Re: [qubes-users] networking in minimal-qube ??

[Andrew David Wong]

On 4/24/23 11:25 PM, haaber wrote:
> I grabbed a debian-11-minimal, updated it & installed thunderbird into
> it to have a mail-reading template.
> 
> It worked for some hours, but now it lost network access in its AppVM's.
> When I restart the same appvm with debian-11 network is back.  Do I miss
> a package ??
> 
> 
> thank you, Bernhard
> 

Minimal templates require the 'qubes-core-agent-networking' package for 
networking:

https://www.qubes-os.org/doc/templates/minimal/#distro-specific-notes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6fa98af-3bf6-d004-f3e5-58f6074d7dd2%40qubes-os.org.

[qubes-users] networking in minimal-qube ??

[haaber]

I grabbed a debian-11-minimal, updated it & installed thunderbird into
it to have a mail-reading template.

It worked for some hours, but now it lost network access in its AppVM's.
When I restart the same appvm with debian-11 network is back.  Do I miss
a package ??


thank you, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee583d5e-c3f7-7c54-4f44-40e0252cdd37%40web.de.

Re: [qubes-users] Networking issue after upgrading to Fedora-33

[unman]

On Mon, Sep 27, 2021 at 06:36:16AM -0700, mgla...@gmail.com wrote:
> 
> Yes, there are custom firewall rules, but the firewall is set to  "Allow 
> all outgoing internet connections". Which should ignore all the rules?
> 

AFAIK, if you set custom firewall rules, they override the GUI firewall
setting.
Inspect the rules applying on sys-firewall.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YVL5gULN%2BHFpdhCt%40thirdeyesecurity.org.

Re: [qubes-users] Networking issue after upgrading to Fedora-33

[mgla...@gmail.com]

On Monday, 27 September 2021 at 13:58:47 UTC+1 unman wrote:

> On Mon, Sep 27, 2021 at 02:35:34AM -0700, mgla...@gmail.com wrote: 
> > 
> > Hi everyone, 
> > 
> > I'm looking for some help as to how to diagnose some app-VM networking 
> > issues. I have 2 vms, both based on the same template with identical 
> > config, but one can reach the internet and the other cannot. 
> > 
> > Before upgrading: 
> > 2 standalone VMs based on Fedora-30. One with a bunch of dev tools 
> > installed, one relatively untouched. I had multiple VMs based on these 
> two 
> > templates. I also updated my sys-net and sys-firewall to Fedora-33 at 
> the 
> > same time. 
> > 
> > Upgrade: 
> > I upgraded to Fedora-33, and realised I could rationalise my VMs, so now 
> > every appVM is based off the same Fedora-33 template. 
> > 
> > The issue: 
> > Some of my migrated VMs are completely fine, others have no network. 
> > I _think_ it is the VMs that used to be based on my old "untouched" vm 
> that 
> > have the issue. 
> > 
> > VM1: 
> > No networking at all. 
> > 
> > VM2: 
> > Networking is completely fine, everything works as expected. 
> > 
> > Both VMs are based on the same Fedora-33 template, with the same 
> (default) 
> > sys-firewall Networking, both with the firewall configured to allow all 
> > outgoing internet connections 
> > 
> > *vm1$ ping google.com* 
> > ping: google.com: Name or service not known 
> > 
> > *vm1$ dig google.com* 
> > ; <<>> DiG 9.11.35-RedHat-9.11.35-1.fc33 <<>> google.com 
> > ;; global options: +cmd 
> > ;; connection timed out; no servers could be reached 
> > 
> > *vm1$ resolvectl dns* 
> > Global: 10.139.1.1 10.139.1.2 
> > Link 2 (eth0): 
> > 
> > 
> > *vm2$ resolvectl dns* 
> > Global: 10.139.1.1 10.139.1.2 
> > Link 2 (eth0): 
> > Link 3 (br-11bfb2cd10e9): 
> > Link 4 (docker0): 
> > Link 5 (br-cf58034d074b): 
> > Link 6 (br-f9686c41a7f5): 
> > 
> > So there's definitely something wrong, but I don't know enough about 
> > Linux/Qubes networking to work out what. 
> > 
> > Any pointers gratefully received. 
> > 
>
> There is something wrong, but there is nothing in the detail you have 
> provided that might explain it. 
> So: 
> Do you have any custom firewall rules set on vm1? (qvm-firewall vm1) 
> Can you ping the firewall from vm1, by IP address? 
> Can you access a host on the internet by IP address?(e.g https://9.9.9.9) 
> If you create a new qube from the template, does networking work as 
> expected? 
> If you change templates on vm1, does networking work? 
>

Yes, there are custom firewall rules, but the firewall is set to  "Allow 
all outgoing internet connections". Which should ignore all the rules?

Yes, I can happily ping sys-firewall's IP from both vm1 and vm2.

No, I can't access a host on the internet by IP
vm1$ curl https://9.9.9.9
curl: (7) Failed to connect to 9.9.9.9 port 443: No route to host

Yes, creating a new qube from the same template works fine - networking is 
exactly as expected.

No, changing templates on vm1 doesn't fix it (I thought it did when I tried 
a month or so ago, but I just gave up without really trying to get to the 
bottom of what's wrong. Either way, it doesn't work now)

Changing vm1's network from sys-firewall to sys-net doesn't fix it, either.

But this is interesting though. This is what I get when pinging the IP of 
sys-net (whilst networking is set to sys-firewall):
vm1$ ping 10.137.0.5
PING 10.137.0.5 (10.137.0.5) 56(84) bytes of data.
>From 10.137.0.6 icmp_seq=1 Packet filtered
>From 10.137.0.6 icmp_seq=2 Packet filtered
>From 10.137.0.6 icmp_seq=3 Packet filtered
[...]
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2077ms

(0.5 is the IP of sys-net and 0.6 is sys-firewall)

So somehow when I ping sys-net I get a response from sys-firewall. Huh!?

This is what happens on my working VM:

vm2$ ping 10.137.0.5
PING 10.137.0.5 (10.137.0.5) 56(84) bytes of data.
64 bytes from 10.137.0.5: icmp_seq=1 ttl=63 time=0.286 ms
64 bytes from 10.137.0.5: icmp_seq=2 ttl=63 time=0.529 ms
64 bytes from 10.137.0.5: icmp_seq=3 ttl=63 time=0.551 ms



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bdd741ec-f8c0-4747-b531-5f7a79a923abn%40googlegroups.com.

Re: [qubes-users] Networking issue after upgrading to Fedora-33

[unman]

On Mon, Sep 27, 2021 at 02:35:34AM -0700, mgla...@gmail.com wrote:
> 
> Hi everyone,
> 
> I'm looking for some help as to how to diagnose some app-VM networking 
> issues. I have 2 vms, both based on the same template with identical 
> config, but one can reach the internet and the other cannot.
> 
> Before upgrading:
> 2 standalone VMs based on Fedora-30. One with a bunch of dev tools 
> installed, one relatively untouched. I had multiple VMs based on these two 
> templates. I also updated my sys-net and sys-firewall to Fedora-33 at the 
> same time.
> 
> Upgrade:
> I upgraded to Fedora-33, and realised I could rationalise my VMs, so now 
> every appVM is based off the same Fedora-33 template.
> 
> The issue:
> Some of my migrated VMs are completely fine, others have no network. 
> I _think_ it is the VMs that used to be based on my old "untouched" vm that 
> have the issue. 
> 
> VM1:
> No networking at all.
> 
> VM2:
> Networking is completely fine, everything works as expected.
> 
> Both VMs are based on the same Fedora-33 template, with the same (default) 
> sys-firewall Networking, both with the firewall configured to allow all 
> outgoing internet connections
> 
> *vm1$ ping google.com*
> ping: google.com: Name or service not known
> 
> *vm1$ dig google.com*
> ; <<>> DiG 9.11.35-RedHat-9.11.35-1.fc33 <<>> google.com
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> *vm1$ resolvectl dns*
> Global: 10.139.1.1 10.139.1.2
> Link 2 (eth0):
> 
> 
> *vm2$ resolvectl dns*
> Global: 10.139.1.1 10.139.1.2
> Link 2 (eth0):
> Link 3 (br-11bfb2cd10e9):
> Link 4 (docker0):
> Link 5 (br-cf58034d074b):
> Link 6 (br-f9686c41a7f5):
> 
> So there's definitely something wrong, but I don't know enough about 
> Linux/Qubes networking to work out what.
> 
> Any pointers gratefully received.
> 

There is something wrong, but there is nothing in the detail you have
provided that might explain it.
So:
Do you have any custom firewall rules set on vm1? (qvm-firewall vm1)
Can you ping the firewall from vm1, by IP address?
Can you access a host on the internet by IP address?(e.g https://9.9.9.9)
If you create a new qube from the template, does networking work as
expected?
If you change templates on vm1, does networking work?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YVHABAtgLCNk14le%40thirdeyesecurity.org.

[qubes-users] Networking issue after upgrading to Fedora-33

[mgla...@gmail.com]

Hi everyone,

I'm looking for some help as to how to diagnose some app-VM networking 
issues. I have 2 vms, both based on the same template with identical 
config, but one can reach the internet and the other cannot.

Before upgrading:
2 standalone VMs based on Fedora-30. One with a bunch of dev tools 
installed, one relatively untouched. I had multiple VMs based on these two 
templates. I also updated my sys-net and sys-firewall to Fedora-33 at the 
same time.

Upgrade:
I upgraded to Fedora-33, and realised I could rationalise my VMs, so now 
every appVM is based off the same Fedora-33 template.

The issue:
Some of my migrated VMs are completely fine, others have no network. 
I _think_ it is the VMs that used to be based on my old "untouched" vm that 
have the issue. 

VM1:
No networking at all.

VM2:
Networking is completely fine, everything works as expected.

Both VMs are based on the same Fedora-33 template, with the same (default) 
sys-firewall Networking, both with the firewall configured to allow all 
outgoing internet connections

*vm1$ ping google.com*
ping: google.com: Name or service not known

*vm1$ dig google.com*
; <<>> DiG 9.11.35-RedHat-9.11.35-1.fc33 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

*vm1$ resolvectl dns*
Global: 10.139.1.1 10.139.1.2
Link 2 (eth0):


*vm2$ resolvectl dns*
Global: 10.139.1.1 10.139.1.2
Link 2 (eth0):
Link 3 (br-11bfb2cd10e9):
Link 4 (docker0):
Link 5 (br-cf58034d074b):
Link 6 (br-f9686c41a7f5):

So there's definitely something wrong, but I don't know enough about 
Linux/Qubes networking to work out what.

Any pointers gratefully received.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94fb9c33-c37f-4181-acb6-25478e0ea46en%40googlegroups.com.

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

[Sven Semmler]

On 7/11/21 3:23 PM, 799 wrote:

Not sure if there is a big benefit using Debian over Fedora 33 but I would
like to hear if there is a benefit.


Personally I like that once I setup a Debian qube, it'll run and receive 
security updates for many years. I haven't looked up how quickly a 
Fedora qube EOLs but it 'feels' like year, maybe 18 months.


It kind of depends what you want from your setup. I've reached a point 
where I have plenty of stuff to do and don't want to deal with things 
like updates and changing interfaces any more than necessary. Don't get 
me wrong: I thoroughly enjoyed the learning curve and setting everything 
up, but now that it works I enjoy not having to think about it all the time.


/Sven

--
 public key: https://www.svensemmler.org/2A632C537D744BC7.asc
fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5abc-e046-8397-a061-de75bc976e50%40SvenSemmler.org.


OpenPGP_signature
Description: OpenPGP digital signature

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

[799]

Hello,

Steve Coleman  schrieb am Do., 1. Juli 2021

> I don't have any suggestion for the Debian issue, but what I do to limit
> the updates is clone the fedora-33-minimal to a template called
> fedora-33-net, strip out any apps not needed, and then use that for my
> networking AppVM's. With fewer apps there are far fewer updates to deal
> with.
>

Not sure if there is a big benefit using Debian over Fedora 33 but I would
like to hear if there is a benefit.
I am using my own "minimalized" Templates which are build from a
fedora-33-minimal template.
You can find more about my templates here:
https://github.com/one7two99/my-qubes/blob/master/my-qubes-templates/20%20template-sys-vms.md

The template will work for sys-net / sys-firewall / sys-usb and also for a
vpn-qube.
I don't see that updating my fedora-based template takes much longer than
my debian templates.

One7two99

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2unSCN8HAKaK_zrYXNSoS5TKaoj67PD2%3D7NHr_eCZSKPQ%40mail.gmail.com.

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

[Sven Semmler]

On 7/1/21 7:47 AM, Dominique wrote:

Search the web to see which firmware needs to be installed in debian
to support that card


If your WiFi is Intel just install the "firmware-iwlwifi"

--
 public key: https://www.svensemmler.org/2A632C537D744BC7.asc
fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/877dae06-0cd7-e9e4-ddfb-2ef9cb858ee3%40SvenSemmler.org.


OpenPGP_signature
Description: OpenPGP digital signature

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

[Dominique]

On Wednesday, June 30, 2021 at 6:55:07 PM UTC-4 stevenlc...@gmail.com wrote:

>
>
> On Wed, Jun 30, 2021, 10:55 AM 'taran1s' via qubes-users <
> qubes...@googlegroups.com> wrote:
>
>> Hi, I am trying to make work the sys-net and sys-firewall under 
>> debian-10-minimal template, instead of fedora-33, but without success. 
>> Fedora is annoying with its updates and also I would like to decrease 
>> the exposure to the complexity of fedora-33 full template wherever 
>> possible.
>>
>
> I don't have any suggestion for the Debian issue, but what I do to limit 
> the updates is clone the fedora-33-minimal to a template called 
> fedora-33-net, strip out any apps not needed, and then use that for my 
> networking AppVM's. With fewer apps there are far fewer updates to deal 
> with. 
>
>
 Hi,
I use Debian 10 for sys-net. It works great.

Here are the steps that works for me.
1 - Install the minimal template for debian 10
2 - Update the template
3 - Install the qubes-core-agent-passwordless-root package (if you want)
4 - Shutdown the template
5 - Create a clone of the template (deb-10-sys)
6 - Start deb-10-sys
7 - Install the following package: qubes-core-agent-networking 
qubes-core-agent-network-manager pciutils
8 - Shutdown deb-10-sys
9 - Change the template for sys-net to deb-10-sys (after shutting down all 
qubes) and start sys-net
10 - If everything works (wired and wireless) you are good to go if not
11 - Start xterm in sys-net
12 - Use lspci to see the info of the card that is not working
13 - Search the web to see which firmware needs to be installed in debian 
to support that card
14 - Start deb-10-sys, install the firmware and shutdown deb-10-sys
15 - Restart sys-net - everything should work

I know I have use debian for firewall and USB in the past but went back to 
Fedora for USB because of some issue (don't even remember what issue) and I 
am now trying Mirage for firewall.

Hope it helps!

D.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41e69a7f-c9d8-421a-85f6-8e53b1498834n%40googlegroups.com.

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

[Steve Coleman]

On Wed, Jun 30, 2021, 10:55 AM 'taran1s' via qubes-users <
qubes-users@googlegroups.com> wrote:

> Hi, I am trying to make work the sys-net and sys-firewall under
> debian-10-minimal template, instead of fedora-33, but without success.
> Fedora is annoying with its updates and also I would like to decrease
> the exposure to the complexity of fedora-33 full template wherever
> possible.
>

I don't have any suggestion for the Debian issue, but what I do to limit
the updates is clone the fedora-33-minimal to a template called
fedora-33-net, strip out any apps not needed, and then use that for my
networking AppVM's. With fewer apps there are far fewer updates to deal
with.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDniF2%3DUBoyKTd0WBwPJ%2BiX%2BY%3Dcni5KeSonnGjfwKkxJFKQ%40mail.gmail.com.

Re: [qubes-users] Networking with debian10-minimal instead of fedora-33

['taran1s' via qubes-users]

'taran1s' via qubes-users:
Hi, I am trying to make work the sys-net and sys-firewall under 
debian-10-minimal template, instead of fedora-33, but without success. 
Fedora is annoying with its updates and also I would like to decrease 
the exposure to the complexity of fedora-33 full template wherever 
possible.


I followed these guides regarding networking:

https://www.qubes-os.org/doc/templates/minimal/
https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md 



I installed following packages into debian-10-minimal template and based 
the sys-net and sys-firewall on it:


qubes-core-agent-networking qubes-core-agent-dom0-updates 
qubes-core-agent-network-manager qubes-core-agent-passwordless-root nano 
qubes-mgmt-salt-vm-connector qubes-core-agent-nautilus nautilus 
gnome-terminal


Once I change the sys-whonix and sys-firewall, the network icon doesnt 
show any Wi-Fi Networks, only ethernet.


Sorry, sys-net and sys-firewall, not sys-whonix of course.



Any workaround? >



--
Kind regards
taran1s

gpg: 12DDA1FE5FB39C110F3D1FD5A664B90BD3BE59B3

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32a8d14c-fd6d-947a-5760-d6df841f0d8a%40mailbox.org.

[qubes-users] Networking with debian10-minimal instead of fedora-33

['taran1s' via qubes-users]

Hi, I am trying to make work the sys-net and sys-firewall under 
debian-10-minimal template, instead of fedora-33, but without success. 
Fedora is annoying with its updates and also I would like to decrease 
the exposure to the complexity of fedora-33 full template wherever 
possible.


I followed these guides regarding networking:

https://www.qubes-os.org/doc/templates/minimal/
https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md

I installed following packages into debian-10-minimal template and based 
the sys-net and sys-firewall on it:


qubes-core-agent-networking qubes-core-agent-dom0-updates 
qubes-core-agent-network-manager qubes-core-agent-passwordless-root nano 
qubes-mgmt-salt-vm-connector qubes-core-agent-nautilus nautilus 
gnome-terminal


Once I change the sys-whonix and sys-firewall, the network icon doesnt 
show any Wi-Fi Networks, only ethernet.


Any workaround?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95355de4-b050-5ead-661b-f46bc19406ee%40mailbox.org.

Re: [qubes-users] Networking issue with sys-whonix, missing vif*

[Josef Johansson]

Hi,

As another data point:
This is happening in debian-10 as well. However not in debian-11.

On Friday, 19 March 2021 at 20:24:57 UTC+1 awokd wrote:

> Vladimir Lushnikov:
> > Hello,
> > 
> > Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
> > sys-whonix not bringing up the virtual interfaces for downstream VMs
> > correctly. I could find nothing conclusive in the bug tracker but am
> > hesitant to raise it on qubes-issue in case it only affects me.
> > 
> > The symptoms are as follows:
> > 
> > * AppVMs connected to sys-whonix do not get networking
> > * There is an incorrect nameserver specified in the AppVM
> > /etc/resolv.conf (the IP does not match the IP of sys-whonix)
> > * There are no vif* interfaces in sys-whonix, or they are down and have
> > no IP address
> > * There are errors in the logs of sys-whonix like:
>
> Was this a fresh install of R4.1? If so, an issue would probably be the 
> best course of action since it's not released yet, so might not have 
> been widely encountered. If you upgraded by some other means, try 
> uninstalling the various Whonix templates & VMs and reinstalling via the 
> Salt commands documented on the Whonix website.
>
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb5c3603-1733-4bef-ae9e-f3fef19321cdn%40googlegroups.com.

Re: [qubes-users] Networking issue with sys-whonix, missing vif*

['awokd' via qubes-users]

Vladimir Lushnikov:

Hello,

Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
sys-whonix not bringing up the virtual interfaces for downstream VMs
correctly. I could find nothing conclusive in the bug tracker but am
hesitant to raise it on qubes-issue in case it only affects me.

The symptoms are as follows:

* AppVMs connected to sys-whonix do not get networking
* There is an incorrect nameserver specified in the AppVM
/etc/resolv.conf (the IP does not match the IP of sys-whonix)
* There are no vif* interfaces in sys-whonix, or they are down and have
no IP address
* There are errors in the logs of sys-whonix like:


Was this a fresh install of R4.1? If so, an issue would probably be the 
best course of action since it's not released yet, so might not have 
been widely encountered. If you upgraded by some other means, try 
uninstalling the various Whonix templates & VMs and reinstalling via the 
Salt commands documented on the Whonix website.


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a9e487c-4918-e9ad-a466-337191d6c28a%40danwin1210.me.

[qubes-users] Networking issue with sys-whonix, missing vif*

[Vladimir Lushnikov]

Hello,

Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
sys-whonix not bringing up the virtual interfaces for downstream VMs
correctly. I could find nothing conclusive in the bug tracker but am
hesitant to raise it on qubes-issue in case it only affects me.

The symptoms are as follows:

* AppVMs connected to sys-whonix do not get networking
* There is an incorrect nameserver specified in the AppVM
/etc/resolv.conf (the IP does not match the IP of sys-whonix)
* There are no vif* interfaces in sys-whonix, or they are down and have
no IP address
* There are errors in the logs of sys-whonix like:

Mar 18 14:56:20 host root[20716]: /etc/xen/scripts/vif-route-qubes:
Writing backend/vif/17/0/hotplug-error /etc/xen/scripts/vif-route-qubes
failed; error detected. backend/vif/17/0/hotplug-status error to xenstore.
Mar 18 14:56:20 host root[20718]: /etc/xen/scripts/vif-route-qubes:
/etc/xen/scripts/vif-route-qubes failed; error detected.

Workaround is to add the routing information back in sys-whonix (the
vif* interface was there already, just not properly setup):

``
ip link set vif up
ip addr add /32 dev vif
ip route add  dev vif metric 32744
``

This will fix the routing table so the prerouting nat rules work.

I am not entirely sure how to proceed with diagnosing the issue further.
Versions are posted below.

Kind regards,
Vladimir


Version of qubes* packages in whonix-gw-15:

libqubes-rpc-filecopy2 4.1.13+deb10u1
libqubesdb 4.1.10-1+deb10u1
libvchan-xen 4.1.7-1+deb10u1
python3-qubesdb 4.1.10-1+deb10u1
qubes-core-agent 4.1.24-1+deb10u1
qubes-core-agent-dom0-updates 4.1.24-1+deb10u1
qubes-core-agent-nautilus 4.1.24-1+deb10u1
qubes-core-agent-networking 4.1.24-1+deb10u1
qubes-core-agent-passwordless-root 4.1.24-1+deb10u1
qubes-core-agent-thunar 4.1.24-1+deb10u1
qubes-core-qrexec 4.1.13-1+deb10u1
qubes-gui-agent 4.1.16-1+deb10u1
qubes-input-proxy-sender 1.0.23-1+deb10u1
qubes-kernel-vm-support 4.1.13+deb10u1
qubes-mgmt-salt-vm-connector 4.1.9-1+deb10u1
qubes-usb-proxy 1.0.29+deb10u1
qubes-utils 4.1.13+deb10u1
qubes-vm-dependencies 4.1.11-1+deb10u1
qubes-whonix 1:15.2-1
qubes-whonix-gateway 3:20.2-1
qubes-whonix-gateway-packages-recommended 1:15.2-1
qubes-whonix-shared-packages-recommended 1:15.2-1
qubesdb 4.1.10-1+deb10u1
qubesdb-vm 4.1.10-1+deb10u1

In the AppVM which is fedora-based:

python3-dnf-plugins-qubes-hooks-4.1.24-1.fc32.x86_64
python3-qubesdb-4.1.10-1.fc32.x86_64
python3-qubesimgconverter-4.1.13-1.fc32.x86_64
qubes-core-agent-4.1.24-1.fc32.x86_64
qubes-core-agent-dom0-updates-4.1.24-1.fc32.x86_64
qubes-core-agent-nautilus-4.1.24-1.fc32.x86_64
qubes-core-agent-network-manager-4.1.24-1.fc32.x86_64
qubes-core-agent-networking-4.1.24-1.fc32.x86_64
qubes-core-agent-passwordless-root-4.1.24-1.fc32.x86_64
qubes-core-agent-systemd-4.1.24-1.fc32.x86_64
qubes-core-qrexec-4.1.13-1.fc32.x86_64
qubes-core-qrexec-libs-4.1.13-1.fc32.x86_64
qubes-core-qrexec-vm-4.1.13-1.fc32.x86_64
qubes-db-4.1.10-1.fc32.x86_64
qubes-db-libs-4.1.10-1.fc32.x86_64
qubes-db-vm-4.1.10-1.fc32.x86_64
qubes-gpg-split-2.0.50-1.fc32.x86_64
qubes-gui-agent-4.1.16-1.fc32.x86_64
qubes-img-converter-1.2.9-1.fc32.x86_64
qubes-input-proxy-sender-1.0.23-1.fc32.x86_64
qubes-kernel-vm-support-4.1.13-1.fc32.x86_64
qubes-libvchan-xen-4.1.7-1.fc32.x86_64
qubes-menus-4.1.6-1.fc32.noarch
qubes-mgmt-salt-vm-connector-4.1.9-1.fc32.noarch
qubes-pdf-converter-2.1.11-1.fc32.x86_64
qubes-usb-proxy-1.0.29-1.fc32.noarch
qubes-utils-4.1.13-1.fc32.x86_64
qubes-utils-libs-4.1.13-1.fc32.x86_64
qubes-vm-dependencies-4.1.11-1.fc32.noarch
qubes-vm-recommended-4.1.11-1.fc32.noarch


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ace8b24-c18b-f106-a545-0523062906cd%40vladimir.lu.

Re: [qubes-users] Networking widget in KDE on qubes

[billollib]

Thanks for the info!  I won't worry about it, then.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4aaadd27-93db-4ca1-b1a2-2beabe33785e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking widget in KDE on qubes

[unman]

On Wed, Jan 23, 2019 at 06:21:44AM -0800, billol...@gmail.com wrote:
> I recently installed 4.0.1 on my laptop and it seems to be working great, 
> though I'm still working through some of the how-do-you-copy-files stuff and 
> some of the networking stuff.  But, it's just a different way of doing 
> things, and that can be learned.
> 
> 
> I followed the directions in the qubes docs for installing KDE, and it worked 
> great. Thanks to the folk who made *that* work so well.  I know that KDE is 
> in bad odor because of its size, etc., but I still like it. And with my shiny 
> new SSD drive, it's plenty zippy for me.  I've pretty much figured out how to 
> customize it manually.
> 
> But I'm having a problem with the networking widget.
> 
> I apparently can't upload a screenshot, but were you to see it, you'd see 
> that all my monitoring widgets (cpu, hard disk, etc) are working fine, but 
> the Network Monitor is blank -- because there's no device for it to look at.  
> I understand that the desktop runs in dom0, and dom0 doesn't have networking, 
> but (and this is my conceptual problem) that would mean that the network 
> manager must run somewhere else than dom0, right?  Where is it, and is there 
> a way to get my networking widget to talk to wherever that is?
> 
> Thanks,
> 
> billo
> 

I'm afraid it is one of the last issues bedevilling KDE in dom0 - the
icon is "there" but does not appear. 
As you say, dom0 does not have networking, but sys-net does. That is
where the NetworkManager applet runs, and the output should be passed to
dom0 for display. (Currently dom0 controls all the gui.) In Xfce this
works fine but in KDE the mechanism is broker currently.
The icon is there, and you can discover it by mousing over it, and
interact with it as expected. Once you understand this the absence
proves less of a problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123150145.vfwfcnqlpyidl7la%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking widget in KDE on qubes

[billollib]

I recently installed 4.0.1 on my laptop and it seems to be working great, 
though I'm still working through some of the how-do-you-copy-files stuff and 
some of the networking stuff.  But, it's just a different way of doing things, 
and that can be learned.


I followed the directions in the qubes docs for installing KDE, and it worked 
great. Thanks to the folk who made *that* work so well.  I know that KDE is in 
bad odor because of its size, etc., but I still like it. And with my shiny new 
SSD drive, it's plenty zippy for me.  I've pretty much figured out how to 
customize it manually.

But I'm having a problem with the networking widget.

I apparently can't upload a screenshot, but were you to see it, you'd see that 
all my monitoring widgets (cpu, hard disk, etc) are working fine, but the 
Network Monitor is blank -- because there's no device for it to look at.  I 
understand that the desktop runs in dom0, and dom0 doesn't have networking, but 
(and this is my conceptual problem) that would mean that the network manager 
must run somewhere else than dom0, right?  Where is it, and is there a way to 
get my networking widget to talk to wherever that is?

Thanks,

billo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4705b3f9-56b8-4860-ba4e-b441d9573264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[unman]

On Thu, Oct 11, 2018 at 06:02:55PM -0700, jmarkdavi...@gmail.com wrote:
> I guess to further clarify what I want to try to do is have sys net be 
> connected to the interface that is connected to my modem(to the ISP/world). 
> 
> I would like another vm to control all(or some) other 
> physical interfaces on my machine (access points/etc..).
> 
> I would like a qubeVM from within the machine running qubes to be able to 
> connect via those physical interfaces as if they were also attached to the 
> physical interface.
> 
> Ideally so that the qubes OS is segregating physical NICs along with 
> applications.
> 
> So lets say FreeNAS is running inside qubes. And someone near my access point 
> wants to use freeNAS via wifi, they would log in via ssh or whatever over the 
> access point.
> 
> But if that same someone is somewhere else they can ssh or whatever to 
> freeNAS via the internet and the wan NIC that sys-net controls.
> 

That makes it much clearer to me. Thanks.

There are a number of different ways to approach this, but the one that
seems easiest would be something like this:

sys-net -- sys-fw -- freeNAS
  |   -- qube1
  |   -- wifi -- qube2

wifi is set up to "provide network" - ie it's a NetVM, and acts as
access point via attached wifi.

Setting up access via sys-net to freeNAS is straightforward, and already
documented, as you know. I suggest you get that working first.

Provisioning the wifi qube should be straightforward. 
You will need to set up the wifi access point, and then configure port
forwarding to freeNAS. sys-fw should be the default route set on wifi
qube. Depending on whether you want downstream clients (like qube2) you
may want to change this.
You will need to set fw rules to allow traffic between these vif
interfaces.
You will need to adjust routes to ensure that traffic arriving at
freeNAS via wifi does not get sent out via sys-net. The simplest way to
achieve this will be to use source NAT on wifi, or Masquerade, depending
on your configuration.

Note that qube2 can connect EITHER to freeNAS port OR to external IP of
sys-net. If you don't want this, either have no qubes connected
downstream of wifi, or adjust fw on wifi to block traffic from all vif
interfaces to eth0.

If you need help with the details, just ask.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181015125948.5rcerl6hw7s3usbm%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[jmarkdavis86]

I guess to further clarify what I want to try to do is have sys net be 
connected to the interface that is connected to my modem(to the ISP/world). 

I would like another vm to control all(or some) other 
physical interfaces on my machine (access points/etc..).

I would like a qubeVM from within the machine running qubes to be able to 
connect via those physical interfaces as if they were also attached to the 
physical interface.

Ideally so that the qubes OS is segregating physical NICs along with 
applications.

So lets say FreeNAS is running inside qubes. And someone near my access point 
wants to use freeNAS via wifi, they would log in via ssh or whatever over the 
access point.

But if that same someone is somewhere else they can ssh or whatever to freeNAS 
via the internet and the wan NIC that sys-net controls.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc2687fb-1cdd-422e-9ce8-583b8d3f9922%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[jmarkdavis86]

Its a fresh install of 4.0 and im using default sys vms.

Id rather not have all these vms as the overhead is pointless.

I also did not realize there was a switch, ill read up on nft.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa5a2ed0-37e1-4ac9-bd72-94bedfe579b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[unman]

On Tue, Oct 09, 2018 at 05:43:56AM -0700, jmarkdavi...@gmail.com wrote:
> I am still having difficulty getting these vms to be reachable with each 
> other. Basically what I want to do is have a home security/automation vm, and 
> a freenas vm, communicate with the outside world and with the vm that 
> controls my access points/physical switches.
> 
> Currently I have the usual sys-net/sys-firewall. Each service vm(access 
> points, freenas, etc.) Has its own firewall vm. Those fireall service vms are 
> all connected to sys-firewall.
> 
> I followed the instructions in the qubes-firewall docs setting up forwarding 
> between the service firewalls to travel through sys-firewall. And each 
> service firewall vm(and their associated service vm), can ping every firewall 
> vm in the system. But the actual service vms themselves cannot ping each 
> other.
> 
> So for example: freenas vm > freenas vm firewall > sys firewall > home 
> security firewall vm.
> All will allow ping, but i cant get freenas to talk to home security vm, as i 
> intend on using the nas storage to store the camera footage.
> 
> Similarly the home security vm can do the same amount of pings, but fails to 
> talk to freenas.
> 
> I suspect NAT is the issue but lack the knowledge base to enable this to work.
> 
> I am not particularly dead set on using all these firewall vms either but 
> this is the config thats gotten me the furthest so far. 
> 

I'm not sure what pourpose you had in mind when putting in those extra
firewalls. Undoubtedly they will complicate matters further. Are you
intent on keeping them?

What template are you using for sys-firewall? The instructions should
be updated to cover nft which is now the default in Fedora templates,
rather than iptables.
Which template are you using for sys-net?




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181010130059.kc7gqshrudxana7p%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[jmarkdavis86]

I am still having difficulty getting these vms to be reachable with each other. 
Basically what I want to do is have a home security/automation vm, and a 
freenas vm, communicate with the outside world and with the vm that controls my 
access points/physical switches.

Currently I have the usual sys-net/sys-firewall. Each service vm(access points, 
freenas, etc.) Has its own firewall vm. Those fireall service vms are all 
connected to sys-firewall.

I followed the instructions in the qubes-firewall docs setting up forwarding 
between the service firewalls to travel through sys-firewall. And each service 
firewall vm(and their associated service vm), can ping every firewall vm in the 
system. But the actual service vms themselves cannot ping each other.

So for example: freenas vm > freenas vm firewall > sys firewall > home security 
firewall vm.
All will allow ping, but i cant get freenas to talk to home security vm, as i 
intend on using the nas storage to store the camera footage.

Similarly the home security vm can do the same amount of pings, but fails to 
talk to freenas.

I suspect NAT is the issue but lack the knowledge base to enable this to work.

I am not particularly dead set on using all these firewall vms either but this 
is the config thats gotten me the furthest so far. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78a21e71-1e3a-44ef-8afd-593987b20b01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[unman]

On Wed, Oct 03, 2018 at 10:47:20AM -0700, jmarkdavi...@gmail.com wrote:
> I literally just read that and going to post an apology for repeating a 
> question
> 

No problem.
If you need some further pointers shout out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181004142031.7v4xwjagkcydgron%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between qubes and HVMs

[unman]

On Wed, Oct 03, 2018 at 08:10:10AM -0700, jmarkdavi...@gmail.com wrote:
> I want to allow a debian qube to use a BSD qube as its network and to allow 
> traffic between them. The BSD sees the vif created for the debian when I do 
> this, but no traffic passes between them. In the firewall settings for debian 
> qube I get a warning that its not attached to a firewall vm so no traffic is 
> allowed.
> Is there a way to override this? I saw in qubes docs there is a way to do 
> this for template based qube vms, but what about for an HVM and a qube?
> 

There was a recent post on exactly this issue.
I do this with an openBSD HVM as netvm.
My solution is to attach both HVM and qubes to a (non-networked) fw.

https://groups.google.com/forum/#!topic/qubes-users/iQm9-rrCDIY

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181003154256.bbz3kuker5xjkq7f%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking between qubes and HVMs

[jmarkdavis86]

I want to allow a debian qube to use a BSD qube as its network and to allow 
traffic between them. The BSD sees the vif created for the debian when I do 
this, but no traffic passes between them. In the firewall settings for debian 
qube I get a warning that its not attached to a firewall vm so no traffic is 
allowed.
Is there a way to override this? I saw in qubes docs there is a way to do this 
for template based qube vms, but what about for an HVM and a qube?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e47d152-a963-4bec-ab42-cfa9e8379189%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/15/2018 08:01 PM, 'Evastar' via qubes-users wrote:


And 2th question:

Do you know how to restore all connections after proxyvm reboot. Yes, it's not 
possible to reboot it from qubes manager, but I can reboot it with terminal. 
Then, maybe, some simple steps exists to reconnect all AppVMs? This would help 
me a lot. It's my simpler to reboot only proxyVM vs all vms.


The way I'm familiar with involves re-setting the netvm of each 
downstream VM after the proxyVM has rebooted.


One way you could achieve this is with my 'findpref' script in dom0:
https://github.com/tasket/Qubes-scripts

$ findpref -p netvm sys-vpn sys-vpn


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83fd76cc-1714-3b7f-3b7b-62f06116e909%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/15/2018 07:51 PM, 'Evastar' via qubes-users wrote:




If the vif interfaces are going down, that suggests a bug either in


Today it happens again and now I open terminal at ethervpn and write "route". 
It freeze, not totally freeze, but it print line by line output of this command and every 
line took ~10 seconds to print. Maybe it's because I use imported ethervpn from 3.2. 
backup? Something happens :(


Try adding '-n' option to route so it won't try to look up names for 
each IP address.





tun and tap interfaces look similar in the sense that they're all


I don't know how to check this.


This can only be checked in the ethervpn code. You may wish to report 
the behavior to the ethervpn people.




And other question. You are advanced user and you must know.

I'm trying to use this script to get correct gatewayIP to setup routes.

IP="$(ip addr | grep 'vpn_vpn' -A0 | tail -n1 | awk '{print $2}' | cut -f1 
-d'/')"

(vpn_vpn is "dhclient vpn_vpn" )

"ip addr" print output: 192.168.30.10/24, this command give me 192.168.30.10, 
but I need to find somehow and add to variable 192.168.30.1 then I want to use it with 
this command:
ip route add default via $IP

So sure, I don't know why it's report .10/24 and not .1/24

Maybe you know where/how to get correct IP? My regular setup works with 
hard-coded 192.168.30.1, but I want to parse it on the fly.


Normally I would use 'hostname -I' to find the VM's IP address.



Thanks





--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e0ad9e2-eecd-2141-2594-8014ba53a03b%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

And 2th question: 

Do you know how to restore all connections after proxyvm reboot. Yes, it's not 
possible to reboot it from qubes manager, but I can reboot it with terminal. 
Then, maybe, some simple steps exists to reconnect all AppVMs? This would help 
me a lot. It's my simpler to reboot only proxyVM vs all vms.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/QFQDJEd0CvCSlo2cOa4AVTQ6Xf_rWDM1wCppqiwr6DEjDhVLWt6UUvePvnXmqJ_Kd4qPtt0NtAUMjW41K4Yxgz8WG9LIWQvGvUTxHgsokLg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

> If the vif interfaces are going down, that suggests a bug either in

Today it happens again and now I open terminal at ethervpn and write "route". 
It freeze, not totally freeze, but it print line by line output of this command 
and every line took ~10 seconds to print. Maybe it's because I use imported 
ethervpn from 3.2. backup? Something happens :(

> tun and tap interfaces look similar in the sense that they're all

I don't know how to check this. 

And other question. You are advanced user and you must know.

I'm trying to use this script to get correct gatewayIP to setup routes.

IP="$(ip addr | grep 'vpn_vpn' -A0 | tail -n1 | awk '{print $2}' | cut -f1 
-d'/')"

(vpn_vpn is "dhclient vpn_vpn" ) 

"ip addr" print output: 192.168.30.10/24, this command give me 192.168.30.10, 
but I need to find somehow and add to variable 192.168.30.1 then I want to use 
it with this command: 
ip route add default via $IP

So sure, I don't know why it's report .10/24 and not .1/24 

Maybe you know where/how to get correct IP? My regular setup works with 
hard-coded 192.168.30.1, but I want to parse it on the fly. 

Thanks


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/HTlVwRs8u9P0GHcgtUIv-oNlwY66jKSRP-vTI1Ssb8ucHEfeGXToihmXJzEHh-7gP7YqZEAFVYPje0msKhlSZGgYsnwPcEor_xrhAkMsMao%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/15/2018 03:37 AM, 'Evastar' via qubes-users wrote:




Posting back to qubes-users...


Sorry for direct message. Now, I use web-based mail it set direct answer by 
default :(

A little more information. When it goes to "no network state" then I seeing at my ethervpn with "ip 
route list" (as I remember) that all vif+ interfaces show as "down". It is the problem. I do not know 
how to reconnect them and remove "down" mark.



Finally, if you find the solution involves restarting the ethervpn
client, you may want to run it with 'systemd-run --unit' to give you
better control over the process. You could even try running it with
qubes-tunnel using a drop-in file for the service (see 00_example.conf
and manpages for systemd.unit "overriding vendor settings").



Thanks. I will check this manpages. Maybe this will help.


If the vif interfaces are going down, that suggests a bug either in 
Qubes or in ethervpn. Since other Qubes users don't seem to be reporting 
this symptom, I'd guess that ethervpn is mistakenly including the vif 
interfaces with tun/tap whenever a link goes down or restarts. (The vif, 
tun and tap interfaces look similar in the sense that they're all 
virtual.) Its probably worth reporting this behavior on the ethervpn 
forum/list.


You might also try writing a small script to bring the vif interfaces up.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4c6d117-e112-f398-30c7-f58bb79b5f40%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

> Posting back to qubes-users...

Sorry for direct message. Now, I use web-based mail it set direct answer by 
default :(

A little more information. When it goes to "no network state" then I seeing at 
my ethervpn with "ip route list" (as I remember) that all vif+ interfaces show 
as "down". It is the problem. I do not know how to reconnect them and remove 
"down" mark.

> 
> Finally, if you find the solution involves restarting the ethervpn
> client, you may want to run it with 'systemd-run --unit' to give you
> better control over the process. You could even try running it with
> qubes-tunnel using a drop-in file for the service (see 00_example.conf
> and manpages for systemd.unit "overriding vendor settings").
> 

Thanks. I will check this manpages. Maybe this will help.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YCUzduQV9CXfO6j2sPXWBSOHVVmckwlknosrl9qpADcFFmW3CPXw99y3VmZVitGI-CPZtBzJLWEoubizQLBZs4Bol9R9yPAlZ9hhPILm9GQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/14/2018 06:23 PM, Evastar wrote:

Its important to know how you set up the VPN VM. If you used the Qubes

doc, that config can have problems recovering from a disconnected link.
If you used a recent version of Qubes-vpn-support or qubes-tunnel,
restarting the service is simple:
sudo systemctl restart qubes-vpn-handler
or
sudo systemctl restart qubes-tunnel


Thanks for your quick answer. I use my own vpn setup based not on openvpn, but 
ethervpn. This qube come from 3.2. I use the same old code. I wrote it based on 
old openvpn code. This code add routes on startup, then iptables fules for DNS 
some other rules to prevent traffic leak. The same as UP handler from qubes-doc 
do.

There are no "recovering setup". How to add this?

Need to delete rules added by this then execute this again? Is it recovery?
   iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT --to $addr
   iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 53 -j DNAT --to $addr

I re-checked qubes vpn doc. It's almost the same, but no up/down handler. I 
setup rules at rc.local. At 3.2. I do not have this problem. When my VPN loss 
connection then it always work after my VPN client reconnected.



Posting back to qubes-users...

Probably there is someone who is familiar with ethervpn who can better 
help you.


My advice is to monitor the ethervpn log for warnings/errors when the 
blockage occurs. Then perhaps a simpler solution will become clear.


If you are using the same firewall rules as the Qubes doc, try 
commenting-out the parts for 'OUTPUT'.


As for the DNAT rules, delete & re-add should only be necessary if the 
DNS server changes. Also, when blockage occurs you can try pinging a 
known IP address (not domain name) from an appVM; if it doesn't work 
then DNAT is probably not the issue.


Finally, if you find the solution involves restarting the ethervpn 
client, you may want to run it with 'systemd-run --unit' to give you 
better control over the process. You could even try running it with 
qubes-tunnel using a drop-in file for the service (see 00_example.conf 
and manpages for systemd.unit "overriding vendor settings").



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f512bce3-685b-c21a-12d4-ba7fff4a0636%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/14/2018 05:23 PM, 'Evastar' via qubes-users wrote:

Hello,

I still have issues with my proxy/vpn-vms. Something happens, maybe my 
vpn lose connection or not (I don't know). I only know that at some 
point from timee to time all my AppVms lose network and it's not 
possible to restore networking without restarting VPN-VM and all 
connected VMs. Any solutions? How to simplify this process?



It's very uncomfortable every time to restart all AppVMs.

And I wrote that I don't know VPN loses connection or not. When I open 
VPN-proxy-vm terminal I see that it's CONNECTED to VM, but maybe it's 
after reconnection. But after that I don't know how to force all 
AppVMs(connected to this proxy) to restore network!


Thank you!


Its important to know how you set up the VPN VM. If you used the Qubes 
doc, that config can have problems recovering from a disconnected link.


If you used a recent version of Qubes-vpn-support or qubes-tunnel, 
restarting the service is simple:


sudo systemctl restart qubes-vpn-handler

or

sudo systemctl restart qubes-tunnel

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a392cf03-d456-ec6d-482f-2102c50f0d8e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

Hello,

I still have issues with my proxy/vpn-vms. Something happens, maybe my vpn lose 
connection or not (I don't know). I only know that at some point from timee to 
time all my AppVms lose network and it's not possible to restore networking 
without restarting VPN-VM and all connected VMs. Any solutions? How to simplify 
this process?

It's very uncomfortable every time to restart all AppVMs.

And I wrote that I don't know VPN loses connection or not. When I open 
VPN-proxy-vm terminal I see that it's CONNECTED to VM, but maybe it's after 
reconnection. But after that I don't know how to force all AppVMs(connected to 
this proxy) to restore network!

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9Od7zxaQDMzzT5YYQqM51NfZ4HcJHDUspYQbahb6j5IeJxdubMvhCG1ejNcvfuQVQxJILxtCeFJoVUymwCFNe8aph0ewFzAu6F_rT6kmxrk%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking doesn't work in Qubes 4.0-rc5

[nicholas roveda]

I've been using R4-rc2 for some months and I've just installed the R4-rc5 
version, but it's giving me hard times.

During the installation it complains about Vt-d and Interrupt Remapping 
feautures missing and sys-usb didn't work at the beginning, but after I 
switched to PV mode it works fine, I can connect to my WiFi and sys-net can 
reach the internet.

The point is any other qube, sys-firewall included, can't reach the internet.
- I've tried to analyze the traffic with wireshark and it seems that the DNS 
requests reach sys-net, but no answer is received, while in sys-net everything 
seems fine (`dig` works).
- I've tried to ping sys-firewall and send some packets from sys-net with the 
Python socket and the packets reach sys-firewall but the `recv()` function 
stucks in a death loop as nothing is received, so I think somewhere the packets 
are dropped.
- I've tried to clear all iptables chains, but nothing changed.

Everything worked in rc1, rc2 and I think also rc3 (I can't remember the last 
update - current-testing repo), so I really can't figure out what I'm missing.
Some major changes concerning networking were introduced in rc5?

Anyone is experiencing the same problem?
Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd89ecb3-6762-4a68-88bf-97f3f864b0d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking unavailable on Dell XPS 9350, QubesOS 4

[jayarjo]

I decided to try Qubes OS 4 on my XPS 9350 laptop, from USB drive. Mostly it 
went ok (had to manually specify EFI file in BIOS to make it load), but 
networking is completely unavailable. I think the reason might be that laptop 
itself doesn't have ethernet adapter - it connect via a dock station (which 
has). I believe something has to be fixed somewhere to enable it? The dock 
station itself seems to be recognized somehow, since I have double external 
monitors connected to it and QubesOS properly spread over all three (one  of 
the laptop and two external).

I see networking icon in the system tray. But it is red with a cross in the 
lower right corner and when I click on it it says Ethernet Network "device not 
managed". What does it mean?

Laptop also has wireless Broadcom Limited BCM4350 [14e4:43a3] network 
controller, however from dmesg I see that:

brcmfmac: brcmf_chip_recognition: SB chip is not supported
brcmfmac: brcmf_pcie_probe: failed 14e4:43a3

...so it probably is not supported.

Is there anything I can do in either direction to obtain networking in my Qubes 
OS 4 on this platform?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c869701-b357-4293-85fa-e4f3b40f2387%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking not available on XPS 9350, QubesOS 4

[jayarjo]

I decided to try Qubes OS 4 on my XPS 9350 laptop, from USB drive. Mostly it 
went ok (had to manually specify EFI file in BIOS to make it load), but 
networking is completely unavailable. I think the reason might be that laptop 
itself doesn't have ethernet adapter - it connect via a dock station (which 
has). I believe something has to be fixed somewhere to enable it?

I see networking icon in the system tray. But it is red with a cross in the 
lower right corner and when I click on it it says Ethernet Network "device not 
managed". What does it mean?

Laptop has Broadcom Limited BCM4350 network controller [14e4:43a3] network 
controller, however from dmesg I see:

brcmfmac: brcmf_chip_recognition: SB chip is not supported
brcmfmac: brcmf_pcie_probe: failed 14e4:43a3

so it probably is not supported.

Is there anything I can do in either direction to obtain networking in my Qubes 
OS 4 on this platform?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c13595b7-052b-408c-82e4-346a0c4a02f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking problems installing Qubes 3.2 on Intel NUC7i3BNH

[neword via qubes-users]

Hi,

I have been frustrated trying to get Qubes fully up and running on the Intel 
NUC7i3BNH. Strangely, I could not get the install working in Legacy mode. In 
EFI mode, the installation went through, but Qubes would not boot until I 
copied the EFI boot files over using the instructions for UEFI troubleshooting 
(under "Boot device not recognised after installing").

(1) I still get an error on boot that says EFI_MEMMAP is not enabled and an 
error that goes by very quickly that says:

[FAILED] Failed to start Load Kernel Modules

Do I need to worry about this? How can I fix this?

(2) However, the system does indeed boot, and I am prompted to enter my LUKS pw 
and user pw. But, Ethernet is not functioning. I have tried the suggestions 
mentioned already:
  in sys-net, 
 (a) linux-firmware-20160609-66.gita44bc811.fc23.noarch is installed.
 (b) lspci shows that Intel I219-V rev 21 is there
 (c) ifconfig does not show ethX in sys-net

I have tried to manually load e1000e / e1000 using modprobe. but no luck.

Any pointers please in how to get networking working? Really frustrated as a 
new Qubes user was really looking forward to this fantastic OS!.

TIA!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad36bf75-c27c-4873-9289-c53a7855f36c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking two VM

['Milleniumboard' via qubes-users]

Hi
I'm a new qubes user, maybe the question could be trivial. Wanting to connect 
two appVM through secure shell enabling networking between two qubes is 
sufficient?
Qubes prohibited networking traffic between VM but using this connection type 
can be safe enough?

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/t_F4ZUW2uB_34hwSX_tFzTeSc88pkTDCTeH4PZZvo4I1ZTWNfDvOikQ5dy3Y4bBbUuRnW-A_DGh0m4d9pZecN2QWQHSSaA1OQQnagDT0MtI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking & firewall

[Unman]

On Sat, Dec 17, 2016 at 11:01:59AM +0100, Marc de Bruin wrote:
> Hi Jos,
> 
> > 
> > Can anyone point out some more reading material? If any?
> > 
> > Cheers!
> > Jos
> > 
> 
> I would like to know this as well! 
> 
> Anybody that would like to join and share? 
> 
> Thnx,
> 
> Greetz,
> Marc.
> 
> -- 

There isn't any additional reading material other than the pages Jos has
referenced, and list archives
But it is (relatively) straightforward,

- how much NATting is going on?

It's all NAT.
Look at the basic iptables rules in a netvm and you will see that all
downstream traffic is subject to NAT by MASQUERADE in the postrouting
table.

iptables -L -nv -t nat:
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
0 0 ACCEPT all  --  *  vif+0.0.0.0/0 0.0.0.0/0   
0 0 ACCEPT all  --  *  lo  0.0.0.0/0 0.0.0.0/0   
7   424 MASQUERADE  all  --  *  *   0.0.0.0/0 0.0.0.0/0 


- what role does proxy arp play? Is it still used in 3.2?
Yes, proxy arp has been re-enabled in 3.2. It isn't essential in most
use cases. 


To get to Jos's question re the chromecast:
There are two elements to this: getting the qube to see the chromecast
and allowing return traffic inbound.

You need to allow UDP traffic on high ports from the qube
You need to allow TCP outbound to (I think) 8008:8009
You need to allow UDP outbound to port 1900 on multicast
You need to allow  UDP traffic on high ports from the Chromecast to the
qube, so you will need to follow the guide on routing inbound traffic to
a qube.

There's no problem in using tcpdump and iptables on the firewall to see
what's going on. I tend to dump the traffic and then parse it on a
separate qube.
Judicious use of logging in iptables will help you see what's going on,
but there's enough here to get started I hope.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161217143853.GA32286%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking & firewall

[Marc de Bruin]

Hi Jos,

> 
> Can anyone point out some more reading material? If any?
> 
> Cheers!
> Jos
> 

I would like to know this as well! 

Anybody that would like to join and share? 

Thnx,

Greetz,
Marc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/E64DF7C6-F41B-4A69-AA21-12E244B3BE77%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking & firewall

[Jos Bredek]

Hello there,

i'm relatively new to the qubes environment. So far, i'm really excited. I just 
love the concept!

Anyhow, today i stubmled into a problem; using my chromecast from one of my 
vm's within in qubes.

As a network-technician, my first thought.. this cant be hard. Boy, was i 
wrong. After quite some reading, i'm still puzzled. I've noticed that the 
netwerking & firewall document has the status TODO. Maybe something i can lend 
a little help with?

I've read the following posts:
https://groups.google.com/forum/#!searchin/qubes-users/inter-vm|sort:relevance/qubes-users/lA2SgPcV9fU/U969uapYAAAJ
https://www.qubes-os.org/doc/firewall/
http://theinvisiblethings.blogspot.nl/2011/09/playing-with-qubes-networking-for-fun.html
 (is this still valid?).

I get the general concept. 
- appVM's are connected to sys-firewall
- Sysfirewall is attached to sys-net
- no bridging involved, all routing.

But then:
- why are there subnets involved of 255.255.255.255?
- how much NATting is going on?
- what role does proxy arp play? Is it still used in 3.2?

Of course i can use wireshark and tcp dump to sort things out... but just maybe 
there is a good pointer to some other documentation? 

Can anyone point out some more reading material? If any?

Cheers!
Jos

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e6e45a2-ec60-4d74-8af6-cfec00d86084%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between two vms?

[Manuel Amador (Rudd-O)]

On 04/08/2016 02:17 PM, edev.u...@gmail.com wrote:
> On Sunday, February 1, 2015 at 11:45:05 PM UTC-5, Marek Marczykowski-Górecki 
> wrote:
>
>> By default firewallvm blocks all the inter-vm traffic. But you can add a
>> rule to allow that. Take a look here:
>> https://wiki.qubes-os.org/wiki/QubesFirewall#EnablingnetworkingbetweentwoAppVMs
> The above guide requires both VMs to be connected to the same firewall vm.
>
> I have a case when one vm is a proxyvm connected to a separate NIC via a 
> dedicated netvm and I want to connect the proxyvm to the default sys-firewall 
> vm. How can I enable networking between these two vms?
>

To enable transparent networking between VMs, you can also use:

https://github.com/Rudd-O/qubes-network-server

Just give your two VMs different IP addresses and they will work.  Of
course, the firewall rules still need to be set, if the VMs are attached
to a ProxyVM.

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/385f673c-f103-07e8-af90-3d70428d3645%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking issue with bittorrent client Q3.2

[Manuel Amador (Rudd-O)]

On 10/13/2016 09:56 PM, Desobediente wrote:
> Assuming that Manuel described your case, you would have to set a
> static port, not random, and forward the port in the firewall VM and
> also in every device in the middle of the way (routers, etc.)

That is right.  You want to set a static port on your BT client, even if
you use Qubes network server to give it a static IP.  In that case you
do not have to set a forwarding in any VM, but you may have to use a
wireless router that supports UPNP (for which you need to at the
corresponding firewall rules to the VM that allow UPNP request packets),
and you need to add an allow firewall rule for the port you opened (I
think it's both TCP and UDP these days).

>  
> -- 
> iuri.neocities.org 
> -- 
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users+unsubscr...@googlegroups.com
> .
> To post to this group, send email to qubes-users@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/CAF0bz4S4DdASCr6Z5kFTDkBOZuscEU0Jy%3DwDLQ1Atrv0EGwPOw%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.


-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9d18f29-8852-9a6f-4fb0-908463162bd9%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking issue with bittorrent client Q3.2

[Desobediente]

Assuming that Manuel described your case, you would have to set a static
port, not random, and forward the port in the firewall VM and also in every
device in the middle of the way (routers, etc.)

-- 
iuri.neocities.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF0bz4S4DdASCr6Z5kFTDkBOZuscEU0Jy%3DwDLQ1Atrv0EGwPOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking issue with bittorrent client Q3.2

[Manuel Amador (Rudd-O)]

On 10/11/2016 11:18 PM, yorp wrote:
> For some reason using a bittorrent client in an AppVM will not connect to 
> internet. 

It's usually the case that they listen to ports locally and expect
remote ends to connect to those ports, which they open using UPNP.  UPNP
firewall port opening is not supported in Qubes.

Try setting a static_ip on your AppVM after deploying Qubes network
server https://github.com/Rudd-O/qubes-network-server — of course, you
still need to allow inbound traffic to the VM using the standard
firewall rules.

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1cd2b199-87f6-f84e-87fe-0bcbf27a8c66%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between Linux and Windows VMs

[3n7r0py1]

On Monday, September 5, 2016 at 10:23:42 PM UTC, Daniel Wilcox wrote:
> Hi Micah, you're taking the opposite the usual strategy I do on my extra 
> firewall vms -- by adding a rule rather than removing one.  Could you try on 
> the appropriate firewall vm:
> 
> iptables -D FORWARD 3  # where rule 3 should be the rule to drop all packets 
> between the vif interfaces
> 

Before opening up your firewallVM, please narrow down the issue to either the 
firewallVM or dev_win10 by completely disabling Windows Firewall. It's 
questionable whether you're gaining any protection from Windows Firewall anyway 
(wrt Qubes philosophy).

Go to Control Panel > Windows Firewall > Turn Windows Firewall on or off:

First, confirm that `Block all incoming connections` is unchecked! As a 
paranoid user, you might have set this and then forgotten.

Then, `Turn off Windows Firewall` for *both* profiles. No reboot. Initiate RDP 
session from dev.


> This should be equivalent to what you're doing but might be worth a check.  
> Also I'm sure you've noticed whenever the firewall vm has a change to its 
> rules, it'll reload and we have to re-execute this (anyone have ideas for 
> that btw?).

https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4
(see "qubes-firewall-user-script")

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d0c4c13-3460-4fdc-b206-bd754d5cafb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between Linux and Windows VMs

[Micah Lee]

On 09/05/2016 02:44 PM, Connor Page wrote:
> they should be connected to the same firewallvm, not netvm. iptables in 
> netvms are set up differently.

They are connected to the same firewallvm. And I've successfully gotten
networking working between two Linux VMs using this firewallvm. It's
just not working with one of the VMs being a Windows HVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5eddbdaf-ca4e-cf63-b739-1229acc0f052%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking between Linux and Windows VMs

[Connor Page]

they should be connected to the same firewallvm, not netvm. iptables in netvms 
are set up differently.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3955b649-e8b3-495d-8a4c-7315f3c2909f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking between Linux and Windows VMs

[Micah Lee]

I've installed Windows 10 in an HVM (called dev-win10), and I'd like to
be able to connect to its RDP service from a Linux VM (called dev).

The documentation [1] says both VMs need the same netvm, and in that
netvm I need to enable an iptables rule to let dev communicate with
dev-win10:

iptables -I FORWARD 2 -s $DEV -d $DEV_WIN10 -j ACCEPT

Then in the VM that will hosting the service, dev-win10 in this case, I
need to allow incoming connections from the source IP:

iptables -I INPUT -s $DEV -j ACCEPT

This seems to work fine if the VM hosting the service is Linux. Since
it's Windows I obviously just need to allow access using the Windows
Firewall instead of with iptables.

It sure seems like I'm allowing all inbound connections to the Remote
Desktop service in the Windows Firewall [2], however when I try
connecting to it from dev it times out.

I've also tried running a simple http server using python3:

python3 -m http.server

And I allowed python.exe through the Windows firewall, but I can't
connect to that service either. When I try the same experiment in a
Linux VM, I can connect to it fine from dev.

Any idea what I'm missing?

[1] https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4
[2] https://i.imgur.com/PyrKLAm.png

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1615c334-65bc-5cd3-348a-c935e4392abf%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] networking issues

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Aug 17, 2016 at 02:35:20PM -0700, randallrba...@gmail.com wrote:
> i have a bcm 4360 wireless card  on my motherboard and I cant seam to get the 
> drivers installed. I was told to install this to net vm  [CODE]wget 
> http://git.io/vuLC7 -v -O fedora23_broadcom_wl_install.sh && sh 
> ./fedora23_broadcom_wl_install.sh;[/CODE]  but I ended up getting this mess
> 
> [CODE][user@sys-net ~]$ wget http://git.io/vuLC7 -v -O 
> fedora23_broadcom_wl_install.sh && sh ./fedora23_broadcom_wl_install.sh;

(...)

> Package gcc-5.3.1-6.fc23.x86_64 is already installed, skipping.
> Package kernel-devel-1000:4.1.24-10.pvops.qubes.x86_64 is already installed, 
> skipping.

Here you have kernel-devel for 4.1.24, but ...

(...)

> KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` clean
> make[1]: *** /lib/modules/4.1.13-9.pvops.qubes.x86_64/build: No such file or 
> directory.  Stop.
> Makefile:165: recipe for target 'clean' failed
> make: *** [clean] Error 2

... you're running 4.1.13-9. You can change kernel version for this VM
in VM settings. Or you can simply update kernel-devel package.

But that's not all:

> install -D -m 755 wl.ko /lib/modules/`uname -r`/kernel/drivers/net/wireless
> install: cannot create regular file 
> ‘/lib/modules/4.1.13-9.pvops.qubes.x86_64/kernel/drivers/net/wireless/wl.ko’: 
> Read-only file system

/lib/modules/(kernel version) is mounted read-only, so you can't modify
it. You can either switch to in-VM kernel[1], or keep that module
(`wl.ko`) in some other directory and load it using `insmod
/path/to/wl.ko`. The former method will require somehow more work, but
will be easier to maintain later.

[1] https://www.qubes-os.org/doc/managing-vm-kernel/#tocAnchor-1-1-3

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXtXpfAAoJENuP0xzK19csTxYH/3WqnU86tz8zN2XxTWpE9G2+
Ig3ENybBgocEr4CoWxuL2CG0uDVsLDaqsAf/R7YWGJ1SHtFCrBtAVh0RWcQqcuAG
PmnwO5BqcbXJCxyyNZQqzh6c6rWAxd1Hfhs/eTO1l28iAe4UQFTMG3At20kGigVY
A2EYudYPtc54/ByaEYQ9upqmyN9kLmXS+Kuo9mKRn2+A+BvJmzXeJ7iAkeyCtP7N
hJnbvwX0I7rVC1CMPm6yfHp1716klQcI1i1//FmxAEd/kcSXBoMRxjvD6LpIwsF/
sqI16ppiUPc+RHQBp2oO/hhgc2jb8x7L6iKFoeVJFlKJcjx5zaNGdrqWFA4MYm4=
=Dm91
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160818090535.GE9166%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] networking issues

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-17 14:35, randallrba...@gmail.com wrote:
> I was also told to install this into the fedora 23 template but
> once I do i get this
> 
> [CODE] v[user@fedora-23-net ~]$ wget
> http://www.broadcom.com/docs/linux_sta/$FILE --2016-08-17
> 14:50:34--  http://www.broadcom.com/docs/linux_sta/ Resolving
> www.broadcom.com (www.broadcom.com)... failed: No address
> associated with hostname. wget: unable to resolve host address
> ‘www.broadcom.com’[/CODE] I have looked everywhere and all I can
> find are the posts where the user makes a small mistake that he
> fixes himself.
> 

By default, TemplateVMs have access only to the Updates Proxy. You
should first enable all network access by checking the "Allow full
access for N minutes" box on the "Firewall rules" tab, then try this
again.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXtU0XAAoJENtN07w5UDAwTRoQAIS1hpojDMN8OASYJXElcR9N
YpKYnzHF0FzW0BECw9Wzgs58ATYBsTGQ7qA9MlWaS1UhL0U9PuNNZl+QzxVxV9ca
NGVqHIspY/SDtrpc5NqlsK5cOzCNOLpvdpxhHqaBHLxbSlUlz00yv/kXc6PPLLJq
r8qbyJhDTQG9lGYR1kFFMa+p8H+kyAJzkAlx97LDXFk+CL9edFaniFoaWTvDRVvV
Nk3sM32JPTHmbVAV/BzDNouDmXkxgHxnFIL+h9YX/Z7slmBbYF9fwi4pO/K3MIRL
82RvlCyjYsl/Du17zkknrkOCNneCbXA8MQs9vrPc5PT5oR+XPIxdRT2kGliziIV1
yqmAfR0QtwSC1Q7Ek0NYCL4nVHwP9GW6/FV+LFNCjS/8yQqlmqiTtykl+/UPhDba
gF6SNZQaFZML/tnvbyPXTFNjdYOQBq5gGmrqWONxcQXXmX/XPQkh7QFS+ssI+KYl
tO5oPycDMS7rqnrY7D1WPxaaDLcTuBp6AzEnCSP/z7mVJkrxqHsH9anjhGwU4NpE
qKslZb5XXJHaUmV9ENjg/jpKC3mZfUdXeu8fTnEl9MWOOd62qiTN6mjlVO+GoPeQ
EOIAG5EBHBI573hPJFEUlwNyvTp7ITMDGdn7fO9odIEe8Ccv8EWILO9uJfBaYGGO
rSrWBzL1h9WFHv3fA+s4
=HcEU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb61e953-2586-f880-f8e6-64a3003f724c%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] networking issues

[randallrbaker]

i have a bcm 4360 wireless card  on my motherboard and I cant seam to get the 
drivers installed. I was told to install this to net vm  [CODE]wget 
http://git.io/vuLC7 -v -O fedora23_broadcom_wl_install.sh && sh 
./fedora23_broadcom_wl_install.sh;[/CODE]  but I ended up getting this mess

[CODE][user@sys-net ~]$ wget http://git.io/vuLC7 -v -O 
fedora23_broadcom_wl_install.sh && sh ./fedora23_broadcom_wl_install.sh;
URL transformed to HTTPS due to an HSTS policy
--2016-08-17 14:13:11--  https://git.io/vuLC7
Resolving git.io (git.io)... 54.243.161.116, 23.23.111.66, 23.23.173.104
Connecting to git.io (git.io)|54.243.161.116|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: 
https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
 [following]
--2016-08-17 14:13:11--  
https://gist.githubusercontent.com/onpubcom/7f41dc9cbe90556b2113/raw/a69939c941319741744bea28dadf273f118d67a2/fedora23_broadcom_wl_install.sh
Resolving gist.githubusercontent.com (gist.githubusercontent.com)... 
151.101.40.133
Connecting to gist.githubusercontent.com 
(gist.githubusercontent.com)|151.101.40.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1058 (1.0K) [text/plain]
Saving to: ‘fedora23_broadcom_wl_install.sh’

fedora23_broadcom_w 100%[===>]   1.03K  --.-KB/sin 0s  

2016-08-17 14:13:11 (76.1 MB/s) - ‘fedora23_broadcom_wl_install.sh’ saved 
[1058/1058]

Last metadata expiration check performed 0:43:02 ago on Wed Aug 17 13:30:10 
2016.
Package gcc-5.3.1-6.fc23.x86_64 is already installed, skipping.
Package kernel-devel-1000:4.1.24-10.pvops.qubes.x86_64 is already installed, 
skipping.
Dependencies resolved.
Nothing to do.
Sending application list and icons to dom0
Complete!
mkdir: cannot create directory ‘hybrid_wl_f23’: File exists
--2016-08-17 14:13:14--  
http://www.broadcom.com/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz
Resolving www.broadcom.com (www.broadcom.com)... 209.132.249.240
Connecting to www.broadcom.com (www.broadcom.com)|209.132.249.240|:80... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 2928541 (2.8M) [application/octet-stream]
Saving to: ‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’

hybrid-v35_64-nodeb 100%[===>]   2.79M   892KB/sin 3.4s

2016-08-17 14:13:17 (847 KB/s) - 
‘hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz.4’ saved [2928541/2928541]

Makefile
lib/
lib/wlc_hybrid.o_shipped
lib/LICENSE.txt
src/
src/include/
src/include/typedefs.h
src/include/linuxver.h
src/include/bcmutils.h
src/include/siutils.h
src/include/packed_section_start.h
src/include/epivers.h
src/include/linux_osl.h
src/include/bcmendian.h
src/include/packed_section_end.h
src/include/pcicfg.h
src/include/bcmdefs.h
src/include/bcmcrypto/
src/include/bcmcrypto/tkhash.h
src/include/wlioctl.h
src/include/osl.h
src/shared/
src/shared/bcmwifi/
src/shared/bcmwifi/include/
src/shared/bcmwifi/include/bcmwifi_channels.h
src/shared/bcmwifi/include/bcmwifi_rates.h
src/shared/linux_osl.c
src/wl/
src/wl/sys/
src/wl/sys/wl_dbg.h
src/wl/sys/wlc_key.h
src/wl/sys/wl_linux.h
src/wl/sys/wl_linux.c
src/wl/sys/wlc_wowl.h
src/wl/sys/wl_iw.c
src/wl/sys/wlc_pub.h
src/wl/sys/wl_iw.h
src/wl/sys/wl_export.h
src/wl/sys/wl_cfg80211_hybrid.h
src/wl/sys/wlc_ethereal.h
src/wl/sys/wl_cfg80211_hybrid.c
src/wl/sys/wlc_utils.h
src/wl/sys/wlc_types.h
src/common/
src/common/include/
src/common/include/proto/
src/common/include/proto/bcmeth.h
src/common/include/proto/ieee80211_radiotap.h
src/common/include/proto/ethernet.h
src/common/include/proto/802.1d.h
src/common/include/proto/bcmip.h
src/common/include/proto/bcmevent.h
src/common/include/proto/802.11.h
src/common/include/proto/wpa.h
KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` clean
make[1]: *** /lib/modules/4.1.13-9.pvops.qubes.x86_64/build: No such file or 
directory.  Stop.
Makefile:165: recipe for target 'clean' failed
make: *** [clean] Error 2
install -D -m 755 wl.ko /lib/modules/`uname -r`/kernel/drivers/net/wireless
install: cannot create regular file 
‘/lib/modules/4.1.13-9.pvops.qubes.x86_64/kernel/drivers/net/wireless/wl.ko’: 
Read-only file system
Makefile:168: recipe for target 'install' failed
make: *** [install] Error 1
depmod: ERROR: openat(/lib/modules/4.1.13-9.pvops.qubes.x86_64, 
modules.dep.tmp, 1101, 644): Read-only file system
depmod: ERROR: openat(/lib/modules/4.1.13-9.pvops.qubes.x86_64, 
modules.dep.bin.tmp, 1101, 644): Read-only file system
depmod: ERROR: openat(/lib/modules/4.1.13-9.pvops.qubes.x86_64, 
modules.alias.tmp, 1101, 644): Read-only file system
depmod: ERROR: openat(/lib/modules/4.1.13-9.pvops.qubes.x86_64, 
modules.alias.bin.tmp, 1101, 644): Read-only file system
depmod: ERROR: openat(/lib/modules/4.1.13-9.pvops.qubes.x86_64, 
modules.softdep.tmp, 1101, 644): Read-only file system
depmod: ERROR: 

[qubes-users] networking on Dom0

[facu . curti]

Hi there.

I want to get networking on Dom0... I know everything you are going to say... I 
use qubes for investigate, I dont have ANY sensitive data, and I want to use 
Qubes, not another OS.

I need to get a program that uses internet and 3D. As I have only one video 
card (passtrougth is impossible), I think this is the best solution. I dont 
need so much capability, but I need 3D working.

Please, spare any comments about security and/or using other os... I know 
everything that. I just want to use Qubes with this program...

What is the best way to connect dom0 in to the network?

Someone can help me?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01ea05d7-6df1-49d0-8785-b970786b8799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-07 15:12, jefferson_pla...@hotmail.com wrote:
> Hello all,
> 
> I realised I had been making a mistake when following the "whonix
> 12 to 13" guide. I deleted my post so that I could probe some
> other issues before returning with a revised and updated reply.
> However I found my other issues to be resolved.
> 
> The meta packages problem is resolved. However each boot up the 
> sys-firewall NetworkManager issue returns. Hoping this is not a
> risk to security or function. Everything else at this time seems in
> order
> 

- From what I gather, the extra nm-applet issue seems to be mainly
cosmetic. (Normally it's hidden, but in some cases for some reason
there is a failure to hide it.) Thank you for your report. We're
tracking the issue here:

https://github.com/QubesOS/qubes-issues/issues/2159

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXgGiXAAoJENtN07w5UDAwgK8P/3ShPNlEYKHLt4WK+hQrqbdv
4Mpq/3p+7zGcPmG82tf/DmLtcDbeTogazqDvsUyk/Oib7V9Er8Yh3Ecg7CB9PuDd
ah4YylCHcPvyl9ZyNRGbAJiuANgMYPS7qwqsSbguYO4+FTKSPDcwHK6kPnNUxubp
caQ5pE83wPw+zIkMdZZ7cwiLVtaojcOYTkfgThZyShH8qu7M/vKBqBcD79qR9K+F
5g/Tvb2qjsN73bYLY/dxTl9gRHw8wVki14bmi6Vd9cggOfU6KN0Xpnc7vAiAZlfd
58642uvt0yng1LWOeIfs7g5vXvAefyB+DdGa048lxLbMPLlO6ebAIILOcyXK+J0Z
7cXt8mx0WwOp6nnyWF2RqB0WHdlz7IWo8Qh/S7OteFu8Fyjelmrkz7YDy3hgO/wx
uJbOTK9yOCrYS4qj31kbjLxa9yc8Wzpx3KxBqm/w8L4x4KMXCyBjn70MwjvUEZRx
Hzv7vFNDd0EKLagsalx/SkQGyOnB8EQ7serxU3OZ1YV6ozDGvh4xXmEoR0Po7VfB
GpLlzv9ZkY0BjCT83gBTDQ6aje5Bw6c1CC9DGgFwSV7v5t3GUuxc+O6ED7mWf5ee
yB5HZiups3XyVe+jgTOGeTlc0IqbxgA/iMGb+WJpgfHc8CiO2wNjycNp5QSpJvtE
qtgs9BTVhK66GnzPK9SC
=8viR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26df8d95-15f0-bb0f-b860-2312903577ab%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[jefferson_plague]

Hello all,

I realised I had been making a mistake when following the "whonix 12 to 13" 
guide. I deleted my post so that I could probe some other issues before 
returning with a revised and updated reply. However I found my other issues to 
be resolved. 

The meta packages problem is resolved. However each boot up the sys-firewall 
NetworkManager issue returns. Hoping this is not a risk to security or 
function. Everything else at this time seems in order

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7955f14-f5e6-4c80-9383-8e8b59fffc1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[Qubed One]

Qubed One:
> jefferson_pla...@hotmail.com:
>> Hello Andrew 
>>
>>> This is the NetworkManager applet running in sys-firewall. Normally,
>>> sys-firewall is connected to sys-net for network access, and the
>>> NetworkManager applet only runs in sys-net. (The situation can be
>>> different if you're running things like VPN VMs, but we'll set those
>>> aside here.)
>>>
>>> In short: the NetworkManager applet shouldn't be visible in
>>> sys-firewall in the first place, but it's not a big problem (just a
>>> confusing one). There's normally a script that hides it, but in your
>>> case, that's not working for some reason.
>>
>> My set up is standard with the only change from fresh installation being the 
>> updating of templates and dom0. Is this difference of NetworkManager 
>> appearing an indication of any loss of function or security?
>>
>>> So, are you still having problems updating dom0 and your templates? If 
>>> so, can you explain the problems? 
>>
>> There were issues with dom0. The link below give the solution:
>> https://groups.google.com/forum/#!searchin/qubes-users/errno$2014$20curl$2337/qubes-users/zMETrlPMqng/GcwIPcZ8BQAJ
>>
>> The whonix templates were difficult. I was able to update them however I 
>> still get a whonixcheck error for the whonix gateway. It reads "WARNING: 
>> Whonix Meta Packages Test Result: Whonix-Gateway detected, but the meta 
>> package qubes-whonix-gateway is not installed. Did you accidentally 
>> uninstall it?"
>>
>> I followed the steps from this discussion:
>> https://groups.google.com/forum/#!searchin/qubes-users/meta$20package$20qubes-whonix-gateway$20is$20not$20installed/qubes-users/P2BTCOPcTnU/xHXxMEzLPwAJ
>>
>> This did not work:
>> "sudo apt-get install qubes-whonix-workstation" on WS template
>> "sudo apt-get install qubes-whonix-gateway" on GW template. 
>>
>> Another similar command to the two above worked. However the autoremove 
>> command did not work. I was root and met the requirements it seemed to need. 
>>
>> The sanity check from here did not work, returning 1 instead of 0. The 
>> command was not recognised:
>> https://www.google.com/url?q=https%3A%2F%2Fwww.whonix.org%2Fwiki%2FUpgrading_Whonix_12_to_Whonix_13=D=1=AFQjCNGFl1_nVVp9x0MIL9am3BnI9-vOlA
>>
>> I would like to learn how to fix this meta package error. From what I have 
>> read here it would be a risk to my security to bypass this issue.
>> https://www.whonix.org/wiki/Whonix_Debian_Packages#What_is_the_disadvantage_of_removing_a_meta_package.3F
> 
> 
> These steps worked for me (sorry, can't find the source that directed me
> here. It mentioned something about upgrading Whonix from 12 to 13
> without realizing it.):
> 
> https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13


Sorry again, it appears you've already tried that. I need to read more
thoroughly before replying...


>> Thank you for providing some sources. Are there any that I can learn to 
>> better navigate qubes and use basic code? I will keep looking through the 
>> documentation. Aside for running an update on a VM is there anyway to check 
>> if the VM (or dom0) is up to date?
>>
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37148fc2-d147-96b7-a9cd-f295e14fe44d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[Qubed One]

jefferson_pla...@hotmail.com:
> Hello Andrew 
> 
>> This is the NetworkManager applet running in sys-firewall. Normally,
>> sys-firewall is connected to sys-net for network access, and the
>> NetworkManager applet only runs in sys-net. (The situation can be
>> different if you're running things like VPN VMs, but we'll set those
>> aside here.)
>>
>> In short: the NetworkManager applet shouldn't be visible in
>> sys-firewall in the first place, but it's not a big problem (just a
>> confusing one). There's normally a script that hides it, but in your
>> case, that's not working for some reason.
> 
> My set up is standard with the only change from fresh installation being the 
> updating of templates and dom0. Is this difference of NetworkManager 
> appearing an indication of any loss of function or security?
> 
>> So, are you still having problems updating dom0 and your templates? If 
>> so, can you explain the problems? 
> 
> There were issues with dom0. The link below give the solution:
> https://groups.google.com/forum/#!searchin/qubes-users/errno$2014$20curl$2337/qubes-users/zMETrlPMqng/GcwIPcZ8BQAJ
> 
> The whonix templates were difficult. I was able to update them however I 
> still get a whonixcheck error for the whonix gateway. It reads "WARNING: 
> Whonix Meta Packages Test Result: Whonix-Gateway detected, but the meta 
> package qubes-whonix-gateway is not installed. Did you accidentally uninstall 
> it?"
> 
> I followed the steps from this discussion:
> https://groups.google.com/forum/#!searchin/qubes-users/meta$20package$20qubes-whonix-gateway$20is$20not$20installed/qubes-users/P2BTCOPcTnU/xHXxMEzLPwAJ
> 
> This did not work:
> "sudo apt-get install qubes-whonix-workstation" on WS template
> "sudo apt-get install qubes-whonix-gateway" on GW template. 
> 
> Another similar command to the two above worked. However the autoremove 
> command did not work. I was root and met the requirements it seemed to need. 
> 
> The sanity check from here did not work, returning 1 instead of 0. The 
> command was not recognised:
> https://www.google.com/url?q=https%3A%2F%2Fwww.whonix.org%2Fwiki%2FUpgrading_Whonix_12_to_Whonix_13=D=1=AFQjCNGFl1_nVVp9x0MIL9am3BnI9-vOlA
> 
> I would like to learn how to fix this meta package error. From what I have 
> read here it would be a risk to my security to bypass this issue.
> https://www.whonix.org/wiki/Whonix_Debian_Packages#What_is_the_disadvantage_of_removing_a_meta_package.3F


These steps worked for me (sorry, can't find the source that directed me
here. It mentioned something about upgrading Whonix from 12 to 13
without realizing it.):

https://www.whonix.org/wiki/Upgrading_Whonix_12_to_Whonix_13


> Thank you for providing some sources. Are there any that I can learn to 
> better navigate qubes and use basic code? I will keep looking through the 
> documentation. Aside for running an update on a VM is there anyway to check 
> if the VM (or dom0) is up to date?
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7448bbb6-f675-ba08-d008-48073bb2c5cd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[jefferson_plague]

Hello Andrew 

> This is the NetworkManager applet running in sys-firewall. Normally,
> sys-firewall is connected to sys-net for network access, and the
> NetworkManager applet only runs in sys-net. (The situation can be
> different if you're running things like VPN VMs, but we'll set those
> aside here.)
> 
> In short: the NetworkManager applet shouldn't be visible in
> sys-firewall in the first place, but it's not a big problem (just a
> confusing one). There's normally a script that hides it, but in your
> case, that's not working for some reason.

My set up is standard with the only change from fresh installation being the 
updating of templates and dom0. Is this difference of NetworkManager appearing 
an indication of any loss of function or security?

>So, are you still having problems updating dom0 and your templates? If 
>so, can you explain the problems? 

There were issues with dom0. The link below give the solution:
https://groups.google.com/forum/#!searchin/qubes-users/errno$2014$20curl$2337/qubes-users/zMETrlPMqng/GcwIPcZ8BQAJ

The whonix templates were difficult. I was able to update them however I still 
get a whonixcheck error for the whonix gateway. It reads "WARNING: Whonix Meta 
Packages Test Result: Whonix-Gateway detected, but the meta package 
qubes-whonix-gateway is not installed. Did you accidentally uninstall it?"

I followed the steps from this discussion:
https://groups.google.com/forum/#!searchin/qubes-users/meta$20package$20qubes-whonix-gateway$20is$20not$20installed/qubes-users/P2BTCOPcTnU/xHXxMEzLPwAJ

This did not work:
"sudo apt-get install qubes-whonix-workstation" on WS template
"sudo apt-get install qubes-whonix-gateway" on GW template. 

Another similar command to the two above worked. However the autoremove command 
did not work. I was root and met the requirements it seemed to need. 

The sanity check from here did not work, returning 1 instead of 0. The command 
was not recognised:
https://www.google.com/url?q=https%3A%2F%2Fwww.whonix.org%2Fwiki%2FUpgrading_Whonix_12_to_Whonix_13=D=1=AFQjCNGFl1_nVVp9x0MIL9am3BnI9-vOlA

I would like to learn how to fix this meta package error. From what I have read 
here it would be a risk to my security to bypass this issue.
https://www.whonix.org/wiki/Whonix_Debian_Packages#What_is_the_disadvantage_of_removing_a_meta_package.3F

Thank you for providing some sources. Are there any that I can learn to better 
navigate qubes and use basic code? I will keep looking through the 
documentation. Aside for running an update on a VM is there anyway to check if 
the VM (or dom0) is up to date?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e23a296a-8af4-4c08-bc3f-b458b20b5137%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-06 00:04, Marco D'emet wrote:
> Hello,
> 
> Recently I have installed Qubes-whonix. To begin with I had
> trouble updating dom0 and the VM templates, alongside this I had
> tor bootstrapping errors which highlighted an issue with not being
> able to download the meta packages for both whonix-gw and
> whonix-ws templates. I resolved this issue and lastly updated the
> fedora template VM. After reboot tor was then able to connect
> however in the system tray a new icon appeared with two desktops
> and a red cross square, hovering over it read  'Networking
> disabled'. What is this issue and how do I resolve it?
> 
> Further details, When I right click the icon the prompt to 'enable 
> networking' is shaded out. When I click the 'about' prompt I get
> the window title '[sys-firewall] About NetworkManager Applet',
> inside it reads that it is NetworkManager Applet 1.0.10.
> 

This is the NetworkManager applet running in sys-firewall. Normally,
sys-firewall is connected to sys-net for network access, and the
NetworkManager applet only runs in sys-net. (The situation can be
different if you're running things like VPN VMs, but we'll set those
aside here.)

In short: the NetworkManager applet shouldn't be visible in
sys-firewall in the first place, but it's not a big problem (just a
confusing one). There's normally a script that hides it, but in your
case, that's not working for some reason.

You should be able to kill the applet by opening a terminal in
sys-firewall, then running:

$ sudo kill $(pidof nm-applet)

See this thread for a similar discussion:

https://groups.google.com/d/topic/qubes-users/DMqWMAi8EP0/discussion

> I have read many other discussions in this group and none have a 
> solution that works. I am very new so I apologise for not being
> able to provide more information. As an aside it would be helpful
> if in addition to helping me solve this problem I might also be
> directed to sources which will let me better learn how to
> understand and work with qubes.
> 

The main sources are our documentation:

https://www.qubes-os.org/doc/

And our mailing lists:

https://www.qubes-os.org/mailing-lists/

> Lastly, I have tried updating all templates and dom0, as I said I 
> have tried the solutions found elsewhere regarding enabling 
> networkmanager.dispatcher. I have tried as much as I know or 
> understand. Looking forward to some resolution to diminish 
> frustrations of qubes.
> 

So, are you still having problems updating dom0 and your templates? If
so, can you explain the problems?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXfSJNAAoJENtN07w5UDAwpw8P/As4yk3dA9PwhixXLDRlrN1V
/MPmBQovQNB3IXHfXkO7lUW2OZUzpzsJAqNc4BmPoSeOwkV4A6IIYD7xOIlClU/e
bYOOwPQBHHGjHCrE8zeMOHuMYTpF8j6EcBKm/6jGDVoNSe4VqTtHTl8Z7hSps6gv
5/pZakWSspgsxPpnlxZ3E3fBUvItswaYESxVBAyM0sZoCNIVd2qcJXTN/xjSVkvs
9Rwb/PtsRgxcH1vq28dE4k6Tlh8ZRgDofFI13GULhjq+FO2qntGTA2Mp/qYAIZ/z
5M4tf1z1st7+f8I0snqFezuF0jsnmGOXhRz4zQvVtxhrzEojFUV+mXe5C6Sp6BZt
F+OFiqObgQL+fL2crCWb83+JR2nA0e9qrRCzYvk/0YLCsef2wyNcgtOpfDrzGyUu
YjzNvbPugwrxIAOoV//Pz9TxWrvQ6AsUCaCPMh//42ZrL+HRb2A3L6zV6U9PYwMS
4pMROZjmDBsbMHXeHZ2qGiRo/Rtskz0VHpADEyRrhHyObGxepbzmqJvSsA640Dqq
FENqCPT+vAL9khoZA8HWTQuyQQQjMJu6PSD0sNzb9Zyl6YwUh9PZ5kpgrijuggKi
QPPQM4vlhodOqnfKEK7OdvypuYUbDTOvu3gE5JwZFdY3HKEKYzO3EcjlIo50RlAA
h5h6prqZ+Nd0J+8mlRdl
=eajJ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85963240-0c44-8506-ca2e-d1c498276a81%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]

[Marco D'emet]

Hello,

Recently I have installed Qubes-whonix. To begin with I had trouble updating 
dom0 and the VM templates, alongside this I had tor bootstrapping errors which 
highlighted an issue with not being able to download the meta packages for both 
whonix-gw and whonix-ws templates. I resolved this issue and lastly updated the 
fedora template VM. After reboot tor was then able to connect however in the 
system tray a new icon appeared with two desktops and a red cross square, 
hovering over it read  'Networking disabled'. What is this issue and how do I 
resolve it?

Further details,
When I right click the icon the prompt to 'enable networking' is shaded out. 
When I click the 'about' prompt I get the window title '[sys-firewall] About 
NetworkManager Applet', inside it reads that it is NetworkManager Applet 
1.0.10. 

I have read many other discussions in this group and none have a solution that 
works. I am very new so I apologise for not being able to provide more 
information. As an aside it would be helpful if in addition to helping me solve 
this problem I might also be directed to sources which will let me better learn 
how to understand and work with qubes.

Lastly, I have tried updating all templates and dom0, as I said I have tried 
the solutions found elsewhere regarding enabling networkmanager.dispatcher. I 
have tried as much as I know or understand. 
Looking forward to some resolution to diminish frustrations of qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de9805fa-48de-4494-b9d4-45d8111ca9a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking problem with Windows 7 HVM (with PVM parts)

[Achim Patzner]

Hi!


In order to get things a bit less messy I asked the IT department of a
customer who handed me a VM for personal use to add XEN PV network
drivers to the VM. Since adding the driver I've got network problems on
every second boot as the network interface could not be started. Going
to the device manager I can deactivate and reactivate it which cuases it
to apear as a new LAN connection (... #) or just resign and reboot
after which it will be working until the next reboot. The device this
network connection is attached to is always "XEN PV Network Device #0".


Obviously the idea of cluttering up the registry with more and more LAN
connections doesn't seem too appealing. The LAN adapter doesn't seem to
be changing in any obvious way every time I boot. What could be
different each time the VM is started?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d128b41b-01c6-623c-ad7f-e2f93952d68e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Drew White]

On Friday, 1 July 2016 12:03:24 UTC+10, Chris Laprise wrote:
>
> HVM drivers do have throughput issues... 
> https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/ 
>

Do you have anything that is remotely current? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7946652b-5f07-44a9-97ac-498ebee8283f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Chris Laprise]

On 06/30/2016 09:50 PM, Drew White wrote:

On Friday, 1 July 2016 11:42:05 UTC+10, Chris Laprise wrote:

That's just a description of the emulated adapter.


No, it's the physical speed of throughput of data actually.
I'm not talking about a descriptor, I'm talking about the actual speed.


HVM drivers do have throughput issues... 
https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dcdc6701-26c1-2393-1e25-138eaa4fe502%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Chris Laprise]

On 06/30/2016 09:37 PM, Drew White wrote:

Hi folks,

Just wondering why my Win7 has only 100 Mbit networking instead of 
Gigabit?


Is there any way to make it gigabit in the vm?
When I only have 1 or 2 VMs running, to use only 100 Mbit out of a 
1000 Mbit NIC is just wasteful.


Please help.

Thanks in advance.
--


That's just a description of the emulated adapter.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed53eee5-8b01-da95-33b5-b71165b7eaa0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.