[qubes-users] Qubes new Archlinux commits revoke old maintainer keys from keyring and update problems for existing/old archlinuxappvm
Sorry guys about the typos I am typing from my phone.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7c06b84-c5fa-47d3-9849-e5dcd485b77a%40googlegroups.com.
Re: [qubes-users] Qubes OS Network installation - Possible to Mirror dom0 iso contents?
Before I close this out downstream, just wanted to ask one last time if this will be possible? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd52d874-25c4-40e4-ae12-67ecc116710f%40googlegroups.com.
[qubes-users] HCL-ASUSTeK_COMPUTER_INC_-Strix_GL704GW_GL704GW
Today I installed Qubes-R4.0.3 onto an Asus ROG SCAR II GL704GW, basic info is attached. It works great, a brief HCL report follows for the HCL website (both inline and attached): layout: 'hcl' type: 'notebook' hvm: 'yes' iommu: 'yes' slat: 'yes' tpm: 'unknown' remap: 'yes' brand: | ASUSTeK COMPUTER INC. model: | Strix GL704GW_GL704GW bios: | GL704GW.302 cpu: | Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz cpu-short: | Intel Core i7-8750H chipset: | Intel Corporation Device [8086:3ec4] (rev 07) chipset-short: | FIXME gpu: | Intel Corporation Device [8086:3e9b] (prog-if 00 [VGA controller]) NVIDIA Corporation Device [10de:1f10] (rev a1) (prog-if 00 [VGA controller]) gpu-short: | NVidia RTX 2070 8GB network: | Intel Corporation Device a370 (rev 10) Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15) memory: | 32617 scsi: | Samsung SSD 860 Rev: 2B6Q usb: | 2 versions: - works: 'yes' qubes: | R4.0 xen: | 4.8.5-14.fc25 kernel: | 4.19.107-1 remark: | TBD: A method to control kb lighting, extent of NVidia RTX 2070 support. works: Basic video, audio, NIC, NVMe M.2 and SSD, WiFi, (no hw errors during install/patches) credit: | icurnet link: | FIXLINK GL, David -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAB6VU6cJNJHD%3DdXpJ5swF7G0E%2Beub-ZiPLkDA2_3ufoLNBFkuA%40mail.gmail.com. Qubes-HCL-ASUSTeK_COMPUTER_INC_-Strix_GL704GW_GL704GW-20200330-173054.yml Description: application/yaml
Re: [qubes-users] No Match for argument qubes-template-whonix-ws-15-4.0.1-201910102356.noarch ?
On 3/27/20 7:38 PM, Stumpy wrote: Complete! [nate@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community \ qubes-template-whonix-ws Using sys-whonix as UpdateVM to download updates for Dom0; this may take some time... No Match for argument qubes-template-whonix-ws Nothing to download [nate@dom0 ~]$ You can ignore the warnings when removing. To fix the above, use 'qubes-template-whonix-ws-15' for the package name. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7752ce09-ad08-65df-5cbd-f3550b2f34a8%40posteo.net.
Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
On 3/29/20 5:16 AM, scurge1tl wrote:
Chris Laprise:
On 3/27/20 5:02 AM, scurge1tl wrote:
Hello all,
I would like to ask about proper setting of AppVM flow if using
Mullvad VPN. I would like to connect to the clearnet following way: Me
- -> Tor -> VPN -> clearnet.
When setting up mullvad in their web page, I set the parameters for
download here https://mullvad.net/en/download/openvpn-config/ in a
following way:
- - All countries (so that I can change my exit country as needed)
- - Port -> TCP 443 (Tor doesn't use UDP, right?)
- - tick Use IP addresses
Using TCP 443 for the connection helps only if you are running the VPN
on top of Tor. With Tor on top of VPN, you're probably better off with UDP.
Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go
with UDP mullvad settings? Just to clear the "on top of".
To make it less ambiguous:
AppVM -> sys-whonix -> sys-vpn -> sys-net
The above connection is Tor on top of (or inside of) VPN, so UDP can be
used for the VPN. If sys-whonix and sys-vpn places were reversed, then
VPN should switch to TCP mode.
An easy way to remember this is that the sys-* VM attached to the AppVM
is the one the service sees on the other end.
To set the Mullvad VPN AppVM, I followed this guide from micahflee
https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
mullvad is vpn-mullvad. All works fine and connects to the network.
How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
vpn-mullvad -> sys-firewall, or I should use different setup?
Whonix has a guide that examines the issues of combining Tor and a VPN.
However, I think its better as a 'what-if/why' guide than a Howto...
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor
Thank you I will check it.
Are there any other steps to follow to prevent leaks?
Yes.
The Qubes-vpn-support project is much easier to setup and should work
more smoothly, in addition to providing better protection against leaks:
https://github.com/tasket/Qubes-vpn-support
There is also a VPN setup guide on the Qubes doc page (this is the one
the Whonix page links to). FWIW, I wrote the scripts for both but the
idea for Qubes-vpn-support was to automate the setup and improve the
connection handling of Openvpn so re-connection doesn't take 5 minutes.
It also checks the firewall to make sure leak prevention is in place
before initiating connections.
I will try to set the additional AppVM for this and try this guide. What
would be the linking of the AppVMs, if I would like to go Me -> Tor ->
VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM
-> sys-firewall ?
Also I would like to use different exit countries of choice, so I
downloaded all countries from mullvad. Is there any simple way to switch
countries with this VPN settings?
There is no GUI way to do it when using the Qubes scripts. However, if
you use the Network Manager method on the Qubes vpn howto, then you can
import multiple configs (and cross your fingers that they can make
connections :) ).
For a non-GUI solution, you could create a small script that lets you
choose which ovpn config to use, and 'cp' or 'ln' that choice to the
config filename that the scripts use (then restart the vpn). Some people
have used simple random selection without a prompt, like 'ln -s $( ls
*ovpn | shuf | head -n1 ) vpn-client.conf'.
Sorry for noob questions, I am new to the VPN stuff, just used Tor only
till now, but I need to use tor-unfriendly services from time to time
and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't
work in qubes-whonix and I therefore can't select exit country easily if
I need to. So I need to have the VPN country as a strict exit.
To use Tor-unfriendly services, the service has to see the VPN IP not
Tor exit node IP. Therefore...
AppVM -> sys-vpn -> sys-whonix -> sys-net
If you add sys-firewall (or similar proxyVM, as you probably don't want
to change sys-firewall netvm setting) in the mix, it just depends on
which VM you wish to add 'Qubes firewall' rules to it always goes
'to the right of' whichever VM you added rules. In my experience,
however, such rules are not required for securing a VPN link; The
internal (scripted) rules used by the VPN doc or Qubes-vpn-support
handle VPN security rather well. IOW, its better to forget placing
sys-firewall in the loop, at least until you're more used to Qubes
networking.
Thank you and I will let you know if it works!
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on
[qubes-users] Dependency problem in Qubes packages when updating to current Debian testing (bullseye)
Hi @all, I just followed the guide on converting a Debian template to Kali Linux. Apart from a new naming convention in Debian 11 repositories (bullseye/updates has been renamed to bullseye-security) everything worked fine. When executing the ''apt dist-upgrade'' I realized that the packages "qubes-core-agent-dom0-updates" and "qubes-vm-recommended" were to be removed. This seems to be due to the fact that "qubes-core-agent-dom0-updates" requires yum and yum-utiles, which both seem to be missing in Debian Testing. The former package is described as "Scripts required to handle dom0 updates." I don't think that I will ever use a Debian Testing/Kali-based VM for updating dom0 so this should not be a problem. However, "qubes-vm-recommended" depends on this package and therefore is removed during the upgrade. Is this a known issue? Maybe a bug that needs to be addressed in the packages? According to my tests/research "qubes-vm-recommended" is only a metapackage that specifies some dependencies which are recommended for best performance. All these dependencies should already be installed anyway and can still be installed manually if there are any problems. If you are a regular Qubes user and experience the same problem that I described above, there is likely nothing you need to do. I would have created a bug report but I don't really know where it should go. Would https://github.com/QubesOS/qubes-meta-packages be the right place? Regards, Phil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3ff313f-2a45-df64-3904-1e53abc38e11%40digitrace.de.
Re: [qubes-users] TemplateVM to StandaloneVM conversion
Hi unman Thanks. I've juste realised. Sorry. Le lun. 30 mars 2020 à 16:02, unman a écrit : > On Mon, Mar 30, 2020 at 02:55:48PM +0200, GD rub wrote: > > Hi, > > > > Is it possible to convert a TemplateVM to StandaloneVM (see also AppVM to > > StandaloneVM) ? > > > > Best, > > > > GD Rub > > > > In Qube Manager: > Qube -> Create new qube > Under Type, select "Standalone qube copied from a template" > > unman > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20200330140222.GA21581%40thirdeyesecurity.org > . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANE5ERZK9%3DyQrpRnJ--iR-33QDR%2BVfAgmRNt%2BtB3XiXEU3KEOQ%40mail.gmail.com.
Re: [qubes-users] TemplateVM to StandaloneVM conversion
On Mon, Mar 30, 2020 at 02:55:48PM +0200, GD rub wrote: > Hi, > > Is it possible to convert a TemplateVM to StandaloneVM (see also AppVM to > StandaloneVM) ? > > Best, > > GD Rub > In Qube Manager: Qube -> Create new qube Under Type, select "Standalone qube copied from a template" unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200330140222.GA21581%40thirdeyesecurity.org.
[qubes-users] TemplateVM to StandaloneVM conversion
Hi, Is it possible to convert a TemplateVM to StandaloneVM (see also AppVM to StandaloneVM) ? Best, GD Rub -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANE5ERZPJ0LufBT1%2BY_7mQntwo2t0B7Gp45DVdZ4ZQ3HPt%3DS-g%40mail.gmail.com.
