[qubes-users] error an not enough memory

[QubesOS-ML]

hello
when doing a
qvm-start --all
i got
b' Snapshot origin LV fm-fedora-25-privat not found in volume group

and also
Start failed: internal error libexenlight failed to create new domain 
'personal

not enough memory to start domain 'untrusted'
not enough memory to start domain 'vault'
not enough memory to start domain 'work'

why this happen i have 8GB RAM
and how to fix or solve it

Installed is Qubes-R4.0-rc1-x86_64 with a sudo qubes-dom0-update

thanks for feedback
have a nice day

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/facaeba7ee96a9cb2a87247e475b3c73%40kozo.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: AMD and ME?

[taii...@gmx.com]

On 09/04/2017 11:50 PM, taii...@gmx.com wrote:


On 09/04/2017 01:42 PM, Finsh wrote:

Wy not simply apply ME_cleaner? I doesnt remove all of the ME 
functions, but as far as ive understood it will wipe out the official 
Intel firmware, leaving only a stub of it to bring up the 
(Sandybridge) CPU before shutting down the ME.
It is still active, if you actually shut it off or somehow removed the 
chip physically the system would cease to function as ME is integral 
to a variety of things so says intel (a slick way to stop people from 
getting rid of it)


There is still a litany of mysterious opaque code, even after ME 
cleaner - and that's the stuff that you can notice - it doesn't 
include mask roms or undocumented EEPROM chips.


Post sandy/ivy bridge a lot less gets stripped out too, but if you're 
going to get ivy/sandy laptop you might as well get a Lenovo G505S and 
skip ME/PSP. (performance equal to sandy bridge)


With the KGPE-D16, KCMA-D8, Lenovo G505S and of course the extra high 
performance TALOS 2 there is no reason at all to buy a system with 
ME/PSP hardware rootkits - one ends up spending **less money for 
higher performance by going with an owner controlled system*** 
ironically (to get TALOS 2's POWER9 performance you'd spend twice as 
much with intel/amd)
I play modern games on my libre firmware KGPE-D16, I sacrifice 
absolutely nothing to be free.


FFFfff typo - correction one spends more money by purchasing a non-owner 
controlled system.
TALOS 2 with a board and CPU is $2100, whereas an intel system with 
PCI-e 4.0 and 12+ threads would cost above 3K+


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/284ac5d3-d37b-940d-238a-53d1d36aaf78%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: AMD and ME?

[taii...@gmx.com]

On 09/04/2017 01:42 PM, Finsh wrote:


Wy not simply apply ME_cleaner? I doesnt remove all of the ME functions, but as 
far as ive understood it will wipe out the official Intel firmware, leaving 
only a stub of it to bring up the (Sandybridge) CPU before shutting down the ME.
It is still active, if you actually shut it off or somehow removed the 
chip physically the system would cease to function as ME is integral to 
a variety of things so says intel (a slick way to stop people from 
getting rid of it)


There is still a litany of mysterious opaque code, even after ME cleaner 
- and that's the stuff that you can notice - it doesn't include mask 
roms or undocumented EEPROM chips.


Post sandy/ivy bridge a lot less gets stripped out too, but if you're 
going to get ivy/sandy laptop you might as well get a Lenovo G505S and 
skip ME/PSP. (performance equal to sandy bridge)


With the KGPE-D16, KCMA-D8, Lenovo G505S and of course the extra high 
performance TALOS 2 there is no reason at all to buy a system with 
ME/PSP hardware rootkits - one ends up spending less money for higher 
performance by going with a non-owner controlled system ironically (to 
get TALOS 2's POWER9 performance you'd spend twice as much with intel/amd)
I play modern games on my libre firmware KGPE-D16, I sacrifice 
absolutely nothing to be free.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e31772b-811f-7be8-b4be-8642773573aa%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Adding a second monitor fails

[AJ]

On Monday, September 4, 2017 at 7:01:01 AM UTC-5, cez...@gmail.com wrote:
> Den mandag den 4. september 2017 kl. 00.35.31 UTC skrev ajme...@gmail.com:
> > Qubes OS version (e.g., R3.2):
> > 
> > R3.2
> > 
> > 
> > Expected behavior:
> > 
> > When I went into display settings and saw my second monitor, I clicked the 
> > "Use this display" button and it should have let me use my second display.
> > 
> > 
> > Actual behavior:
> > 
> > Qubes kicks me out to the sign in screen and won't let me sign back in 
> > unless I reinstall the entire operating system.
> > 
> > 
> > Steps to reproduce the behavior:
> > 
> > Go to display settings and click "Use this display" on your second monitor.
> > 
> > 
> > General notes:
> > 
> > I reinstalled Qubes twice and each time it did the same thing. I have 2 MSI 
> > GTX 970s running in SLI (at least in Windows. Not sure if it works in 
> > Qubes). I am using 1 HDMI port on each card.
> 
> I cannot provide you with a straight solution, but perhaps a workaround. Here 
> are some thoughts.
> 
> In my experience it often fails when you try to install Qubes with nvidia, 
> especially modern cards, but old cards have their quirks too. It's especially 
> bad without nvidia proprietary drivers, which have to be installed in Dom0 
> after the Qubes installation if you want them to work properly. To begin 
> with, it's nice that you even managed to boot up Qubes with your nvidia 
> cards. 
> 
> * Did you install nvidia in Dom0 before attempting to enable your second 
> monitor btw?
> * Alternatively, did you try install Qubes while the second monitor was on?
> 
> * Also SLI might indeed be a factor too, you might want to try disable it and 
> see if it works. Assuming that you're new to Qubes, imho, it's well worth the 
> trouble, Qubes is awesome.
> 
> * Do you have on-board graphics? Like for example Intel integrated graphics 
> in your CPU? Intel graphics is known to run quite well in Linux/Qubes.
> 
> If you do have Intel integrated graphics (change to primary in bios, you 
> don't need to remove the graphic cards) then this is the most likely approach 
> that will work without much trouble. Also you hardly need anything more than 
> Intel graphics, Qubes can't run games or similar yet anyway. You will have to 
> switch screen cables or use a KVM to do so, if you choose to dual-boot with 
> windows or another system. Assuming you still use your graphics card on your 
> dual-boot systems.
> 
> Also I find it odd that you have to re-install Qubes. I usually have the 
> opposite problem, my screen settings never ever stick with me between reboots 
> or screen reconnections, I believe the fault is in XFCE4, I have to make an 
> automated script to make settings stick.
> 
> Perhaps a similar solution would make it easier to test without having to 
> re-isntall Qubes every time. If you find the file which saves the second 
> monitor configuaration, at least you should be able to edit it without having 
> to re-install every time you try something new.
> 
> Does tty terminal work? (Ctrl+Alt+F2, Ctrl+Alt+F1, etc.)?
> Irregardless, too little information, it would be helpful if you provide more 
> details, especially if someone more knowledgeable drops by. I'm just a 
> regular user like you, after all.


I did try installing Qubes while the second monitor was on but I did not 
install nvidia propietary drivers to Dom0. I will reinstall as soon as I can 
and try your solutions. Thanks for the help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b343ab81-527c-4bd7-906f-ebf3a8d216e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Adding a second monitor fails

[AJ]

I did try installing Qubes while the second monitor was on but I did not 
install nvidia propietary drivers to Dom0. I will reinstall as soon as I can 
and try your solutions. Thanks for the help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46deb24b-472b-4ea1-9c72-3018b76a79f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.55.57 UTC skrev Guerlan:
> But it does support UEFI, as I already installed arch linux in uefi mode. So 
> if it supports, why it won't boot qubes?

https://en.wikipedia.org/wiki/Secure_boot

Apparently Apple uses something else, which apparently even predates secure 
boot.
This however might also give a clue as to why Linux Arch/Windows works, while 
Qubes isn't, at at least on a 2011 version of Apple's, unless Qubes uses an old 
key.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/961b7894-01e8-4b09-9a96-4116577cfb0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proprietary application needs activation in each VM. But DVM?

[Unman]

On Sat, Sep 02, 2017 at 11:18:14PM -0300, Franz wrote:
> On Fri, Sep 1, 2017 at 11:54 AM, Unman  wrote:
> 
> > > Anyway I tried to start again debian-8-multimedia-dvm  and the empty file
> > > is there, still empty. Also there is a folder and an hidden file from
> > > Softmaker that do not appear on normal DispVMs
> > >
> >
> > This shows that your disposableVMs are not using the updated
> > DVMTemplate.
> > Whenever this issue has come up in the past, it's invariably been solved
> > by a slow and methodical approach.
> > Make sure that the DVMTemplate has customisations and the
> > .qubes-dispvm-customized file in /home/user (It does, you say.)
> > Close down the DVMTemplate.
> > Wait.
> > Regenerate the DVMTemplate (as you have).
> >
> > If this doesnt work, then try closing all disposableVMs, qvm-remove the
> > debian-8-multimedia-dvm, and start again.
> >
> >
> >
> I rebooted the whole computer, did what you suggested, but what is strange
> is that when I start the normal DispVM it starts immediately and the usual
> screen (telling that the first time it is slow, but later will be faster)
> does not appears. Is that expected?
> 
> Any way the DispVM does not contain the files that are in the
> DispVM-template, particularly the softmaker folders and the hidden
> .qubes-dispvm-customized

You havent said what you did - ie which of the methods I suggested you
acted upon.

If the disposableVM does not contain the files that are in the
DispVM Template then there's something seriously wrong - either in what
you are doing or in the code. I suspect it's the former.

Did you delete all the files and start again from scratch?
What happens when you run qvm-create-default-dvm?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170904191443.42cwxaafhbxhg5n6%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.55.57 UTC skrev Guerlan:
> But it does support UEFI, as I already installed arch linux in uefi mode. So 
> if it supports, why it won't boot qubes?

Unfortunately knowledge is limited on that, the first I would guess would be 
wrong secure boot keys, but as you said you have no secure boot on your system. 

However as memory serves, secure boot isn't always possible to disable or even 
detect. Perhaps this is the case with your machine? As such, Arch might have a 
secure key that works with your 2011 UEFI with force enabled secure boot. While 
Qubes isn't using a key, which will be allowed to be install. 

As far as I know, secure boot is as old as UEFI, or at least older than 2011.

I don't know for sure, but if I had to guess, it's probably that secure boot 
might be there without realizing it. Even if there are no settings available 
for it, therefore it won't be obvious if secure boot is running in the 
background during boot.

Basically it comes down to tracking if secure boot is really there (hidden) or 
not, before you can eliminate it as a source to the problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6292e569-5471-49fd-985c-3ff97e3f72eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[Guerlan]

But it does support UEFI, as I already installed arch linux in uefi mode. So if 
it supports, why it won't boot qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e32f4ac-327f-43d7-88a3-cd62c5179c3d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 18.24.34 UTC skrev Guerlan:
> Its a macbook air 2011. So old it doesn't have secure boot :(

True, it might not work since it's that old, irregardless of secure boot. 

Found this too, 
https://forums.macrumors.com/threads/macbook-air-2013-is-the-first-mac-that-supports-efi-booting-on-windows-natively.1600147/
 
It's EFI Windows on Mac 2013, so it might be the same issue with Linux EFI 
support too on older Mac's. 

I don't follow MacOS development much, but it does indeed seem like it is lack 
of UEFI support in older Macbook versions, or at the very least a likely 
hunch/guess.

I guess you could say that the reason it won't work on older models is the lack 
of support, while in contrast on modern models it is a question of having the 
right matching secure boot keys between hardware and the OS to boot/install. 
Beyond that, there are a few UEFI machines that are bugged and doesn't work 
properly. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f85f6e3a-f512-4e0d-88d8-4c5894125cf8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Preinstallation

[Unman]

On Sun, Sep 03, 2017 at 08:29:54AM -0700, Finsh wrote:
> that would be great, where can i get this script?
> 

Write it youself. :-)
A quick alternative would be to create a launcher on the desktop - (Right
click - Create Launcher)
Name - Change
Command - passwd

Select "Run in terminal"

Change permissions to make it executable.
Have your friend double click on icon and change password.
Delete when done.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170904184051.qjxaocigsemweuox%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[Guerlan]

Its a macbook air 2011. So old it doesn't have secure boot :(

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fea6528d-a716-4fd6-9f6e-18e075a71493%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[Mark Eubanks]

Thanks for responding.  I'm sure its a firewall issue of some sorts.  it 
doesn't matter which nic I use, the onboard one or the usb I can ping from 
either to the private network outside the vmNETwork fine pinging the adaptors 
connected to the Dom0 doesn't get a reply.  It should be a routing issue that 
the link you sent might fix but the funny thing is that I have Qubes plugged 
into my modem switch and I can see it in the arp table , which you would think 
I could ping it

thanks for trying 


On Monday, September 4, 2017 at 12:37:03 PM UTC-4, cez...@gmail.com wrote:
> Den mandag den 4. september 2017 kl. 13.11.49 UTC skrev Mark Eubanks:
> > On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> > > I have created a NETVM and I have connect the usb nic to the vm and is 
> > > working. It shows up in Connection manager and I can give it a static IP 
> > > . So I've also connected a different physical laptop with a cross over 
> > > cable to the usb nic going to the NETVM. Both nics are on the same 
> > > network and I can ping from the NETVM to the physical but I don't get a 
> > > reply from the NETVM. I can see both in both arp tables . Any ideas why 
> > > the physical doesn't get a reply?
> > 
> > I agree it sounds like a firewall but I see that it shows allow imcp 
> > traffic. What I'm trying to do is make Qubes a passthrough firewall.. so I 
> > need 2 nics on the laptop
> 
> Apologies for late reply, had a short leave for work.
> 
> I'm not the most knowledgeable on this topic, especially the Qubes firewalls. 
> However I believe NetVM must have a default firewall too, to block 
> unauthorized requests, otherwise it would be quite simple and too easy to 
> attack the NetVM. 
> So it seems to me that the NetVM has a default firewall, (routor firewall 
> behavior like), blocking unauthorized incoming signals. 
> 
> To solve that (Assuming it is indeed the problem), I believe 
> https://www.qubes-os.org/doc/firewall/ might be quite helpful, down in the 
> port forwarding section. Here it seems you should be able to poke a hole for 
> your connection in the NetVM. 
> 
> You separated all this from your other networks right? As far as I know, it 
> should be secure enough if this has no internet connection, while on a 
> separate Qubes network.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c47fa9d2-fe87-4725-aaba-b27b44a15cc0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Connecting a usb nic and another laptop

[Unman]

On Mon, Sep 04, 2017 at 08:50:16AM -0700, Mark Eubanks wrote:
> BUMP -- anyone know why the virtual can ping out but the outside can't ping 
> in? 
> 
> On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> > I have created a NETVM and I have connect the usb nic to the vm and is 
> > working. It shows up in Connection manager and I can give it a static IP . 
> > So I've also connected a different physical laptop with a cross over cable 
> > to the usb nic going to the NETVM. Both nics are on the same network and I 
> > can ping from the NETVM to the physical but I don't get a reply from the 
> > NETVM. I can see both in both arp tables . Any ideas why the physical 
> > doesn't get a reply?
> 

No need to bump - a little patience is a good thing.

run 'iptables -L -nv' on the netvm - look at the INPUT chain.
The incoming ping is dropped there.

In 3.2 each qubes has its own iptables rules in addition to those set upstream
by the firewall mechanism. You can customise these if you wish by
manipulation from /rw/config using rc.local and
qubes-firewall-user-script

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170904180152.njgghxjsu7jmb7xg%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: AMD and ME?

[Finsh]

Wy not simply apply ME_cleaner? I doesnt remove all of the ME functions, but as 
far as ive understood it will wipe out the official Intel firmware, leaving 
only a stub of it to bring up the (Sandybridge) CPU before shutting down the ME.


cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61997d0b-e90b-43fb-baa5-cbb489516aa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0-rc1 installer won't boot

[David Hobach]

On 09/04/2017 05:35 AM, Jason Holt wrote:

Rebooting in legacy mode allowed me to install, but then it wouldn't boot.  
Tried the standard fixes listed in the docs, but didn't see how they were 
supposed to work with 4.0, gave up.  Optimistic for the future of qubes, anyway.



Try modifying the Xen options in grub, in particular try removing 
iommu=gpuonly or so.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0a6efc0-2f49-154c-fafb-be3b39746ea7%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Re: Connecting a usb nic and another laptop

[cezgeth]

Den mandag den 4. september 2017 kl. 13.11.49 UTC skrev Mark Eubanks:
> On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> > I have created a NETVM and I have connect the usb nic to the vm and is 
> > working. It shows up in Connection manager and I can give it a static IP . 
> > So I've also connected a different physical laptop with a cross over cable 
> > to the usb nic going to the NETVM. Both nics are on the same network and I 
> > can ping from the NETVM to the physical but I don't get a reply from the 
> > NETVM. I can see both in both arp tables . Any ideas why the physical 
> > doesn't get a reply?
> 
> I agree it sounds like a firewall but I see that it shows allow imcp traffic. 
> What I'm trying to do is make Qubes a passthrough firewall.. so I need 2 nics 
> on the laptop

Apologies for late reply, had a short leave for work.

I'm not the most knowledgeable on this topic, especially the Qubes firewalls. 
However I believe NetVM must have a default firewall too, to block unauthorized 
requests, otherwise it would be quite simple and too easy to attack the NetVM. 
So it seems to me that the NetVM has a default firewall, (routor firewall 
behavior like), blocking unauthorized incoming signals. 

To solve that (Assuming it is indeed the problem), I believe 
https://www.qubes-os.org/doc/firewall/ might be quite helpful, down in the port 
forwarding section. Here it seems you should be able to poke a hole for your 
connection in the NetVM. 

You separated all this from your other networks right? As far as I know, it 
should be secure enough if this has no internet connection, while on a separate 
Qubes network.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6df991c3-63e4-46c6-9876-d6274715f055%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[Mark Eubanks]

On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> I have created a NETVM and I have connect the usb nic to the vm and is 
> working. It shows up in Connection manager and I can give it a static IP . So 
> I've also connected a different physical laptop with a cross over cable to 
> the usb nic going to the NETVM. Both nics are on the same network and I can 
> ping from the NETVM to the physical but I don't get a reply from the NETVM. I 
> can see both in both arp tables . Any ideas why the physical doesn't get a 
> reply?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38fdcc9e-1d2a-4aad-9820-719852b53558%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[Mark Eubanks]

BUMP -- anyone know why the virtual can ping out but the outside can't ping in? 

On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> I have created a NETVM and I have connect the usb nic to the vm and is 
> working. It shows up in Connection manager and I can give it a static IP . So 
> I've also connected a different physical laptop with a cross over cable to 
> the usb nic going to the NETVM. Both nics are on the same network and I can 
> ping from the NETVM to the physical but I don't get a reply from the NETVM. I 
> can see both in both arp tables . Any ideas why the physical doesn't get a 
> reply?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8b98635-d699-41e7-93d9-21a17d59109f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[Mark Eubanks]

On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
> I have created a NETVM and I have connect the usb nic to the vm and is 
> working. It shows up in Connection manager and I can give it a static IP . So 
> I've also connected a different physical laptop with a cross over cable to 
> the usb nic going to the NETVM. Both nics are on the same network and I can 
> ping from the NETVM to the physical but I don't get a reply from the NETVM. I 
> can see both in both arp tables . Any ideas why the physical doesn't get a 
> reply?

I agree it sounds like a firewall but I see that it shows allow imcp traffic. 
What I'm trying to do is make Qubes a passthrough firewall.. so I need 2 nics 
on the laptop  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a311db6a-c22b-4af1-946e-f8a7c48da834%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting a usb nic and another laptop

[cezgeth]

Den mandag den 4. september 2017 kl. 12.15.29 UTC skrev Mark Eubanks:
> I have created a NETVM and I have connect the usb nic to the vm and is 
> working. It shows up in Connection manager and I can give it a static IP . So 
> I've also connected a different physical laptop with a cross over cable to 
> the usb nic going to the NETVM. Both nics are on the same network and I can 
> ping from the NETVM to the physical but I don't get a reply from the NETVM. I 
> can see both in both arp tables . Any ideas why the physical doesn't get a 
> reply?

Sounds like its a firewall that blocks incoming connections which wasn't 
established first by an outgoing connection? Are there any firewalls between? 
It doesn't sound like you put a firewall between them, but on the other hand, 
the ping behaviour does on the contrary sound a lot like a firewall.

Also if moving a lot of files is your goal, perhaps you might want try 
www.Syncthing.net (free, open source). You will have to allow it through the 
firewall though, or alternatively do it on a separate connection like you're 
doing now. 
Optionally if syncthing is running where internet is accessible, you can 
disable the global discovery in syncthing. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b50c23df-b648-4626-8741-a52c815bbae8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why Qubes won't UEFI boot on Macbook Air and why it isn't fixed?

[cezgeth]

Den mandag den 4. september 2017 kl. 01.04.07 UTC skrev Guerlan:
> but why it won't work? I was intersted in the reason behind this, and why it 
> wasn't fixed. Also, did you install rEFInd before?

UEFI and booting up through EFI should work just fine on most systems, however 
without secure boot enabled. If your motherboard allow it, disable your secure 
boot, or delete your secure boot keys. Some systems want you to do both to 
actually disable it fully, simply disabling it might not be enough without 
removing your keys also. 
Notice however, if you delete your secure boot keys, you will break any 
currently installed OS's relying on the secure boot keys. For example typical 
windows installations, but even other Linux systems using the keys will break. 
I have no idea about MacOS, but be sure to check before you delete your keys.

Some motherboards allow you to backup your keys too, which might be an option 
if you just want to test it. But do your research and make backups before you 
take such risks.

Once secure boot is disabled, you should be able to install with UEFI and load 
the EFI boot files.

It's likely secure boot causing the problem, not UEFI/EFI. 
So in conclusion, legacy boot is definitely not the only option to install 
Qubes.

I believe the reason is Qubes is still not supported in the secure boot keys, 
rather than a bug. There are UEFI bugs too, but it's supposed to be on few 
systems, unless you have Lenovo where UEFI bugs apparently happens frequently.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31c2bf3d-3d15-4533-80a6-6fdec4e53d74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Connecting a usb nic and another laptop

[Mark Eubanks]

I have created a NETVM and I have connect the usb nic to the vm and is working. 
It shows up in Connection manager and I can give it a static IP . So I've also 
connected a different physical laptop with a cross over cable to the usb nic 
going to the NETVM. Both nics are on the same network and I can ping from the 
NETVM to the physical but I don't get a reply from the NETVM. I can see both in 
both arp tables . Any ideas why the physical doesn't get a reply?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b989afdb-b158-4d38-bd72-0ac8a2dd4bb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Adding a second monitor fails

[cezgeth]

Den mandag den 4. september 2017 kl. 00.35.31 UTC skrev ajme...@gmail.com:
> Qubes OS version (e.g., R3.2):
> 
> R3.2
> 
> 
> Expected behavior:
> 
> When I went into display settings and saw my second monitor, I clicked the 
> "Use this display" button and it should have let me use my second display.
> 
> 
> Actual behavior:
> 
> Qubes kicks me out to the sign in screen and won't let me sign back in unless 
> I reinstall the entire operating system.
> 
> 
> Steps to reproduce the behavior:
> 
> Go to display settings and click "Use this display" on your second monitor.
> 
> 
> General notes:
> 
> I reinstalled Qubes twice and each time it did the same thing. I have 2 MSI 
> GTX 970s running in SLI (at least in Windows. Not sure if it works in Qubes). 
> I am using 1 HDMI port on each card.

I cannot provide you with a straight solution, but perhaps a workaround. Here 
are some thoughts.

In my experience it often fails when you try to install Qubes with nvidia, 
especially modern cards, but old cards have their quirks too. It's especially 
bad without nvidia proprietary drivers, which have to be installed in Dom0 
after the Qubes installation if you want them to work properly. To begin with, 
it's nice that you even managed to boot up Qubes with your nvidia cards. 

* Did you install nvidia in Dom0 before attempting to enable your second 
monitor btw?
* Alternatively, did you try install Qubes while the second monitor was on?

* Also SLI might indeed be a factor too, you might want to try disable it and 
see if it works. Assuming that you're new to Qubes, imho, it's well worth the 
trouble, Qubes is awesome.

* Do you have on-board graphics? Like for example Intel integrated graphics in 
your CPU? Intel graphics is known to run quite well in Linux/Qubes.

If you do have Intel integrated graphics (change to primary in bios, you don't 
need to remove the graphic cards) then this is the most likely approach that 
will work without much trouble. Also you hardly need anything more than Intel 
graphics, Qubes can't run games or similar yet anyway. You will have to switch 
screen cables or use a KVM to do so, if you choose to dual-boot with windows or 
another system. Assuming you still use your graphics card on your dual-boot 
systems.

Also I find it odd that you have to re-install Qubes. I usually have the 
opposite problem, my screen settings never ever stick with me between reboots 
or screen reconnections, I believe the fault is in XFCE4, I have to make an 
automated script to make settings stick.

Perhaps a similar solution would make it easier to test without having to 
re-isntall Qubes every time. If you find the file which saves the second 
monitor configuaration, at least you should be able to edit it without having 
to re-install every time you try something new.

Does tty terminal work? (Ctrl+Alt+F2, Ctrl+Alt+F1, etc.)?
Irregardless, too little information, it would be helpful if you provide more 
details, especially if someone more knowledgeable drops by. I'm just a regular 
user like you, after all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a3ed718-4bef-4763-9f8d-d5a036e4d60d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] YubiKey w/3.2 - screen locker program

[anguilla1980]

I'm following the tutorial here for the YubiKey:

https://www.qubes-os.org/doc/yubi-key/

But when I get to step 5, I'm stumped. When I go to /etc/pam.d/ of the fedora 
template, I don't see anything that looks like a screen locker program. I'm on 
the default 3.2 config running the default xfce gui on dom0. 

What the am I missing? I would think the screen program is in the dom0, but the 
tutorial makes it seem like it's in the fedora template.

I'm for sure being a total n00b on this one lol. 

Thanks! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57eedcc2-70dd-4788-ad42-18897236e1b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.