Re: [qubes-users] Disposable sys-net >> wifi login

['I Am 51lieal' via qubes-users]

Hello one7two99


It's possible currently i'm using fedora-34 DispVMs on sys-net, what you 
have to do :


```

nmcli device wifi list # scanning wifi

nmcli device wifi connect  password  # example 
nmcli device wifi connect 51lieal password one7two99


```

i dont like many icon on my panel so i did hide nmcli-applet.


On 7/11/21 6:20 PM, 799 wrote:

Hello,

I switches my setup and I am using static disposable VMs for sys-usb 
and sys-firewall (Based on an own template which has been cloned from 
a fedora-33-minimal template + the bare minimal packages).


I also would like to make my sys-net a disposable VM but without the 
hazzle to enter my wifi credentials each time when I am connecting to 
the wifi network.


Is there a way to initiate a wifi connection via dom0 and passing the 
credentials for the wifi network?
qvm-run --pass-io --auto sys-net 'command1 && commands && [...] 
command n' with passing credentials via piping from Dom0 ?
Basically I am looking how I can initiate a new wifi connection from 
the CLI.
If I know this, I can combine a script myself which will pass the 
relevant information from Dom0 to the sys-net.


And one more question:
Wouldn't it be much better if we always use disposable.sys-Vms when 
this is possible?


Kind regards

one7two99

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tvAAiLjvLLnuwAFt8BquSoDE-WZDbZPyszZz%3D8orNs%2BQ%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa079b20-fde1-aab0-6665-6d60bcea31b8%4051lie.al.


OpenPGP_0x343C22B407BFD71B.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

[qubes-users] Re: Using NextDNS in Qubes OS

[799]

Short Update after further testing how to setup NextDNS in Qubes.
I was able to change the DNS servers in my AppVM by editing
/etc/systemd/resolv.conf and adding the following lines:

DNS=dns1.nextdns.io
DNS=.dns1.nextdns.io
DNS=.dns2.nextdns.io
DNS=.dns2.nextdns.io
DNSOverTLS=yes

The exakt settings can be found in your NextDNS account under Setup for
systemd.

I had to restart the service after changing the config file:
systemctl restart systemd-resolved

DNS queries will now go via NextDNS as seen in the Live Log but if stop the
system-resolved service DNS is still working.
Most likely because /etc/resolv.conf in the AppVM is still pointing to the
default Qubes DNS IPs:

bash-5.0# cat /etc/resolv.conf
nameserver 10.139.1.1
nameserver 10.139.1.2

how can I make the DNS leakproof, so that DNS queries will only work via
the NextDNS nameservers and not via Qubes DNS?
Additionally what would be the best setup to place those DNS servers?
sys-net <- sys-vpn (expressvpn) <- sys-firewall <-- 
In each AppVM? Firewall-VM? VPN-VM?

regards

one7two99

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vAjtviUd%3D69yHjhCR32wMCC-kTu8G2uk%3Du0OZbyMA2wQ%40mail.gmail.com.

Re: [qubes-users] Safely set up a Qube to connect to only one IP address on the Internet

['awokd' via qubes-users]

Michael Singer:

Dear Qubes community,

i am interested in your ideas on how you would set up a Qube as secure as 
possible to connect to a single ordinary internet site (not a VPN network) 
accessed directly via its IP address.



What else would you do?


Possibly double-check and further restrict iptables & nftables on the 
qube itself, but could be an annoyance to maintain.


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24c557b7-9f98-8a41-adf5-6572751f5fba%40danwin1210.me.