does not have the power to properly set
> the two displays each with the correct resolution, but in mirror mode, they
> are exactly the same and it works.

I use an x230 here with an external 4k display and it works nicely, with
or without using the internal display as well. (using the mini-displayport
output, not VGA.)

As a start, I'd recommend to run "xrandr --auto" in dom0.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180925104907.hv43nmuaxgk7heso%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: Open in Qube 3.0 beta released!

[Ivan Mitev]

Hi Sven,

On 9/24/18 9:16 PM, Sven Semmler wrote:
> On 9/16/18 9:28 AM, Ivan Mitev wrote:
>> Just curious - isn't it possible to open a link with 
>> `qvm-open-in-dvm` in your ThunderbirdVM and tweak the
>> corresponding rpc service (qubes.OpenInVM) to open a whonix-dvm ?
> 
> Yes it is, following the way you outlined for me here:
> https://groups.google.com/d/msg/qubes-devel/0CpN7ol1ZdM/0cBPvwc6CgAJ

Is it working with whonix too ? (that was the part of the post from John
S.Recdep I was replying too - I was wondering if there was a problem
specific to whonix dispVMs).

> 
> When I click any link in my Thunderbird VM I get the Open in VM dialog
> that allows me to either choose a new disp VM or an already running /
> existing VM. Works perfect!

Happy to read that it's working well. I'll try to write a proper doc
with instructions over at QubesCommunity, I may ask you and Raffaele to
read-proof it when it's ready so that you spot mistakes and/or give
additional tips.

Cheers,
Ivan


> 
> /Sven
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3640c853-b873-fa8f-f457-63eee3bcd796%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: Open in Qube 3.0 beta released!

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 9/25/18 7:54 AM, Ivan Mitev wrote:
> Is it working with whonix too ? (that was the part of the post
> from John S.Recdep I was replying too - I was wondering if there
> was a problem specific to whonix dispVMs)

Works like a charm. Nothing special to consider at all.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAluqMT0ACgkQ2m4We49U
H7Z/FhAAuo0cv7/7vX1tyBtUxQYfA+jXvsNK+6BmudOOCWPeHHAIx9ULC5qP/HpS
l3LN7SKSS9/v77FNcs+AFoAzZeqmT6Om5b/CzwxzSqcsRom6aZypOhj02EFhznRW
BS9P243biIvIxjmrnSt+Nnma4ym90dZZ7BPWNdMQ/XpBUu97DiNG4Kk8f2yT7bg0
T3JpEDMfg8F2vMRq6gN67G3wGMFqtfe4Ji9XpRb6HK/ywz0cuiMpkkoByA9gPMiZ
aIbwfhYrGGVpJLo60uHsVhNpWpG23S6BP7wCCJZa3+jeFHL6HzACRwRxCVFVkxpy
udKgr3D7clI53eQx1EfgRiU7s7r2AG7DmOG2e55QNsjnuWoh+fhX8zV/qEO8IYT7
AbcJg7Ax9c5i9imTJ9kwEgx3Xz26mC4VS6v7cp37IRANZUoOtjtCK79dHFk9m3uN
lWAKQVr3cfoVYVd6I/ZG7768AX4G+x60nVmtdE23G1fnVo2+AKFKjbu6I+KET5er
MOq7P15/iJ5yB4XFZrso1Zmb6BJXcJQ5p8cmh5IKUKTL3mr6zncM0znstCFxMrdh
cd56qpK6yCmaTEiMzAtHjzPSJbigxUXupsQ7LDB9R5kT53SMSMs0d6S1lSwtZRNk
KNGlSvDUSnQt4/AvaZAeLK+fZEzNsEGRw7WGt+Lgd+Aec7dy/us=
=r71E
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b815066b-5c7b-1022-7d33-d7a282d6385b%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Signal installation returns gpg: no valid OpenPGP data found.

[qubes-fan]

I try to install the Signal to my debian-9 template, following the guide 
https://www.qubes-os.org/doc/signal/  .

After I initiate 
$ curl -s https://updates.signal.org/desktop/apt/keys.asc 
 | sudo apt-key add -
I get 
$ gpg: no valid OpenPGP data found.

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LNG2enI--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Signal installation returns gpg: no valid OpenPGP data found.

[qubenix]

qubes-...@tutanota.com:
> I try to install the Signal to my debian-9 template, following the guide 
> https://www.qubes-os.org/doc/signal/  .
> 
> After I initiate 
> $ curl -s https://updates.signal.org/desktop/apt/keys.asc 
>  | sudo apt-key add -
> I get 
> $ gpg: no valid OpenPGP data found.
> 
> Thank you
> 

You have added this part
"" accidentally. The
correct command, as shown in the guide, is:

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -

This should work as expected, I just tested it.

-- 
qubenix
PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
OTR: qube...@chat.freenode.net
OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee063803-5308-39bc-d192-150f3cab93b8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Enabling OpenVPN auto start

[Ninja-mania via qubes-users]

In using the following command:
edit /etc/default/openvpn
Then attempting to remove the # next to “#AUTOSTART=“all”” I am unable to 
remove the hash.

Can anyone tell me why i’m unable to remove the hash? And how to go about 
removing it so I can auto start openvpn.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7855195-f06d-4b22-8bfd-a89e8234de50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling OpenVPN auto start

[Chris Laprise]

On 09/25/2018 02:13 PM, Ninja-mania via qubes-users wrote:

In using the following command:
edit /etc/default/openvpn
Then attempting to remove the # next to “#AUTOSTART=“all”” I am unable to 
remove the hash.

Can anyone tell me why i’m unable to remove the hash? And how to go about 
removing it so I can auto start openvpn.

Thanks



I'm not familiar with 'edit'. Most would use 'sudo vim' or 'sudo nano' 
to edit a settings file in the terminal.


Also, if you're looking for a VPN solution I'd recommend using 
https://github.com/tasket/qubes-tunnel which automatically takes care of 
the Qubes-specific DNS and iptables details.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd8a0a3f-ba65-db71-28a9-50e323ca775c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] manually import VM's

[cyberian]

I will be reimaging a QubesOS machine.  Will I be able to save the existing 
VM's manually and import into the fresh Install of Qubes?  
I would like to do the backup operation without needing to actually boot up the 
existing OS, and then restore the backed up volumes after an install.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/017c0128-6d4a-4cb1-b00b-fcbc2251e28a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Too small num_mfn in MSG_MFNDUMP

[tyler . e . marshall]

I am getting an error when the gui-daemon in dom0 receives a MSG_MFNDUMP 
message from the domU gui-agent.  Somehow the number of frame numbers reported 
from the domU doesn't match up with the size of the window.  I've posted the 
log from the dom0 guid at the end of this message.  

Initially, it looks like a window for gsd-xsettings is created just fine and 
the dom0 receives the messages, no problem.  For testing, I then started an 
instance of xclock in domU and it runs into trouble when doing the mfndump.  
Looking at the log messages, I can't tell if the size of the window is supposed 
to be 164x164 or 1280x1024.  Xclock is usually has a small application window, 
but using either size, something erroneous is going on. There is some issue 
when it comes to computing num_mfn.  num_mfn is computed with the following 
code snippet:

pixels = pixmap->devPrivate.ptr;

   
pixels_end =

   
pixels +

   
pixmap->drawable.width * pixmap->drawable.height *  

   
pixmap->drawable.bitsPerPixel / 8;  

   
off = ((long) pixels) & (4096-1);   

   
pixels -= off;  

   
num_mfn = ((long) pixels_end - (long) pixels + 4095) >> 12; 

   
shmcmd.width = pixmap->drawable.width;  

   
shmcmd.height = pixmap->drawable.height;


num_mfn is computed by using the starting address, adding the amount of data 
the window occupies to find the ending address, and subtracting the two.  There 
are a few extra things to align the address to 4K pages.  In the error log 
below, the width and height that are part of the MSG_MFNDUMP are 1280x1024.  
Yet, somehow num_mfn is only 0x141.  According to the above code and assuming 3 
bytes per pixel, it should be something close to (1280x1024x3)/4096 = 0x3c0.  
Even if the size was 164x164, num_mfn should be close to (164x164x3)/4096 = 
0x19.  Somehow the dom0 receives a width and height of 1280x1024 yet it also 
receives from the domU that num_mfn = 0x141.

Looking at the code for computing num_mfn, the only thing I can think of that 
might affect num_mfn being too small is truncation error from doing pointer 
arithmetic using "long."  There could be 64 bit addresses but only 32 bit longs 
and some higher order bits are being lost when computing num_mfn.  Maybe 
something like "ptrdiff_t" or "uint64_t" could have been used.  That being 
said, it shouldn't matter because everything was compiled for 64 bit machines, 
right?

Any help figuring out what's going on here would be greatly appreciated!

dom0 guid log:

Created 0x23(0x61) parent 0x0(0x19b) ovr=1 x/y -1/-1 w/h 1/1
set title for window 0x23
set title for window 0x23
Created 0x24(0x81) parent 0x0(0x19b) ovr=0 x/y 10/10 w/h 10/10
set WM_NORMAL_HINTS for window 0x24 to min=0/0, max=0/0, base=0/0, inc=0/0 
(flags 0x0)
set title for window 0x24
set class hint for window 0x24 to (linux_domu:Gsd-xsettings, 
linux_domu:gsd-xsettings)
 XDestroyWindow 0x24
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
cannot lookup 0x24 in wid2windowdata
Created 0x25(0xa1) parent 0x0(0x19b) ovr=0 x/y 10/10 w/h 10/10
set WM_NORMAL_HINTS for window 0x25 to min=0/0, max=0/0, base=

Re: [qubes-users] XL VM connectivity to Qubes Network

[3mptyy]

> Some obvious questions.
> 
> You say the interface is correctly configured.
> Do you have any routes set in the Windows box?
> Do you see traffic outbound on the 10.137.0.50 iface?
> 
> If you sniff traffic inbound on the vif attached to the Windows HVM, do
> you see anything there? (I mean sniff on the proxyVM)

Hi Unman, thanks for your help.

To eliminate some potential Windows issues I chose to boot on a fedora 28 live 
cd in this HVM.

I configured the eth0 interface with the following command to copy a normal 
qubes configuration :

ifconfig eth0 10.137.0.200 (HVM IP) netmask 255.255.255.255 broadcast 
10.255.255.255
route add -host 10.137.0.10 (ProxyVM IP) dev eth0
route add default gw 10.137.0.10 eth0

I identified vif14 on ProxyVM, it corresponds to the HVM interace.

I launched tcpdump -n -i vif14.0 on ProxyVM, telnet from 10.137.0.200 (HVM) to 
10.137.0.8 port 8080 (web server on qube I'm trying to reach, working great 
from a third qube)

telnet doesn't connect but here's the result of tcpdump :

https://pastebin.com/QXhyBx4Z

Any help appreciated

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83b2b37d-ea44-41a4-a2f1-1de7c6097005%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling OpenVPN auto start

[Ninja-mania via qubes-users]

Dude I actually love you (no homo). 

Spent 20+ trying to set vpn up (Big ass noob) and never came across the Qubes 
tunnel. It’s awesome. You’re awesome.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de5e9001-4381-425a-a3dd-b5cc5cd4aeb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling OpenVPN auto start

[Stuart Perkins]

On Tue, 25 Sep 2018 12:52:16 -0700 (PDT)
Ninja-mania via qubes-users  wrote:

>Dude I actually love you (no homo). 
>
>Spent 20+ trying to set vpn up (Big ass noob) and never came across the Qubes 
>tunnel. It’s awesome. You’re awesome.
>

I have two separate VPN's on my Qubes 3.2 laptop.

One Cisco VPN running via OpenConnect in a dedicated appVM for a client.
One OpenVPN running in a secondary copy of sys-net which I switch to when I 
need it.  I run the server OpenVPN on a VM on my home server (Debian and 
VirtualBox).

When I want to connect EVERYTHING to the VPN, I switch out and run the copy of 
sys-net with the VPN credentials and scripts.

When I want to access the client, I start the appVM with the OpenConnect Cisco 
VPN client and credentials.  I also use this appVM to run client specific 
software through Wine for most of my work on their equipment, although I do a 
fair amount of straight up command line stuff on their system as well.  I can 
run this on top of the other VPN if absolutely necessary, but performance is 
not fast since my home connection is not fast.

Haven't had occasion to try the Qubes tunnel.  Is there a particular reason to?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180925162733.74084bda%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Having trouble getting an Intel 82576 nic to like its qube

[mccall . christina]

I passed several nics to a BSD based firewall appliance(its wan is still going 
through sys-net/sys-firewall). Three of them were Realtek 8111/8168/8411, 
likely all three were 8111, with no issues. I can connect through those nics 
with no issue.

One network card has two Intel nics on it, 82576 models. Qubes passes the 
device through no problem, and the BSD system sees them.

When I try and connect a device to an 82576 NIC that device does not receive 
DHCP data and ends up assigning a random IP to itself. It also cannot connect 
to BSD unless I plug it into a Realtek NIC . I can use ping from within the BSD 
qube, pinging from one of the 82576 interfaces to google and that will work.

What has me thinking this could be passthrough related was that these NICs did 
work when they used on a native BSD install. I just got done migrating that 
install into a VM and now they do not work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d3e24eb-6785-4577-ae9b-eedaa2735c50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling OpenVPN auto start

[Chris Laprise]

On 09/25/2018 05:27 PM, Stuart Perkins wrote:


On Tue, 25 Sep 2018 12:52:16 -0700 (PDT)
Ninja-mania via qubes-users  wrote:


Dude I actually love you (no homo).

Spent 20+ trying to set vpn up (Big ass noob) and never came across the Qubes 
tunnel. It’s awesome. You’re awesome.


Glad to help!



I have two separate VPN's on my Qubes 3.2 laptop.

One Cisco VPN running via OpenConnect in a dedicated appVM for a client.
One OpenVPN running in a secondary copy of sys-net which I switch to when I 
need it.  I run the server OpenVPN on a VM on my home server (Debian and 
VirtualBox).

When I want to connect EVERYTHING to the VPN, I switch out and run the copy of 
sys-net with the VPN credentials and scripts.

When I want to access the client, I start the appVM with the OpenConnect Cisco 
VPN client and credentials.  I also use this appVM to run client specific 
software through Wine for most of my work on their equipment, although I do a 
fair amount of straight up command line stuff on their system as well.  I can 
run this on top of the other VPN if absolutely necessary, but performance is 
not fast since my home connection is not fast.

Haven't had occasion to try the Qubes tunnel.  Is there a particular reason to?


Its good practice to use a Qubes-specific tool like qubes-tunnel to 
ensure that DNS packets (and everything else) gets routed through the 
tunnel and never _around_ it even when the link goes down. This is 
important for Qubes because any service VM (NetVM or ProxyVM) that runs 
VPN software is acting like a router, not a PC, and Qubes also has 
special requirements for proper routing of DNS in this situation.


In your case the AppVM with OpenConnect acts like a PC endpoint and is 
probably not a security issue. But the sys-net copy is acting like a 
router as previously mentioned and that's an issue on Qubes; to improve 
security you could move your openvpn config to a ProxyVM and use 
qubes-tunnel.


There is also the issue of VPN passwords or keys being stored in a 
sys-net type VM, since these VMs are considered vulnerable to attack. 
Moving the VPN to a ProxyVM increases the security of your VPN secrets.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/294449c7-773c-f239-13d9-9092cc047212%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] External monitor resolution

[Franz]

On Tue, Sep 25, 2018 at 7:49 AM, Holger Levsen 
wrote:

> On Mon, Sep 24, 2018 at 06:52:30PM -0300, Franz wrote:
> > I understand that the Lenovo x230 does not have the power to properly set
> > the two displays each with the correct resolution, but in mirror mode,
> they
> > are exactly the same and it works.
>
> I use an x230 here with an external 4k display and it works nicely, with
> or without using the internal display as well. (using the mini-displayport
> output, not VGA.)
>
> As a start, I'd recommend to run "xrandr --auto" in dom0.
>
>
>
Thanks Holger,

my external monitor only has a VGA port so I do not know how to connect it
to the mini-display port.

Using the VGA connection it works only as mirror. If I try to keep the
laptop screen at its original resolution 1366x768, and the external screen
at 1024x768, then the external screen shows only  the Qubes logo (you know
the big white Q with the same Q broken into pieces) and if I move the mouse
to the right, over the border of the laptop screen, it goes into the
external screen. So it seems the laptop screen and the external screen show
different things. But the external screen with the Qubes logo is useless.

> --
> cheers,
> Holger
>
> 
> ---
>holger@(debian|reproducible-builds|layer-acht).org
>PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAPNq_7GeKGC6W%3DoHpYHdRVoUcY0fO7C8QgWFARaZyu3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 3.2 Whonix-14?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 9/13/18 10:36 PM, Stuart Perkins wrote:
> I deleted the whonix vms and went to install whonix-14 and it won't
> work.  The salt command continues to say that the community repo is
> unknown.  What am I missing?
> 

This is a known bug:

https://github.com/QubesOS/qubes-issues/issues/4154

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlurFjYACgkQ203TvDlQ
MDBM2w//fxd2tJTGnmLW1aUsFDEL/G8k3ARPMcDSksPtUPDaOw3KK6L1HhOhd7YX
xEFOTz7VVU5Bw6cMkx50A+NnWl1kL+1TcKHLK15CGAh1bo9u20yTvnSIFWVO4xhe
ryLw2dX+W7pJuy//rrLFX4aUM4yLWR7pjtJTC1OeRRO4LIfVbxHaIaKwVN3tNFkW
posZoMQPDtUfUMs7VeSuO8WrFBJHu7nZ4MRbqao/UU54Shq5LGDHNYanIXAn2XrO
TX56KfomTlAjqi2PyXwtGbmWzLf6xjMdAUliFav2PfsyZlQtZMz6PEk/N1DYXOwO
N2Llh3VHTJaZ1IWK6CcOyKeh1Y0NGZsZIoZX9qZ0LPSkHXtkxBfUyqcokcvo/wsO
82eQhCrdwCB3jtdx5F2XzCyEzIdt9h37cI4cIlFVEIp9o3g1VR4HMhTQb4EZbIun
J4lS7bCTq2MWcByEs8yt6AO4pqVUlsvAI64NL2zFwkdZLne3lzPnj8AdowufQ887
i09E5/Zn+eFSCQBrSP3ywtbco+xpYTfI/IEGIzUjoJ/I+TI6Lemfh/rWAcExa9YX
8C49UZk2rY7n08lJRYibhRO9pfxhNCWXAtcvFy+IA6WFS35+5EPUkNPb0BZlN8kw
AbWIqatKFLVLcIwsOCy7mPOseO2oq9/PcIv5w8URp/5DCfrl55Y=
=uEN+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d931baa0-4766-97fe-9d64-35c900224c4b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Enabling OpenVPN auto start

[Stuart Perkins]

On Tue, 25 Sep 2018 22:34:12 -0400
Chris Laprise  wrote:

>On 09/25/2018 05:27 PM, Stuart Perkins wrote:
>> 
>> On Tue, 25 Sep 2018 12:52:16 -0700 (PDT)
>> Ninja-mania via qubes-users  wrote:
>>   
>>> Dude I actually love you (no homo).
>>>
>>> Spent 20+ trying to set vpn up (Big ass noob) and never came across the 
>>> Qubes tunnel. It’s awesome. You’re awesome.  
>
>Glad to help!
>
>
>> I have two separate VPN's on my Qubes 3.2 laptop.
>> 
>> One Cisco VPN running via OpenConnect in a dedicated appVM for a client.
>> One OpenVPN running in a secondary copy of sys-net which I switch to when I 
>> need it.  I run the server OpenVPN on a VM on my home server (Debian and 
>> VirtualBox).
>> 
>> When I want to connect EVERYTHING to the VPN, I switch out and run the copy 
>> of sys-net with the VPN credentials and scripts.
>> 
>> When I want to access the client, I start the appVM with the OpenConnect 
>> Cisco VPN client and credentials.  I also use this appVM to run client 
>> specific software through Wine for most of my work on their equipment, 
>> although I do a fair amount of straight up command line stuff on their 
>> system as well.  I can run this on top of the other VPN if absolutely 
>> necessary, but performance is not fast since my home connection is not fast.
>> 
>> Haven't had occasion to try the Qubes tunnel.  Is there a particular reason 
>> to?  
>
>Its good practice to use a Qubes-specific tool like qubes-tunnel to 
>ensure that DNS packets (and everything else) gets routed through the 
>tunnel and never _around_ it even when the link goes down. This is 
>important for Qubes because any service VM (NetVM or ProxyVM) that runs 
>VPN software is acting like a router, not a PC, and Qubes also has 
>special requirements for proper routing of DNS in this situation.
>
>In your case the AppVM with OpenConnect acts like a PC endpoint and is 
>probably not a security issue. But the sys-net copy is acting like a 
>router as previously mentioned and that's an issue on Qubes; to improve 
>security you could move your openvpn config to a ProxyVM and use 
>qubes-tunnel.
>
>There is also the issue of VPN passwords or keys being stored in a 
>sys-net type VM, since these VMs are considered vulnerable to attack. 
>Moving the VPN to a ProxyVM increases the security of your VPN secrets.
>

I will try and get the qubes-tunnel to work, as this makes sense.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180926002429.7a135069%40gmail.com.
For more options, visit https://groups.google.com/d/optout.