[qubes-users] Re: Windows 10 Pro HVM does not work with Mirage Firewall
On 28/04/2019 17:29, Claudio Chinicz wrote: > On 22/04/2019 16:28, Thomas Leonard wrote: >> On Friday, April 19, 2019 at 12:19:28 PM UTC+1, Claudio Chinicz wrote: >>> On 19/04/2019 12:05, Thomas Leonard wrote: On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote: > Hi All, > > Once again I turn to the Qubes Community to ask for help. > > I have a Mirage Firewall VM that works with HVM (Linux Mint) and > Debian/Fedora template-based PVMs. > > My Windows 10 HVM, which works just fine through sys-firewall > (copy/paste and file sharing with other VMs dont, but I can live > with it). > > I've tried setting up networking manually by adding its IP, mask and > gateway and rebooting but it did not work. It works with DHCP instead > when getting network through sys-firewall. > > I've followed all the ideas from here > (https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10) > > and it still did not work. > > One last piece of information, my Windows 10 Pro was successfully > activated using a key I provided. > > Any ideas? This is not critical, since I can continue using > sys-firewall, but would love to free some memory by using Mirage. There might be clues in the firewall VM's logs. You can see them with Qubes Manager (right-click on mirage-firewall and choose Logs -> guest-mirage-firewall.log). Open the logs just after booting Windows and seeing that networking doesn't work and look at the end. You can also do "sudo xl console mirage-firewall" in dom0 to follow the logs and then boot Windows and watch for new entries. >>> >>> Hi Thomas, >>> >>> Thanks in advance. Please see below logs from guest-mirage-firewall.log. >>> My Windows VM is 10.137.0.21. >>> >>> What really surprises me is why I does not work even if I set my >>> ip/mask/gateway as it works with Linux Mint? What's different with >>> Windows? >>> >>> Best Regards, >>> >>> Claudio >>> >>> 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: >>> "/mapped-ip/10.137.0.21/visible-ip" = "10.137.0.21" >>> 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: >>> "/mapped-ip/10.137.0.21/visible-gateway" = "10.137.0.23" >> [...] >>> 2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1? >>> 2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not >>> responding >> >> (continued at https://github.com/mirage/qubes-mirage-firewall/issues/56) >> > > Hi everybody, > > We've made progress investigating this issue (see on > https://github.com/mirage/qubes-mirage-firewall/issues/56) and now it > seems related to Windows drivers (I'm currently using virtual PCI > devices provided by QEMU with is Windows 10 HVM). > > There may be a solution using Windows PV network driver > (https://xenproject.org/windows-pv-drivers/) but there are 5 options and > I'm not sure which ones to download and install. They are WINDOWS PV > 8.2.2 BUS DRIVER (XENBUS.TAR), WINDOWS PV 8.2.2 INTERFACE > (XENIFACE.TAR), WINDOWS PV 8.2.2 NETWORK CLASS DRIVER (XENVIF.TAR), > WINDOWS PV 8.2.2 NETWORK DEVICE DRIVER (XENNET.TAR), WINDOWS PV 8.2.2 > STORAGE HOST ADAPTER DRIVER (XENVBD.TAR). > > One one has ever tried using Windows PV net driver with Windows HVM? any > help much appreciated. > > Thanks, > > Claudio > > > Hi All, Thanks to Thomas efforts and patience, now Mirage for Qubes can be used by Windows 10 Pro (HVM) users as a lightweight alternative to sys-firewall. For those interested, please see on GitHub: https://github.com/mirage/qubes-mirage-firewall/issues/56 Best -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/qaeq19%2461eb%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: Windows 10 Pro HVM does not work with Mirage Firewall
On 22/04/2019 16:28, Thomas Leonard wrote: On Friday, April 19, 2019 at 12:19:28 PM UTC+1, Claudio Chinicz wrote: On 19/04/2019 12:05, Thomas Leonard wrote: On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote: Hi All, Once again I turn to the Qubes Community to ask for help. I have a Mirage Firewall VM that works with HVM (Linux Mint) and Debian/Fedora template-based PVMs. My Windows 10 HVM, which works just fine through sys-firewall (copy/paste and file sharing with other VMs dont, but I can live with it). I've tried setting up networking manually by adding its IP, mask and gateway and rebooting but it did not work. It works with DHCP instead when getting network through sys-firewall. I've followed all the ideas from here (https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10) and it still did not work. One last piece of information, my Windows 10 Pro was successfully activated using a key I provided. Any ideas? This is not critical, since I can continue using sys-firewall, but would love to free some memory by using Mirage. There might be clues in the firewall VM's logs. You can see them with Qubes Manager (right-click on mirage-firewall and choose Logs -> guest-mirage-firewall.log). Open the logs just after booting Windows and seeing that networking doesn't work and look at the end. You can also do "sudo xl console mirage-firewall" in dom0 to follow the logs and then boot Windows and watch for new entries. Hi Thomas, Thanks in advance. Please see below logs from guest-mirage-firewall.log. My Windows VM is 10.137.0.21. What really surprises me is why I does not work even if I set my ip/mask/gateway as it works with Linux Mint? What's different with Windows? Best Regards, Claudio 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: "/mapped-ip/10.137.0.21/visible-ip" = "10.137.0.21" 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: "/mapped-ip/10.137.0.21/visible-gateway" = "10.137.0.23" [...] 2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1? 2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding (continued at https://github.com/mirage/qubes-mirage-firewall/issues/56) Hi everybody, We've made progress investigating this issue (see on https://github.com/mirage/qubes-mirage-firewall/issues/56) and now it seems related to Windows drivers (I'm currently using virtual PCI devices provided by QEMU with is Windows 10 HVM). There may be a solution using Windows PV network driver (https://xenproject.org/windows-pv-drivers/) but there are 5 options and I'm not sure which ones to download and install. They are WINDOWS PV 8.2.2 BUS DRIVER (XENBUS.TAR), WINDOWS PV 8.2.2 INTERFACE (XENIFACE.TAR), WINDOWS PV 8.2.2 NETWORK CLASS DRIVER (XENVIF.TAR), WINDOWS PV 8.2.2 NETWORK DEVICE DRIVER (XENNET.TAR), WINDOWS PV 8.2.2 STORAGE HOST ADAPTER DRIVER (XENVBD.TAR). One one has ever tried using Windows PV net driver with Windows HVM? any help much appreciated. Thanks, Claudio -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/qa4dcf%2447ip%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 10 Pro HVM does not work with Mirage Firewall
On Friday, April 19, 2019 at 12:19:28 PM UTC+1, Claudio Chinicz wrote: > On 19/04/2019 12:05, Thomas Leonard wrote: > > On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote: > >> Hi All, > >> > >> Once again I turn to the Qubes Community to ask for help. > >> > >> I have a Mirage Firewall VM that works with HVM (Linux Mint) and > >> Debian/Fedora template-based PVMs. > >> > >> My Windows 10 HVM, which works just fine through sys-firewall > >> (copy/paste and file sharing with other VMs dont, but I can live with it). > >> > >> I've tried setting up networking manually by adding its IP, mask and > >> gateway and rebooting but it did not work. It works with DHCP instead > >> when getting network through sys-firewall. > >> > >> I've followed all the ideas from here > >> (https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10) > >> and it still did not work. > >> > >> One last piece of information, my Windows 10 Pro was successfully > >> activated using a key I provided. > >> > >> Any ideas? This is not critical, since I can continue using > >> sys-firewall, but would love to free some memory by using Mirage. > > > > There might be clues in the firewall VM's logs. You can see them with Qubes > > Manager (right-click on mirage-firewall and choose Logs -> > > guest-mirage-firewall.log). Open the logs just after booting Windows and > > seeing that networking doesn't work and look at the end. > > > > You can also do "sudo xl console mirage-firewall" in dom0 to follow the > > logs and then boot Windows and watch for new entries. > > > > Hi Thomas, > > Thanks in advance. Please see below logs from guest-mirage-firewall.log. > My Windows VM is 10.137.0.21. > > What really surprises me is why I does not work even if I set my > ip/mask/gateway as it works with Linux Mint? What's different with Windows? > > Best Regards, > > Claudio > > 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: > "/mapped-ip/10.137.0.21/visible-ip" = "10.137.0.21" > 2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: > "/mapped-ip/10.137.0.21/visible-gateway" = "10.137.0.23" [...] > 2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1? > 2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding (continued at https://github.com/mirage/qubes-mirage-firewall/issues/56) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90a21fd2-ae0b-4963-86ac-4c91155e7112%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 10 Pro HVM does not work with Mirage Firewall
On 19/04/2019 12:05, Thomas Leonard wrote:
On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote:
Hi All,
Once again I turn to the Qubes Community to ask for help.
I have a Mirage Firewall VM that works with HVM (Linux Mint) and
Debian/Fedora template-based PVMs.
My Windows 10 HVM, which works just fine through sys-firewall
(copy/paste and file sharing with other VMs dont, but I can live with it).
I've tried setting up networking manually by adding its IP, mask and
gateway and rebooting but it did not work. It works with DHCP instead
when getting network through sys-firewall.
I've followed all the ideas from here
(https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10)
and it still did not work.
One last piece of information, my Windows 10 Pro was successfully
activated using a key I provided.
Any ideas? This is not critical, since I can continue using
sys-firewall, but would love to free some memory by using Mirage.
There might be clues in the firewall VM's logs. You can see them with Qubes
Manager (right-click on mirage-firewall and choose Logs ->
guest-mirage-firewall.log). Open the logs just after booting Windows and seeing
that networking doesn't work and look at the end.
You can also do "sudo xl console mirage-firewall" in dom0 to follow the logs
and then boot Windows and watch for new entries.
Hi Thomas,
Thanks in advance. Please see below logs from guest-mirage-firewall.log.
My Windows VM is 10.137.0.21.
What really surprises me is why I does not work even if I set my
ip/mask/gateway as it works with Linux Mint? What's different with Windows?
Best Regards,
Claudio
2019-04-18 11:20:10 -00:00: INF [client_net] Client 18 (IP: 10.137.0.21)
ready
2019-04-18 11:20:10 -00:00: INF [ethernet] Connected Ethernet interface
00:16:3e:5e:6c:00
2019-04-18 11:20:11 -00:00: INF [client_net] add client vif
{domid=17;device_id=0}
2019-04-18 11:20:11 -00:00: INF [qubes.db] got rm
"/qubes-iptables-domainrules/"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-header" = "# Generated by Qubes Core on Thu Apr 18
14:20:11 2019\n*filter\n:INPUT DROP [0:0]\n:FORWARD DROP [0:0]\n:OUTPUT
ACCEPT [0:0]\n-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP\n-A
INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -p
icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -j REJECT
--reject-with icmp-host-prohibited\n-A FORWARD -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT\n-A FORWARD -i vif+ -o vif+ -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/10" = "*filter\n-A FORWARD -s 10.137.0.18
-j ACCEPT\n-A FORWARD -s 10.137.0.18 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/17" = "*filter\n-A FORWARD -s 10.137.0.21
-j ACCEPT\n-A FORWARD -s 10.137.0.21 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/14" = "*filter\n-A FORWARD -s 10.137.0.13
-j ACCEPT\n-A FORWARD -s 10.137.0.13 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/9" = "*filter\n-A FORWARD -s 10.137.0.8 -j
ACCEPT\n-A FORWARD -s 10.137.0.8 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: "/qubes-iptables"
= "reload"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/mapped-ip/10.137.0.21/visible-ip" = "10.137.0.21"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/mapped-ip/10.137.0.21/visible-gateway" = "10.137.0.23"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/" = "action=accept"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/policy" = "drop"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21" = ""
2019-04-18 11:20:11 -00:00: INF [qubes.db] got rm
"/qubes-firewall/10.137.0.21/"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/" = "action=accept"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/policy" = "drop"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21" = ""
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1?
2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP 0.0.0.0
in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP
10.137.0.1 in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1?
2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.21?
2019-04-18 11:20:22 -00:00: INF [client_eth] ignoring request for
client's own IP
2019-04-18 11:20:22 -00:00: WRN
[qubes-users] Re: Windows 10 Pro HVM does not work with Mirage Firewall
On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote: > Hi All, > > Once again I turn to the Qubes Community to ask for help. > > I have a Mirage Firewall VM that works with HVM (Linux Mint) and > Debian/Fedora template-based PVMs. > > My Windows 10 HVM, which works just fine through sys-firewall > (copy/paste and file sharing with other VMs dont, but I can live with it). > > I've tried setting up networking manually by adding its IP, mask and > gateway and rebooting but it did not work. It works with DHCP instead > when getting network through sys-firewall. > > I've followed all the ideas from here > (https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10) > > and it still did not work. > > One last piece of information, my Windows 10 Pro was successfully > activated using a key I provided. > > Any ideas? This is not critical, since I can continue using > sys-firewall, but would love to free some memory by using Mirage. There might be clues in the firewall VM's logs. You can see them with Qubes Manager (right-click on mirage-firewall and choose Logs -> guest-mirage-firewall.log). Open the logs just after booting Windows and seeing that networking doesn't work and look at the end. You can also do "sudo xl console mirage-firewall" in dom0 to follow the logs and then boot Windows and watch for new entries. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd71cfb3-05ef-4ce9-b101-d257fac5d439%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
