[qubes-users] Re: Unable to uptade templates affer forced all traffic trhough VPN

2016-10-16 Thread 4lpt9o+3m11o9qubb38o via qubes-users 
You don't need to manually add the iptables rules. When enable the 
'qubes-yum-proxy' on the VPNVM the rule to iptables is automatically added:

Chain PR-QBS-SERVICES (1 references)
 pkts bytes target prot opt in out source   destination 

0 0 REDIRECT   tcp  --  vif+   *   0.0.0.0/0
10.137.255.254   tcp dpt:8082
  

And also the corresponding rule on the INPUT chain:

Chain PR-QBS-SERVICES (1 references)
 pkts bytes target prot opt in out source   destination 

0 0 REDIRECT   tcp  --  vif+   *   0.0.0.0/0
10.137.255.254   tcp dpt:8082

So you don't need to do this by hand.

@Manuel I agree with you, the instructions on the Qubes VPN doc. don't outline 
this step. And this is necessary to have the updates working while forcing all 
the traffic through the VPN.
Can someone add some references on the VPN article 
(https://www.qubes-os.org/doc/vpn/) in the same manner as this page reflected 
in this page - https://www.qubes-os.org/doc/software-update-vm/#updates-proxy . 
Since anyone following the VPN article,as it is, would not have the yum/apt 
updates working.






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34473a329176388840a0d28b17896b0d3a49%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re:Persistant routes on Qubes are not persistant?!

2016-10-16 Thread 4lpt9o+3m11o9qubb38o via qubes-users 
I basically need to add some static routes to access different parts of the 
local network, otherwise the traffic destined to my internal network will be 
tunneled through the VPN.
I've tried to add this via the NetworkManager which is what I intend, however 
the routes, as soon as the VM is bounced, are overwritten.
Having this into the the rc.local is not a very elegant solution since the 
Network Manager is suppose to handle this.

So is there a way to static add this routes via the Network Manager ensuring 
they are preserved at each boot?






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67a2205119b4141e9be529d84830aaad6233%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-net doesn't detect wifi

2016-10-16 Thread katerimmel 
Hello
Following the tutorial about anonymize MAC address, I have installed
debian 9, create a sys-net, assign a network controller but doesn't detect
no wifi.

How can I solve this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c11c18242a0631da525dd2363fc55cc2.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Is Qubes R3.2 still in testing branch?

2016-10-16 Thread Pawel Debski 

Folks,

I'm planning R3.1 -> 3.2 upgrade and need explanation:

|sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2 
qubes-release|


why do I need to enable testing repo? I thought that R3.2 has already 
been released as stable.


Maybe I do not understand something. Please explain.

--

Z powazaniem / Best Regards
Mit freundlichen Gruessen / Meilleures salutations
Pawel Debski

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa7d8385-eabe-e348-7956-068df57955e5%40econsulting.pl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is Qubes R3.2 still in testing branch?

2016-10-16 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Oct 16, 2016 at 08:21:17PM +0200, Pawel Debski wrote:
> Folks,
> 
> I'm planning R3.1 -> 3.2 upgrade and need explanation:
> 
> |sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2
> qubes-release|
> 
> why do I need to enable testing repo? I thought that R3.2 has already been
> released as stable.

You're right, testing repo is no longer needed. Instruction fixed.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYA++hAAoJENuP0xzK19csCFAH/2IlqrV0uzkOnMu9CBpAKx/n
bofjVit0X9IPIShAw5vHCityCyrjPNlCm7WeCpwtFCYdbYnTfZ3JYt/r7xbfgJsb
yW1RU2C1tFBSfLpFKaEf6q1Eg4PuNJtu3yLx2JcrBteZBuBLLauFAtEYgp5U9dnS
7cCwUeb6LEdBP3YTWU61YYHaZTwIeSWlVJfTCeh+O1D1YNAIF7AiIDf8raJq+tgA
I89pNUIFzB8QEpxGPkXT7VNDgzlHcYx8pbh8wLL9wODGtr4DtbIaQPB9dsg4cqS8
jY5dYJ0d1omo9hy9zp2yze2HkMwd8JYdB0wiZsnqwxplJIM1RJnRjXG9CQSW/wo=
=Ih/R
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161016212243.GE15776%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: philosofy on qubes and other environment

2016-10-16 Thread raahelps 
On Saturday, October 15, 2016 at 11:38:07 PM UTC-4, pleo...@gmail.com wrote:
> unikernel u mean this?
> http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
> i have installed it and work good.

ya thats what i was talking about,  nice I'll have to try it out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/942378b2-7593-4bee-a229-26ecc2076bea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Maybe a provocative question

2016-10-16 Thread raahelps 
On Saturday, October 15, 2016 at 10:28:24 PM UTC-4, QubesOS User wrote:
> You mentioned some good points about QubesOS. One thing I definitely dislike 
> about QubesOS (and that's no offense of course - it's simply unavoidable, and 
> of course that's not the developers' fault - in contrast I couldn't imagine 
> how they could optimize it even more [maybe one could do so as a user by 
> switching from Fedora to a distro template which needs very few ressources 
> despite having to run multiple VMs]) is that it consumes a really huge amount 
> of CPU and memory, even on modern hardware.
> 
> Well, another approach for isolation (not in the way by VMs employed on any 
> Linux distro, it's a totally different approach) is GNU Hurd, but it's still 
> experimental and only works on QEMU as far as I know (didn't follow it for 
> quite a while). However, those guys are really enthusiastic as well and maybe 
> that could be another promising approach someday.
> 
> 
> Yes, if the NSA etc. really wouldn't be able to break into your QubesOS 
> system, then they'll certainly have plenty of other means to gain access to 
> your data (refer to the NSA-ANT catalogue, papers about key strokes and radio 
> sginal interception etc.).
> 
> No, I don't agree to your last paragraph. Any well-configured Linux distro 
> plus a good firewall (pfsense etc.) / router (like Turris Omnia) will prevent 
> any (super professional) hacker from breaking into your system, if you set up 
> everything in the best possible way AND choose the right (open-source) 
> hardware.
> 
> 
> Kind regards and all the best
> 
> 
> 16.10.2016, 03:47, "raahe...@gmail.com" :
> > On Saturday, October 15, 2016 at 9:16:52 PM UTC-4, QubesOS User wrote:
> >>  16.10.2016, 01:03, "raahe...@gmail.com" :
> >>  > On Saturday, October 15, 2016 at 5:09:46 PM UTC-4, QubesOS User wrote:
> >>  >>  Hello everyone,
> >>  >>
> >>  >>  I could imagine that this question has been discussed before already, 
> >> and if this should be the case, then I'm very sorry for posting this (I'd 
> >> be thankful for an according link if so though).
> >>  >>
> >>  >>  I think that I've gained quite much knowledge about possible attack 
> >> surfaces provided on hardware and software level during the last 15 years, 
> >> trying to keep up-to-date and often doing research on new approaches in 
> >> this field. First of all, I'd like to stress that the 'objection' (which I 
> >> don't mean as such) I may raise by this post does not have any intention 
> >> of criticizing the great work and effort done by the QubesOS developers 
> >> and the community (it's not meant as an unhelpful 'critique' at all). Much 
> >> rather I have a huge respect for the commitment shown by everyone involved 
> >> in the development of QubesOS.
> >>  >>
> >>  >>  Having compared various approaches in this field (e. g. OpenBSD, 
> >> Linux using a hardened security kernel, GNU Hurd), I'd basically come to 
> >> the conclusion that QubesOS is the most promising approach, especially if 
> >> VT-d isolation is available.
> >>  >>
> >>  >>  However, the main points I'd like to address are:
> >>  >>
> >>  >>  1) XEN is developed by people working for a company based in the U.S. 
> >> (I know the difference between open-source and proprietary software, but 
> >> still they belong to the same team/company). If even developers of 
> >> TrueCrypt received one of those 'blue letters' - What is the reason to 
> >> assume that the XEN developers didn't receive one of those as well? Seen 
> >> from the perspective of the NSA it looks totally odd and irrational to me 
> >> if they would not to so, since they can do so, and it's their task to 
> >> thwart any efforts which might hinder them from collecting data. I don't 
> >> regard those people as being 'evil' or anything like that (nor do I regard 
> >> this as being positive, which should go without saying), I just look at 
> >> things in a rational way: If QubesOS is a great approach to ensure 
> >> security, then one must be naive to assume that this won't automatically 
> >> lead to classifiying this as a 'high priority target' - With all the 
> >> consequences.
> >>  >>
> >>  >>  1.2) Since this looks so obvious to me: Why isn't it a top priority 
> >> for QubesOS developers to make use of a supervisor (or develop an 
> >> independent one, which would surely need endless efforts, but wouldn't it 
> >> be worth it?), which is not subjected to the objections I tried to express?
> >>  >>
> >>  >>  2) QubesOS totally relies on 2.1) trusting XEN developers to 
> >> completely understand the more than just complex x64 architecture being 
> >> used today and 2.2) on trusting Intel's VT technology.
> >>  >>  Regarding 2.2): Just assuming Intel would have received some kind of 
> >> 'advice' (they may even find motivation without getting such - I certainly 
> >> don't think that Intel is an 'NSA subcontractor', but they are simply a 
> >>

[qubes-users] Re: philosofy on qubes and other environment

2016-10-16 Thread raahelps 
On Sunday, October 16, 2016 at 12:03:59 AM UTC-4, pleo...@gmail.com wrote:
> I dont know how to install it,im so stupid omg.Maybe like ProxyVM and route 
> trafic by pFsense? but its no option to choice only fedora debian.WTF im so 
> stupid.I dont know how to install it.

Its too complicated for me to try,  but have a look here maybe will point you 
in right direction  https://www.qubes-os.org/doc/building-non-fedora-template/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0353ff8c-c97d-4111-923d-619da24d7c6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is Qubes R3.2 still in testing branch?

2016-10-16 Thread Pawel Debski 

On 2016-10-16 23:22, Marek Marczykowski-Górecki wrote:

On Sun, Oct 16, 2016 at 08:21:17PM +0200, Pawel Debski wrote:

Folks,

I'm planning R3.1 -> 3.2 upgrade and need explanation:

|sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2
qubes-release|

why do I need to enable testing repo? I thought that R3.2 has already been
released as stable.

You're right, testing repo is no longer needed. Instruction fixed.


The thing is, that I was getting errors until I enabled testing repo. 
With --enablerepo=qubes*testing the upg went on.



Z powazaniem / Best Regards
Mit freundlichen Gruessen / Meilleures salutations
Pawel Debski


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4228d0c2-bb4c-ad67-5ba8-3b03aff64f0e%40econsulting.pl.
For more options, visit https://groups.google.com/d/optout.