Re: [qubes-users] Re: Qubes 3.2 Error when Re-Installing of Qubes Windows Tools 3.2.2.3
Hello Yethal, On 09/06/2017 11:14 PM, Yethal wrote: W dniu środa, 6 września 2017 19:31:03 UTC+2 użytkownik PR napisał: on my Windows 7 HVM USB devices could not be recognized when beeing attached via sys-usb (...) I'm 99% sure you can't attach single usb devices to windows vms. Only entire pci controllers can be attached via qvm-pci Thank you for the hint, I have examined the USB-Controller-Layout of my Lenovo X230 and came to the conclusion to pass USB 3.0 Controller to my Windows HVM as I will only loose 2 out of 3 USB-Ports to my Windows AppVM and my internal LTE-Card which is also connected to the same PCI-Controller. After adding the PCI-Controller to my Windows HVM I had to set pci_strictreset false to be able to boot into windows. When looking under devices, the controller is not listed as USB controller. Instead I see two entries with a yellow warning sign under "Other devices": - Universal Serial Bus (USB) Controller - XP001 XENBUS VBD Any idea what is missing to get USB support in my Win7 HVM? Regards - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07346c49-ac79-1919-7735-25107d649f91%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Lenovo X230 - List of USB-Ports and USB-Controllers (Layout)
Hello,
an interesting question that might influence the answer "Which Laptop
should I buy" can be the way USB-Ports and internal USB-devices are
connected to the USB-Controllers.
In cases where you need to pass through a whole USB-PCI-Controller to an
AppVM this influences which other (internal) USB-devices and Ports you
"loose" to this AppVM.
I recently bought a refurbished Lenovo X230 (150 Eur) added 16GB RAM and
a SSD and it runs superb under Qubes 3.2.
There the design of the USB-Ports/USB-Devices of the X230, which might
also be helpfull to others:
00:1d.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family
USB Enhanced Host Controller #1 (rev 04)
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate
Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
00:1a.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family
USB Enhanced Host Controller #2 (rev 04)
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate
Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
=> Bus 002 Device 004: ID 04f2:b2eb Chicony Electronics Co., Ltd =
720p HD Integrated camera
=> Bus 002 Device 003: ID 0a5c:21e6 Broadcom Corp. BCM20702
Bluetooth 4.0 [ThinkPad]
=> connects to: Right USB-Port (next to Ethernet-Port)
00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset
Family USB xHCI Host Controller (rev 04)
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
=> Bus 002 Device 002: ID 0bdb:1926 Ericsson Business Mobile
Networks BV 1 = LTE/WAN-Card
=> connects to: Left USB-Port (next to VGA-Display-Out)
=> connects to: Left USB-Port (next Mini-DisplayPort-Out)
One question:
why the first USB-Controller doesn't seem to connect any USB-devices/-ports.
I have attached each of the 3 USB-Controllers to my sys-usb AppVM and
then looked up which USB-devices are recognized ('lsusb' in sys-net) and
tested out which USB-Ports work.
Any idea what is happening with the first Controller?
Kind regards
- PhR
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6e8fa373-ca08-b133-4cc5-32eb4109abaa%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.2 Error when Re-Installing of Qubes Windows Tools 3.2.2.3
Hello, on my Windows 7 HVM USB devices could not be recognized when beeing attached via sys-usb. Therof I uninstalled Qubes Windows Tools and tried to reinstall after a reboot. Strangely installation is now failing with an error: "installer has encountered an unexpected Error installing this package. ... The Error code is 2753" Any suggestion what is wrong and where to troubleshoot the problem? kind regards - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5006efab-cb8b-0ca9-7076-50d33164e159%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)
Hello Chris, On 08/22/2017 05:37 PM, Chris Laprise wrote: Working with OpenConnect would be great. There is also a GUI part that needs to be installed: NetworkManager-openconnect-gnome in Fedora. I tried all hints you have given, but nothing seems to work. At least I was able to get a fedora-25 based proxy VM up and running and my work AppVm could connect through the proxy (without any VPN involved) I've decided to try to setup AnyConnect from within my Work AppVM and use openconnect-gnome to connect to our Cisco ASA. I have therof created a new template based on a fedora 25 clone and made sure that NetworkManager-openconnect-gnome is installed in the template. But if I start the AppVM and start Network Manager I can open the Create new VPN window but all options are still greyed out - can someone reproduce this problem on Qubes 3.2 - Launch Network Connections from the App Menu - Right Click > Edit Connections - Add - Connection Type = VPN - Cisco AnyConnect Compatible VPN (openconnect) - Create - all options are greyed out in the next Screen Any options how to make this work? Finally, I should mention leak prevention measures. If you are able to get the VPN to function with proxyVM + appVMs, you can then add these commands in proxyVM to prevent appVMs from having non-VPN access: iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP These need to show up at the _top_ of the FORWARD chain, which is why '-I' insert is used; You can ensure they'll be at the top by executing them last after a connection is made (probably from /rw/config/qubes-firewall-user-script). I'll try to get VPN up and running first, then I can harden it. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c250aa2e-73c1-3e1e-4fae-1f09329791a0%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows 7 HVM: how to remove Users-Folder-Redirection?
Hello, I would like to remove the redirection which has been made by Qubes Tools: C:\Users --> E:\Users As I can't run this within windows is there any trick to remove the link without booting up a 2nd OS? Next question is, what is the downside if I have my USERS-folders on c:\ instead of e:\ - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a8bb457-67f6-4cad-7c7b-8490a89d0b46%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)
Hello, On 08/22/2017 12:55 AM, Chris Laprise wrote: Some more questions: [...] some more information: Strangely I can connect via OpenConnect from the command line/CLI: root@my-work:~# openconnect -u MYUSERNAME VPNLINK.com POST https:/// Attempting to connect to server 213.xxx.xxx.xxx:443 SSL negotiation with Connected to HTTPS on XML POST enabled Please enter your username and password. GROUP: [MYCOMPANY]:MYUSERNAME POST https:/// XML POST enabled Please enter your username and password. Password: POST https:/// Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected tun0 as 172.21.2.13, using SSL Established DTLS connection (using GnuTLS). Ciphersuite AES256-SHA. I can then connect to my corporate network. As such it seems that the problem of greyed out fields in the VPN-Setup of Network-Manager is not a OpenConnect issue, but more a Network Manager problem. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c21b2b40-0342-968f-eafe-fb6440b903e4%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)
Hello Chris,
On 08/22/2017 12:55 AM, Chris Laprise wrote:
Is this Qubes 3.2?
Yes.
What changes does the Cisco client make to the routing table ('route'
command)?
Before starting AnyConnect:
[user@my-work-vpn ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.137.2.1 0.0.0.0 UG0 00 eth0
10.137.2.1 0.0.0.0 255.255.255.255 UH0 00 eth0
After starting AnyConnect:
[user@my-work-vpn ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.137.2.1 0.0.0.0 UG0 00 eth0
10.5.48.0 0.0.0.0 255.255.255.0 U 0 00 cscotun0
10.137.2.1 0.0.0.0 255.255.255.255 UH0 00 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 cscotun0
vsrv-dc-3. 0.0.0.0 255.255.255.255 UH0 0 0 cscotun0
vsrv-dc-2. 0.0.0.0 255.255.255.255 UH0 0 0 cscotun0
213.xxx.xxx.xxx 10.137.2.1 255.255.255.255 UGH 0 00 eth0
What changes (if any) to 'FORWARD' chain ('iptables -L')?
Before starting AnyConnect:
[user@my-work-vpn ~]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
After starting AnyConnect:
[user@my-work-vpn ~]$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ciscovpn all -- anywhere anywhere
ciscovpnfw all -- anywhere anywhere
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ciscovpn all -- anywhere anywhere
ciscovpnfw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ciscovpn all -- anywhere anywhere
ciscovpnfw all -- anywhere anywhere
Chain ciscovpn (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp
spt:bootpc dpt:bootps
ACCEPT udp -- anywhere anywhere udp
spt:bootps dpt:bootpc
ACCEPT udp -- anywhere anywhere udp
spt:dhcpv6-client dpt:dhcpv6-server
ACCEPT udp -- anywhere anywhere udp
spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT tcp -- 10.137.2.26 213.xxx.xxx.xxx tcp dpt:https
ACCEPT tcp -- 213.xxx.xxx.xxx 10.137.2.26 tcp spt:https
ACCEPT udp -- 10.137.2.26 213.xxx.xxx.xxx udp dpt:https
ACCEPT udp -- 213.xxx.xxx.xxx 10.137.2.26 udp spt:https
RETURN all -- 10.137.2.26 anywhere
RETURN all -- anywhere 10.137.2.26
RETURN all -- 10.137.2.26 10.137.2.26
RETURN all -- 10.137.2.26 10.137.2.26
RETURN udp -- 10.137.2.26 224.0.0.251 udp dpt:mdns
RETURN udp -- 10.137.2.26 after launching it I can
224.0.0.251 udp dpt:mdns
RETURN udp -- 10.137.2.26 239.255.255.250 udp dpt:ssdp
RETURN udp -- 10.137.2.26 239.255.255.250 udp dpt:ssdp
RETURN all -- anywhere base-address.mcast.net/4
RETURN all -- 10.137.2.26 base-address.mcast.net/4
RETURN all -- anywhere 255.255.255.255
RETURN all -- 10.137.2.26 255.255.255.255
RETURN all -- 172.21.2.13 a.de/24
RETURN all --
Re: [qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)
Hello Chris On 08/21/2017 06:28 PM, Chris Laprise wrote: On 08/20/2017 05:38 PM, 'PhR' via qubes-users wrote: Unfortunately the App-VM which uses the VPN Proxy VM can't connect. The Setup: sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM) (...) You could ping a known IP address from the appVM. If it works the problem is likely limited to DNS. Pinging a VPN-Adress from within my Proxy VPN (work-vpn) after connecting via anyConnect VPN works. But pinging from my work-AppVM doesn't work. In the proxyVM, check the contents of /etc/resolv.conf after your Cisco client connects. If its updated (not a 10.137.x.x number) you can run /usr/lib/qubes/qubes-setup-dnat-to-ns to enable DNS forwarding over the VPN. Ihave checked /etc/resolv.conf: [user@my-work-vpn ~]$ cat /etc/resolv.conf domain intern.MYCOMPANY.de nameserver 192.168.1.6 nameserver 192.168.1.11 nameserver 10.137.2.1 nameserver 10.137.2.254 search intern.MYCOMPANY.de Another setting to check is /proc/sys/net/ipv4/ip_forward which should contain a value of '1'. Also, the iptables 'POSTROUTING' chain should have a masquerade target: $ cat /proc/sys/net/ipv4/ip_forward It is enabled (content: 1) $ sudo iptables -L -t nat [user@my-work-vpn ~]$ sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination PR-QBS all -- anywhere anywhere PR-QBS-SERVICES all -- anywhere anywhere Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere MASQUERADE all -- anywhere anywhere Chain PR-QBS (1 references) target prot opt source destination DNAT udp -- anywhere 10.137.5.1 udp dpt:domain to:10.137.2.1 DNAT tcp -- anywhere 10.137.5.1 tcp dpt:domain to:10.137.2.1 DNAT udp -- anywhere 10.137.5.254 udp dpt:domain to:10.137.2.254 DNAT tcp -- anywhere 10.137.5.254 tcp dpt:domain to:10.137.2.254 Chain PR-QBS-SERVICES (1 references) target prot opt source destination Do I need to tweak any other rules or setting in the ProxyVM or AppVM? As the ProxyVM can perfectly connect to corporate servers, VPN is working. If I switch the Net-VM in my work AppVM to the normal sys-firewall I can connect to the internet. As such it seems that both proxyVM and AppVM seem to work normaly but not if I put everything together. Any more ideas? - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a478774d-4ae0-7c17-dff5-5585855d707a%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Problem connecting via VPN ProxyVM (VPN works, but AppVM can't connect)
Hello, I have successfully setup a fedora 25 bases ProxyVM, which has Cisco's Anyconnect Secure Mobility Client installed. I can successfully connect via VPN and can also ping/reach servers via VPN. Unfortunately the App-VM which uses the VPN Proxy VM can't connect. The Setup: sys-net <-- sys-firewall <-- my-vpn (Proxy VM) <-- my-work (App VM) As I can connect from the Proxy my-vpn VM, it seems the problem is between the connection of my App-VM to the new Proxy VPN VM. How can I troubleshoot and investigate the issues? - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/691f3971-2607-c52b-d146-8fdc53471395%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4rc1 and Windows 7 :: Can it be done (already)?
hello, for my business tasks I need to have a windows 7 HVM running as some programs are only available in windows like our ERP/CRM. After some testing windows was running ok under Qubes 3.2, but I haven't found any information regarding Qubes 4.x and Windows 7. It seems that it can't be done with the current version RC1 as I can't choose "stand alone" when creating a new AppVM. As windows support is very important to me and I guess also other (potential) business users: What are the plans for supporting windows including seamless mode on Qubes 4? If this is not supported I am forced to use Qubes 3.2 which results in another question: How long will Qubes 3.2 be supported? kind regards - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b40049e6-fc04-b8e8-6453-9b1b54fc8262%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
Hello, On 08/11/17 21:54, Foppe de Haan wrote: Question: should windows-7 HVMs imported from R3.2 Just Work™ in R4? additional questions: 1) Can I install Windows at all, since it seems that there are no qubes-windows-tools available . 2) What is the strategy with Windows Support in Qubes 4? In order to have Qubes ready for the enterprise business, I'd like to see seamless windows working in Qubes 4. 3) Is someone actually working on the Qubes Windows Tools? If not, would it help if we raise a budget as motivation? - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e61aabc3-e621-ca09-ce0e-5629181f6671%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles
Hello Daniel, when working with Qubes, I write all information into my own Wiki. Here my notes regarding the installation of a Window 7 HVM: Windows HVM Skip to end of metadata See also: https://www.qubes-os.org/doc/windows-appvms/ * Update Windows Tools sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools * Mount External HDD containing the windows installer ISO to the VM untrusted qvm-usb -a untrusted sys-usb:4-3 * Create new windows VM qvm-create win7 --hvm --label green * Start new windows VM with attached installer-ISO qvm-start globits --cdrom=untrusted:/run/media/user/WDEXT2TB/win7pro-32-de.iso (will start the VM and run the installer ISO) * First restart after ~4 min restart manually qvm-start globits * Further installation, restart manually qvm-start globits * Further installation, restart manually qvm-start globits * Start into Desktop / Updates -> decide later * Allow unsigned drivers by opening a CMD as administrator bcedit /set testsigning on * Install Windows Tools qvm-start globits --install-windows-tools * Change qrexec timeout because User Folder will be moved qvm-prefs -s qrexec_timeout 300 * Enable Debug Mode via Qubes Manager GUI * Enable auto-Login by starting netplwiz within Windows vm * Enable Seamless Mode / Disable Debug Mode via Qubes Manager GUI Attention: i had big problems getting seamless mode to work, and found out the reason after lots of troubleshooting. It seems that seamless mode will not work with all display resolutions. I have 3 K-display with a native resolution of 2.880 x 1.620 Pixels. With this resolution seamless mode didn't work, I had to change the resolution to a standard resolution. You might also look here: https://groups.google.com/forum/#!msg/qubes-users/Ia73yb4lCGA/s8Qp9dl4CQAJ https://github.com/QubesOS/qubes-issues/issues/1896 Which resolution are you using in Qubes? - PhR On 08/11/17 22:02, Daniel Nelson wrote: On Friday, August 11, 2017 at 8:29:09 AM UTC-7, yura...@gmail.com wrote: On Friday, August 11, 2017 at 12:04:44 AM UTC, Daniel Nelson wrote: Did you ever make additional progress on your problems with QWT? I encountered all the same issues you did, and the one I've not been able to solve is always having to run my Win7 apps in debug mode, thus losing the possibility of lovely seamless integration. I tried what you suggested about backing out the latest QWT and installing the previous version. I tried it first with simply uninstalling from my VM, with quirky results, so I went ahead and created a fresh VM. This particular behavior continues, though, also with the GUI agent outdated protocol error on exit, and usually with two Win7 related QubesDB files that need to be manually deleted prior to relaunching as well. Did you try the opposite approach and use the packages from the testing repositories? sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools I'm unaware if the fix is still in testing, however the MegaTraveller guy verified (28 December, 2016) that this worked for him, in this thread https://github.com/QubesOS/qubes-issues/issues/2488 Also, as annoying and time consuming it may be, you might want to make a fresh HVM install again. As far as I've understood, it's not recommended to re-install QWT. I would however suggest to make a fresh backup of your Win7 from the moment it's just freshly installed, so you don't have to do more work than needed in the future. Thanks very much for the additional link. I'll do more reading. As to your questions... I was unable to fetch QWT from the live repo. I've been using only what I can get from the test repo. I tried both ways of doing things already... meaning that I tried uninstalling the tools from the Win7 VM, removing them from Qubes, fetching the previous version, then installing them into the VM. Since that didn't work I then did it the other way (deleting the VM and starting from scratch, but still with the previous version of QWT). The first way gave a pretty unstable Win7 VM. The second way worked fine, but the exit errors and lack of seamless functionality was the same as with the latest version of QWT. I'll dig more into the link you provided and see if I can find some joy. Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03a0d3cd-01dc-f4fc-7d39-9064966bba3f%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows 7 problems (R3.2)
Hello, I also had some trouble getting Windows 7 to run in seamless mode but learned a lot during installations :-) On 08/10/17 19:38, hugonco...@gmail.com wrote: If I start the VM in Seemless GUI, it goes on but doesn't open any application (with and without debug mode on). If I start the VM without Seemless GUI, it only goes on with debug mode on, otherwise it'll follow the above pattern. In total I ended up installing windows roughly 20 times, tweaking lots of settings - but if know how it can be done, you get rewarded with a working windows installation which is running fine in seamless mode. I can walk you through the process, you can send me a private email so that we can do instead of bothering people on the list ;-) As suggested the first thing you need to do is creating a new windows 7 HVM and install windows (all in debug mode), don't make any windows updates and don't install additional applications. If the you have the windows HVM restarted several times and it is running smoothly, shutdown and make a backup so that we can use this HVM in case we mess something up. Afterwards we try to get things up & running. Also, 2nd problem, I've installed MS Office, I've copied the shortcuts to the "All Programs" folder and I'm unable to find them in the "Applications" tab in the VM config. Is there anything I can do? Also, other installed programmes don't appear on the list, it's not just Office. Some application install their shortcuts under c:\users\... and other under c:\users\all users or something similar - I don't have my windows VM running to look. Qubes will only grab the programs from one location, I think c:\users\..Startmenu You need to copy the shortcuts there and then they will be available in Qubes :-) I can look up the exact folders, when I start my old Qubes Laptop, currently I am running 4rc1 without a windows HVM. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/062276c4-27c0-6901-df37-efa761871851%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
On 08/06/17 09:16, Foppe de Haan wrote: Notifications - I haven't seen any notifications at all, like starting/stopping of VMs or when a new USB-device has been attached. Would like to see the notification from Qubes 3.2 in Qubes 4 Agreed. Positioning of Blockdevice and Running VMs widgets: I see my self moving the mouse from left to right a lot, just to start programs and get information (from the widgets) - again Qubes Manager was much more comfortable. few options for you: - Alt-f2 (or alt-f1+arrow keys) is your friend. :p - you can also choose to permanently move either the start menu or the widgets to the left of the menu bar. :) Ok, I haven't used Alt+F2 before, this looks interesting, but I haven't figured out how to use it. Does it offers auto-completion? Is it possible to have something like a desktop widget, showing all running AppVMs? Would a toggle to permanently expand/unfold the manager-widget do? Or do you also want additional features accessible from that QM-widget? It seems that we need to restart Qubes 4rc1 after reinstallation at least one or two times, so that the widgets are working - maybe this should be added to the documentation (?) I have also updated dom0, maybe this brought also the solution? Now all running VMs are shown in the widget, before I could only see sys-net and sys-firewall there. IDEA "QuickstartBar": Could we get something like a shortcut so that a launch bar will open up, where I can enter either bash commands or something like: untrusted:firefox and then Firefox opens in my AppVM named untrusted (general syntax: AppVM:Command/Program? task completion would even be easier? Beyond what you can do with alt-f2 (in xfce) + searching + arrow key navigation? As mentioned, I havent used that before, can this be used without mouse-navigation? I've to enter untrusted: Terminal but when hitting enter, nothing happens, except a red stop sign. need to find out the syntax of that quick launcher, having the graphical menu available from the quick-launcher is a nice addon, but this needs more time, then just using the start menu. The AppVM widget is only showing sys-usb, sys-net, sys-firewall, not other AppVMs which are running. If this concerns VMs you've created yourself, this should probably be fixed in the next update. Or do you mean the 'devices' widget? This has been fixed, after some restarts, I can now also see usb devices in the device widget and can attach them from there to the running VMs - very nice. I like having block and usb devices in one view. What would be nice, but I don't know if this can be done: If a device has been attached to a VM, maybe it can be highlighted or marked with a symbol in the device widget menu. As such I can see directly which devices are attached. currently I need to open the menu entry and I can then see, which AppVM has the device attached (can be identified because it is grayed out and offers an eject button). The "Create Qubes VM" menu entry could also be enhanced so that we have the option to create a clone from an existing VM. Maybe via something like an additional option "Clone from " Not sure I'd use this often enough for it to make sense -- isn't this part of what dispvms are for? Maybe you are right, but now I have to go to terminal to clone a vm. What I am doing is, that I leave the default templates untouched and create a clone of them, which I then use for my AppVMs. This makes sure that I can always test an AppVM with the "original" default Qubes template for troubleshooting. Working with USB devices: Could we improve the handling of usb devices. Currently it seems that it is impossible to add a usb-device to a VM without touching the terminal. Huh? That should be there now, even if it doesn't look the part, and isn't very intuitive (devices widget in notification area? Or doesn't that do usb devices yet? (I can't test this myself due to a different bug)). Solved, my mistake as mentioned above, it seems that Qubes needs one or two restarts until the Widgets are working correctly. A possible bug (?): If you shutdown sys-usb the USB-devices are gone from the list, and won't come back when restarting sys-usb. Another strange effect: I can then see entries called QEMU_QEMU_USB_Tablet_42 for every running AppVM. Is this the virtual USB Hub in every AppVM? I think this should be hidden from the widget. From user perspective I would like to get a notification popup as soon as I attach something to my laptop, then allowing me to choose with the next click where to attach this device to. If I am attaching a device it is most time because I need to get this device into an AppVM. When I attach a usb device through the
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
Hello, after having problems to install Qubes on my X200 I have installed 4rc1 on my other laptop (Lenovo W540). Installation was sucessfull and the only tweak I needed was to remove iommu=no-igfx from grub boot. I have uses Qubes 4rc1 now for ~2,5 hours, my feedback so far: positive: * in Qubes 3.2 the whole system froozes for a few seconds when a new VM was started. In Qubes 4rc1 this seems to be solved. list of things that might need improvement, meant as constructive feedback - of course I am very thanksfull to the work of the Qubes Team. * when launching an application from the start menu I would like to see a notification about the user interaction. Currently nothing happens, if the new apps needs a few seconds to start the user might click again * Notifications - I haven't seen any notifications at all, like starting/stopping of VMs or when a new USB-device has been attached. Would like to see the notification from Qubes 3.2 in Qubes 4 * After setting up various AppVMs, working with templates, I feel that Qubes Manager is definitly missing as it allowed me to have a quick look, what is currently running and also attaching block devices was much easier. If I plugin an USB harddrive I see no notification and I need to attach devices via terminal, to much user interactions, compared to a graphical solution * Positioning of Blockdevice and Running VMs widgets: I see my self moving the mouse from left to right a lot, just to start programs and get information (from the widgets) - again Qubes Manager was much more comfortable. Is it possible to have something like a desktop widget, showing all running AppVMs? * IDEA "QuickstartBar": Could we get something like a shortcut so that a launch bar will open up, where I can enter either bash commands or something like: untrusted:firefox and then Firefox opens in my AppVM named untrusted (general syntax: AppVM:Command/Program? task completion would even be easier? * The AppVM widget is only showing sys-usb, sys-net, sys-firewall, not other AppVMs which are running. * In the "Start Menu" (left side) I would like to additional commands like (Start VM, Shutdown VM, Remove VM) maybe separated or at the beginning or end of the menu? Remove VM should of cause show a dialog which needs further user interaction. * The "Create Qubes VM" menu entry could also be enhanced so that we have the option to create a clone from an existing VM. Maybe via something like an additional option "Clone from " * It seems impossible to hide VMs or VM-templates from the "Start Menu", whoch could be done via qvm-prefs in Qubes 3.2. Why? This setting was very usefull. * Working with USB devices: Could we improve the handling of usb devices. Currently it seems that it is impossible to add a usb-device to a VM without touching the terminal. Maybe we need an usb widget or a submenu in the USB-App-VM? From user perspective I would like to get a notification popup as soon as I attach something to my laptop, then allowing me to choose with the next click where to attach this device to. If I am attaching a device it is most time because I need to get this device into an AppVM. * Fonts/Display Resolution seems to be different compared to Qubes 3.2. My Laptop has a 3K resolution 2880x1620 Pixels. In 4rc1 the qubes window frames (which seems to be rendered in dom0) are small, but the content in the window (content of the AppVM) is using a bigger font (DPI-size). How can this be resolved? * qvm-top ... seems to be gone, how can I quickly get a list of all running VMs? something like: qvm-ls --running * Copy & Paste between AppVMs: I now have to enter the name of the target AppVM when pasting via global clipboard (Shift+Ctrl+V). While this adds more security, it is a pain for the user, when copying a lot. Could it make possible to have the option to get a slightly easier copy process: the current appvm, to which the window belongs is already selected in the list of the target VM. If the user hits Enter two (!) times, the content of clipboard would be pasted into this AppVM clipboard. Benefit: additional security as not content will be copied by coincident (you need to press Enter twice) but easier copy & paste process when copying lots of entries between two AppVms. * Backup and Restore of VMs should be possible via GUI not only per terminal. feedback so far, I continue to test. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit
Re: [qubes-users] dvm starting extremly slow -> SOLVED via Updates fedora-25 and dom0
Hello, just a followup to my last post: On 07/27/2017 08:54 PM, cooloutac wrote: same thing has been happening to me and I was going to make a post about it, but then it just fixed itself. I'm also using fedora-25 for the dvm. I have updated my fedora-25 template and also dom0 and it seems that the slow DVM startup problem has been either solved or it "fixed itself" :-) After applying the updates the fedora 25 DVM starts faster than the fedora 23 DVM within 9 seconds, compared to 15 seconds (fedora 23) on a lenovo X200 with 8GB RAM. Just for reference / the googlemail mailing-list archives the result of systemd-analyze blame: 25.151s qubes-meminfo-writer.service 25.074s qubes-iptables.service 25.066s abrtd.service 14.087s qubes-dvm.service 995ms dev-xvdd.device 546ms qubes-mount-dirs.service 507ms qubes-misc-post.service 459ms qubes-sysinit.service 425ms vpnagentd.service 382ms abrt-ccpp.service 318ms systemd-udev-trigger.service 298ms systemd-journal-flush.service 293ms cups.service 289ms udisks2.service 237ms systemd-udevd.service 208ms systemd-modules-load.service 207ms systemd-fsck-root.service 185ms kmod-static-nodes.service 180ms upower.service 179ms sys-kernel-debug.mount 171ms systemd-logind.service 139ms dev-xvdb.device 137ms user@1000.service 127ms systemd-journald.service 125ms xendriverdomain.service 123ms systemd-remount-fs.service 118ms proc-xen.mount 110ms systemd-vconsole-setup.service 105ms auditd.service 101ms qubes-early-vm-config.service 100ms systemd-random-seed.service 96ms fedora-readonly.service 82ms qubes-db.service 74ms polkit.service 73ms dev-mqueue.mount 70ms systemd-user-sessions.service 69ms qubes-gui-agent.service 64ms rtkit-daemon.service 60ms systemd-tmpfiles-setup-dev.service 59ms systemd-tmpfiles-setup.service 58ms fedora-loadmodules.service 57ms systemd-sysctl.service 52ms sys-kernel-config.mount 29ms systemd-update-utmp-runlevel.service 17ms systemd-update-utmp.service 16ms dev-xvdc1.swap 13ms qubes-qrexec-agent.service 12ms dracut-shutdown.service 10ms tmp.mount - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3dea8b35-b7fc-93a4-4035-37939abcfb64%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] dvm starting extremly slow -> guid
Hello Patrik, On 07/26/2017 04:24 PM, Patrik Hagara wrote: On 07/26/2017 11:07 AM, 'P R' via qubes-users wrote: Any idea where to look further and was is happening exactly between "qrexec done" and "guid done"? Try running systemd-analyze blame in the DispVM for both old and new template, maybe some service is misbehaving. Thank your for the hint, I've run 'systemd-analyze blame' in the dvm, which was based on the fedora-23-image and launches firefox within 15 seconds. I've also run 'systemd-analyze blame' in my fedora-25 based dvm, which is currently launching firefox in 62 seconds (vs. 15 seconds with a fedora-23 dvm) I've compared the output of systemd-analyse blame in both dvms and the greatest difference is within the last few lines (I have attached the full output at the bottom of this email): Fedora-25 DVM: starting a disposable Firefox within 60-70 seconds = very slow! 1min 41.053s qubes-update-check.service 20.913s qubes-dvm.service 17.748s ldconfig.service 8.011s dev-xvdd.device 3.482s systemd-hwdb-update.service Fedora-23 DVM: starting a disposable Firefox within 15 seconds 16.052s qubes-dvm.service 15.864s ldconfig.service 6.085s dev-xvdd.device 2.774s systemd-hwdb-update.service As such my conclusion: 1) qubes-dvm.service seems to eat up more time compared to the fedora-23dvm 2) an additional service "qubes-update-check.service" seems to be running in the fedora-25 dvm which is not included in the fedora-23 dvm. Someone has more ideas where to look further. Is the timestamp the starting time of the service? If so, qubes-dvm.service runs much much longer in the fedora-25 dvm. More important question: what are the options to fix this? --- Output of systemd-analyse blame in my fedora-23 DVM: 16.052s qubes-dvm.service 15.864s ldconfig.service 6.085s dev-xvdd.device 2.774s systemd-hwdb-update.service 2.549s systemd-udevd.service 2.464s dev-xvdb.device 1.899s qubes-mount-dirs.service 1.819s qubes-sysinit.service 1.747s systemd-tmpfiles-setup-dev.service 958ms systemd-journal-flush.service 951ms abrtd.service 527ms auditd.service 505ms systemd-fsck-root.service 435ms qubes-db.service 427ms abrt-ccpp.service 400ms qubes-iptables.service 359ms upower.service 327ms polkit.service 312ms qubes-misc-post.service 259ms systemd-udev-trigger.service 251ms systemd-tmpfiles-setup.service 238ms proc-xen.mount 236ms systemd-journal-catalog-update.service 233ms dev-mqueue.mount 230ms kmod-static-nodes.service 221ms fedora-readonly.service 219ms systemd-logind.service 201ms systemd-sysctl.service 195ms systemd-vconsole-setup.service 177ms systemd-journald.service 176ms cups.service 166ms systemd-remount-fs.service 162ms systemd-sysusers.service 157ms user@1000.service 149ms fedora-loadmodules.service 124ms tmp.mount 121ms iio-sensor-proxy.service 106ms systemd-hostnamed.service 101ms udisks2.service 99ms sys-kernel-debug.mount 94ms qubes-meminfo-writer.service 92ms systemd-user-sessions.service 83ms systemd-modules-load.service 79ms rtkit-daemon.service 77ms dev-xvdc1.swap 67ms xendriverdomain.service 61ms qubes-gui-agent.service 60ms sys-fs-fuse-connections.mount 48ms systemd-random-seed.service 47ms systemd-update-utmp.service 38ms dracut-shutdown.service 36ms qubes-qrexec-agent.service 17ms systemd-update-done.service 17ms sys-kernel-config.mount 14ms systemd-update-utmp-runlevel.service Output of systemd-analyse blame in my fedora-25 DVM: 1min 41.053s qubes-update-check.service 20.913s qubes-dvm.service 17.748s ldconfig.service 8.011s dev-xvdd.device 3.482s systemd-hwdb-update.service 3.183s qubes-mount-dirs.service 3.059s systemd-udevd.service 2.431s dev-xvdb.device 2.001s qubes-sysinit.service 1.901s systemd-tmpfiles-setup-dev.service 1.683s systemd-journal-flush.service 1.448s qubes-db.service 1.170s qubes-misc-post.service 1.068s systemd-fsck-root.service 1.039s systemd-random-seed.service 880ms xendriverdomain.service 858ms systemd-logind.service 813ms fedora-readonly.service 795ms abrt-ccpp.service 668ms polkit.service 588ms abrtd.service 503ms systemd-sysctl.service
Re: [qubes-users] Proxy for packages
Hello Salmiakki, On 07/15/2017 10:45 PM, Salmiakki wrote: Has anybody managed to set up a proxy or mirror of sorts in the net-vm or firewall-vm or something similar to avoid downloading all the packages several times for updating all the templates? My connection is a bit slow and also data limited so it would be great to save those repeated downloads. Yes, I have setup a local CentOS Repository Server which is holding all packages for other VMs in this datacenter. The repository is synchronized with an upstream repository via rsync. All packages are located on a NFS share which is connected to the other VMs. Basically the same could be done in Qubes. If you are interested drop me an email and I send you the Howto I've written for CentOSm which would also work for Fedora. But this would require that the AppVMs see the repository-Server and AFAIK there shouldn't be inter-VM-trafiic. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5cddaf5-bfd3-6ca8-e5c5-a679d72d26f7%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
