[qubes-users] Re: USB Printer
...as an FYI I did have to add my drivers as they were not included, I downloaded my drivers in a DVM, moved the driver to my templates DeskTop and then did the following to install them: su cd Desktop sh "driver file" I was then prompted with a long list of commands in terminal that are likely different depending on your printer. The USB vs Network is something I can't speak to... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/09e98e21-c0d8-4f22-b4b2-46f93726fad7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: USB Printer
I am not sure I have all the answers but here are some thoughts and hints based on how I have my printer setup(wirelessly): 1) I created a dedicated Template for printing, in that template I have my CUPs installed (This way I keey my other templates clean). I am also able to create a DVM and a AppVM based on that template 2) I use a Debian template, in that Print Template I have GNOME installed 3) During setup I need to allow connection access to test its working, once tested I remove network access (You might need to allow USB access or in my case I allow access to Sys-firewall" for testing only. 4) I use "Print Settings" to set up my printer in the template, then when I create an AppVM or -DVM the information is populated. My CUPs stuff gets populated into the "print settings" GUI 5) Make sure to shutdown template before creating the AppVM or DVM I don't use a lot of USB devices with my setup but I suspect you need to allow access to the USB via the "Device" tab in the AppVM. Hope this helps and good luck! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5afbcd9-2a73-4328-a11f-8e0be890ee72%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix 14 has been Released
"P.S. I would like to thank Patrick Schleizer for his feedback this past week. His effort has not gone unnoticed." I'd second this!! "Ich bin ein berliner" Thanks Patrick for this extra effort to make us safer... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ebd23fc-939c-4119-8164-555aed8b917a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix 14 - Update errors?
...again I want to thank the Whonix/Qubes team for everything they do!! You are awesome... In the spirit of feedback: I just tried updating Whonix-ws-14 and started receiving errors? I saw another post with similar issues(https://groups.google.com/forum/#!topic/qubes-users/ppdbaDAavRY), I thought it best to call out the specific issue in the subject so it might help others with this issue: The error I get, when using the "Qubes Manager" -> "Whonix-ws-14" -> "Update qube" is: Err:20 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch Release Connection failed Reading package lists... Done E: The repository 'tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Whats strange is that I tried the update again while writing this post and it appeared no updates were needed I think I am OK but wanted to share. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf715b93-3a66-4429-aea3-9caf151329c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??
Thanks Patrick... Got it working! I went to the whonix-ws-14 template, added "Tor Browser Downloader (AnonDist)" to list of applications, then clicked on "Tor Browser Downloader (AnonDist)", the Tor Browser downloaded. This then populated the whonix-ws-14-dvm with the browser. Launched the "Tor Browser" as a -dvmno issues! Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cac9d02d-6832-4590-9fa5-cf218dd73c24%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??
I just transitioned to the new Whonix 14 templates, everything was working great however I just updated both the -gw and -ws templates and lost the Tor Browser(AnonDist) from the whonix-ws-14-dvm after update? When I launch a "whonix-ws-14-dvm" browser I get a pop-up asking: "Tor Browser not installed/Start Tor Browser download?". What I tried: To customize the -dvm's in Debian and Fedora I have run the following to customize -dvm's (other then whonix): [user@dom0 ~]$ qvm-run -a debian-dvm gnome-terminal Then in new terminal of “-dvm” type “firefox” to launch firefox, then I customize the browser. I tried the following with Whonix-dvm: [user@dom0 ~]$ qvm-run -a whonix-ws-14-dvm gnome-terminal The problem I am having is: 1) The "whonix-ws-14-dvm" starts but no gnome terminal launches? 2) Since whonix doesn't use "Firefox" what would I type to launch the "Tor Browser"? Assuming I eventually get a gnome terminal to launch 3) How do I install the Tor Browser safely into either the template or -dvm? Other notes: - I created an AppVM using the updated "whonix-ws-14" template, received a popup that "Tor Browser" is not installed, installed the oldest browser per the recommendation on the pop-up, however after installing another pop-up states: "Signature looks quite old already...check signature looks sane". I was able to navigate to an Onion site, whonix check came back OK. Thanks again for the help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65aa39a3-091c-4283-b6ac-971d684f9bcc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?
I did a fresh installnot a typical template install but managed to get whonix 14 going. No time error anymore! Thanks Whonix/Qubes!! Here was my experience: https://groups.google.com/forum/#!topic/qubes-users/fwCqxENXguY -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5cb5eb2-c5f0-440b-9714-c3864d301568%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix 14 installation problem...using 4.0?
Thanks awokd... I ended up doing a fresh install. Similar results...however I did manage to get it installed. I started again with the Whonix wiki instructions(https://www.whonix.org/wiki/Qubes/Install), except for me I also: * In addition to the following: "sudo qubesctl state.sls qvm.anon-whonix" , per the instructions, I also ran "sudo qubesctl state.sls qvm.sys-whonix" and it loaded the Whonix-gw template. Not sure it was happening in the background but waited for 1 1/2 hrs with no feedback after the "sudo qubesctl state.sls qvm.anon-whonix" command in Dom0. Regardless I have it running...thanks Whonix/Qubes! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ec084b6-234a-48e5-ac71-d553e48f4553%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix 14 installation problem...using 4.0?
I tried installing whonix 14 and it didn't install...followed these instructions: https://www.whonix.org/wiki/Qubes/Install Removed old Whonix templates and VMs (Not sure I was supposed to but the instructions state to remove old version) Updated Dom0 I then did the following command in Dom0 per the Whonix instruction: sudo qubes-dom0-update qubes-core-admin-addon-whonix (Didn't seem like a typical template install/reinstall) This is where things broke down and I think I messed up, that is, after I entered the following: sudo qubesctl state.sls qvm.anon-whonix First time I have used salt or issued this type command (Didn't seem like a normal Qubes template update or re-install), Dom0 terminal just seemed to stall I found this article that might be similar: https://groups.google.com/forum/#!searchin/qubes-users/whonix$2014%7Csort:date/qubes-users/A_CYJchSZBQ/BcuMjY6LDwAJ Now I think I screwed this up even more: 1) I originally closed the Dom0 terminal, likely messing up the download, salt process or something else. It looked like dom0 had stalled (not uncommon based on my GUI dom0 update experience) 2) I found the whonix-14-gw installed but whonix-14-ws did not 3) I removed/deleted the templates based on the following 4.0 instructions: https://www.qubes-os.org/doc/templates/ specifically I issued the following command for whonix-14-dvm, whonix-14-gw, whonix-14-ws(whose template was blank). The thinking was just to try again. 4) I tried the instructions again on: https://www.whonix.org/wiki/Qubes/Install and dom0 states: After issuing the following command: sudo qubes-dom0-update qubes-core-admin-addon-whonix I get the following message in dom0 terminal - qubes-core-admin-whonix-4.0.1-1.fc25 noarch is already installednothing to do.complete After issuing the following command: sudo qubesctl state.sls qvm.anon-whonix I get the following message in dom0 terminal - 'state.sls qvm.anon-whonix" is not available...Dom0 configuration failed, not continuing. Per the whonix instructions, I tried sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-mgmt-salt-dom0-virtual-machines I get the following message in dom0 terminal "...is already installed, skipping. Dependencies resolved. Nothing to do. Complete!" My questions are: 1) How can I try to install whonix 14 again? 2) Did I just screw up my system with these edits and changes? If so how do I undo? Thanks for any ideas or help -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5773e2a-e64f-4c7c-84de-22d9bc4ac5e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: newbie question about converting pictures into a trusted image
I am using 4.0 and it works. 3.2 and 4.0 always created "untrusted" in the name when I converted an image...never quite undertood why but I doubt it just you "tirej..." -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee54df2c-0f56-48f1-b0cb-6178e90b63cf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't find a guide to setup a new fedora-28 template
Did you upgrade from Fedora 27 to Fedora 28: https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/ Or install a fresh template: https://www.qubes-os.org/doc/templates/fedora/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79c7a3df-c803-48c1-81d2-31bd4a90d983%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VM Manager update / VMM setup for AppQube for web or mail only?
I take a more whitelist/controlled approach with my multiple DVM. With 4.0 you can have multiple DVMs and have different DVMs for each domain(This can be changed in the "Advanced" tab in the AppVMs in 4.0). Very cool feature... For example: I have a DVM setup for printing only, the firewall rules on that DVM are: Address: Printers wireless IP = 192.168.1.6 (fixed IP in my case) Service(or port): 515 (Canon) or 9100 (HP) or other ports might be needed including 631, 427. Research your printer for whats required... Protocol: TCP only For my email IMAP AppVM(In the email AppVM "Firewall" tab): 2 Rules- Address: 66.11.4.135 (imap.fastmail.com) Service(or port): 993 Protocol: TCP Address: 66.11.4.140 (smtp.fastmail.com) Service(or port): 465 Protocol: TCP (To be honest I use a different email provider so the IP and ports are different but you get the idea. This info as with my own is usually published on thesite or available by asking the network admin) My "Web Surfing" DVM has no firewall rules i.e. "Allow All" which I can also print from. This could be tightened up if needed... I have played with my VPN AppVM as follows(kinda kill switch?): Address: 168.1.75.17 (IP address to my VPN connection) Service(or port): 1194 Protocol: TCP You might have a AdminVM for your router, firewall or switch which could be: Address: 192.168.4.6 Service(or port): 31006 (I think there are +65000 ports available) Protocol: TCP My sys-firewall does not have any restrictions With this set up, I can: a) Assign the Print DVM to my Vault and Email AppVM, I think most important for email Appvm to prevent a malicious attachment from "calling home" when opened(Althoug it could go thru my printer?). b) Assign the web surfing DVM to my "untrusted" domain c) Have a restricted AppVM for Web GUI admin functions I just take a more strict approach and block ALL then whitelist when needed...for me this gives me what I need. Again open to feedback if this is wrong... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12604ad6-67b4-42ec-90a0-8692337b61fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Just got this going, awesome Tasket. Thank you again Qubes team for what you do! Works like a charm...the only feedback is the newly updated "Qubes Manager" is sometimes "buggy" with the VPNApVM. I don't believe it impacts performance. Some notes: -Qubes 4.0 -Worked in Fedora28 and Debian9 template/Proxy VM -Changed the DNS to use Quad9 and it worked -Using PIA, utilizing the OpenVPN-IP files (haven't tried the other PIA configs from their site) - I needed to install Nautilus and OpenVPN for Debian9 (using my instructions below) I really struggled setting this up, but below are the steps/notes I followed in combination with the instructions on Github, the order to set this up does matter...hope this helps others out(open to feedback): Instructions for the "terminal" challenged: Using qTunnel: https://github.com/tasket/qubes-tunnel In a Template do this: For Debian proxy, add OpenVPN package to your VPN template(Fedora already has OpenVPN included): su apt-get install openvpn Download and transfer file to VPN template: https://github.com/tasket/qubes-tunnel.git cd “Then drag downloaded, unzipped file into terminal from tasket” sudo bash ./install sudo mkdir /rw/config/qtunnel Close Template. Create a proxy VM: Create proxy AppVM using VPN template: sys-VPN Colour: Green Provides Network Checked connect to sys-net (or firewall) Launch settings - Checked Settings: Add “Files” and “Terminal” to “Applications” in ProxyVM Add “qubes-tunnel-openvpn” to services, hit the + Optional - Change config DNS(Quad9 DNS), by adding the text below to the VPN config file, then hit save: setenv tunnel_dns '9.9.9.9 149.112.112.112’' In terminal move VPN config files to new proxy AppVM: sudo mv “Then highlight the VPN folder and drag to terminal” /rw/config/qtunnel cd /rw/config/qtunnel sudo ln -s xx.ovpn qtunnel.conf (xx is the VPN client config) sudo /usr/lib/qubes/qtunnel-setup --config Enter VPN name and password exit Restart AppVM...look for “Links is up” pop-up (Sorry if this is Top posting!) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a03013b6-1dde-4c8c-957a-a3b4fea15584%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VM Manager update / VMM setup for AppQube for web or mail only?
I'll take a shot, also willing to learn more if I am missing something: I would try to find the IP of the email provider if you are using a VM for email, e.g. Tutanota's IP address is: 81.3.6.162(no IMAP wit them), therefore my firewall settings for that VM would be: IP: 81.3.6.162 Service: https (or port 443) Protocol: TCP Things I have learned about the firewall include: 1) You can type a port number into the service field vs just using whats in the "Services" dropdown selection 2) MXToolbox is a good tool to find an IP address of a website 3) I created a print VM that only allows access to my networked printer IP and the network printer's port. With this VM I can access only the printer. Maybe your vault uses this VM as its DVM. I don't trust printers in general but at least its restricted For web only 443(https) and 80(http) are all that is needed for the most part. I believe ICMP(pings) and port 53(DNS) are allowed automatically. Open to being corrected? It would be nice to control the DNS more (Quad9 DNS resolver or OpenDNS). Not sure how to do this with ease. For Thunderbird, you could research your email providers IP and change the "*"/ANY for the specific IPs or IP. Google, Apple and others generally publish the ports needed for a service to work. Qubes team I would agree this latest update is working like a charm and has improved Qubes Manager and the Fedora/Pulse Audio update problem I was having. Thank you again for the work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ac5095b-a77a-449d-b6b4-60b4b20cd6b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Updating Fedora 27 errors in Qubes 4.0?
That seemed to workThx As you said I did the following commands: sudo dnf upgrade --allowerasing --best then reinstalled the packages that were to be removed by above command: sudo dnf install qubes-vm-recommended...something, something sudo dnf install pulse audio...something, something I still get the pulseaudio error when I try to update via GUI but it appears as if the other packages were updated in the fedora 28 template. After cloning the fedora 28 I still have a fresh template should this be resolved in the near future. Thanks again for a workable solution... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4d87e90-87a2-4b26-8634-eeb982b83679%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
