Re: [qubes-users] Reattaching firewall vm to untrusted vm without killing the untrusted vm.
On Sun, Feb 16 2020, billol...@gmail.com wrote: > Qubes folk, > > So, I have a debian-based untrusted vm that is attached to a mullvad > vpn through Sweden; the mullvad vpn gets its networking from sys- > firewall (i.e. sys-net -> sys-firewall -> mullvad-vpn -> untrusted vm. > > I have another "local" vm that is directly attached to sys-firewall > (i.e sys-net -> sys-firewall -> local vm). Nothing other than sys-usb > starts automatically on boot. > > The mullvad-vpn is a standalone vm, set up per the Qubes mullvad > instructions, while the untrusted and local vms are based on the > debian-10 template. > > I'm running Qubes release 4.0.2. > > When I change locations without rebooting the box and switch wireless > networks, the sys-net, sys-firewall, and local vms automatically > update. Unfortunately, the mullvad-vpn vm does *not* update > automatically. In order to get networking on the untrusted vm, I have > to kill it *and* the mullvad-vpn vm, and restart them -- which means I > have to kill any running apps, which is a pain when I'm doing big image > tasks in the background. > > Is there a way to tell a standaloneVM like my mullvad-vm to either > update automatically, or a command to get it to re-set its networking > to a changed sys-firewall vm? > > Thanks, > > billo Hi, You can switch the 'netvm' of any VM on the fly with Qubes Manager or via command line `[user@dom0 ~]$ qvm-prefs "vmname" netvm none` then switch back when ready. -- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87r1yu5kkp.fsf%40host.localdomain.
Re: [qubes-users] Reattaching firewall vm to untrusted vm without killing the untrusted vm.
On 2/16/20 12:34 PM, billol...@gmail.com wrote: Qubes folk, So, I have a debian-based untrusted vm that is attached to a mullvad vpn through Sweden; the mullvad vpn gets its networking from sys- firewall (i.e. sys-net -> sys-firewall -> mullvad-vpn -> untrusted vm. I have another "local" vm that is directly attached to sys-firewall (i.e sys-net -> sys-firewall -> local vm). Nothing other than sys-usb starts automatically on boot. The mullvad-vpn is a standalone vm, set up per the Qubes mullvad instructions, while the untrusted and local vms are based on the debian-10 template. I'm running Qubes release 4.0.2. When I change locations without rebooting the box and switch wireless networks, the sys-net, sys-firewall, and local vms automatically update. Unfortunately, the mullvad-vpn vm does *not* update automatically. In order to get networking on the untrusted vm, I have to kill it *and* the mullvad-vpn vm, and restart them -- which means I have to kill any running apps, which is a pain when I'm doing big image tasks in the background. Is there a way to tell a standaloneVM like my mullvad-vm to either update automatically, or a command to get it to re-set its networking to a changed sys-firewall vm? This refusal to change in the mullvad vm could be due to a common openvpn behavior where it tries to revive the current connection over a 5 minute period. This is good for a VPN server, but for a PC it will look like it is unable to re-connect. The Qubes-VPN-support tool sets a max openvpn timeout of 40 seconds; on average it will re-connect in about 20 sec. after losing the old connection: https://github.com/tasket/Qubes-vpn-support -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5db6572b-b780-9fa0-8b88-2ec8911dfedc%40posteo.net.
[qubes-users] Reattaching firewall vm to untrusted vm without killing the untrusted vm.
Qubes folk, So, I have a debian-based untrusted vm that is attached to a mullvad vpn through Sweden; the mullvad vpn gets its networking from sys- firewall (i.e. sys-net -> sys-firewall -> mullvad-vpn -> untrusted vm. I have another "local" vm that is directly attached to sys-firewall (i.e sys-net -> sys-firewall -> local vm). Nothing other than sys-usb starts automatically on boot. The mullvad-vpn is a standalone vm, set up per the Qubes mullvad instructions, while the untrusted and local vms are based on the debian-10 template. I'm running Qubes release 4.0.2. When I change locations without rebooting the box and switch wireless networks, the sys-net, sys-firewall, and local vms automatically update. Unfortunately, the mullvad-vpn vm does *not* update automatically. In order to get networking on the untrusted vm, I have to kill it *and* the mullvad-vpn vm, and restart them -- which means I have to kill any running apps, which is a pain when I'm doing big image tasks in the background. Is there a way to tell a standaloneVM like my mullvad-vm to either update automatically, or a command to get it to re-set its networking to a changed sys-firewall vm? Thanks, billo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/340a74a2-ed1b-4853-a22d-f111e65a1e98%40googlegroups.com.
