[qubes-users] Re: Unable to uptade templates affer forced all traffic trhough VPN
You don't need to manually add the iptables rules. When enable the 'qubes-yum-proxy' on the VPNVM the rule to iptables is automatically added: Chain PR-QBS-SERVICES (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.137.255.254 tcp dpt:8082 And also the corresponding rule on the INPUT chain: Chain PR-QBS-SERVICES (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.137.255.254 tcp dpt:8082 So you don't need to do this by hand. @Manuel I agree with you, the instructions on the Qubes VPN doc. don't outline this step. And this is necessary to have the updates working while forcing all the traffic through the VPN. Can someone add some references on the VPN article (https://www.qubes-os.org/doc/vpn/) in the same manner as this page reflected in this page - https://www.qubes-os.org/doc/software-update-vm/#updates-proxy . Since anyone following the VPN article,as it is, would not have the yum/apt updates working. Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/34473a329176388840a0d28b17896b0d3a49%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re:Persistant routes on Qubes are not persistant?!
I basically need to add some static routes to access different parts of the local network, otherwise the traffic destined to my internal network will be tunneled through the VPN. I've tried to add this via the NetworkManager which is what I intend, however the routes, as soon as the VM is bounced, are overwritten. Having this into the the rc.local is not a very elegant solution since the Network Manager is suppose to handle this. So is there a way to static add this routes via the Network Manager ensuring they are preserved at each boot? Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67a2205119b4141e9be529d84830aaad6233%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sys-net doesn't detect wifi
Hello Following the tutorial about anonymize MAC address, I have installed debian 9, create a sys-net, assign a network controller but doesn't detect no wifi. How can I solve this issue? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c11c18242a0631da525dd2363fc55cc2.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is Qubes R3.2 still in testing branch?
Folks, I'm planning R3.1 -> 3.2 upgrade and need explanation: |sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2 qubes-release| why do I need to enable testing repo? I thought that R3.2 has already been released as stable. Maybe I do not understand something. Please explain. -- Z powazaniem / Best Regards Mit freundlichen Gruessen / Meilleures salutations Pawel Debski -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa7d8385-eabe-e348-7956-068df57955e5%40econsulting.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is Qubes R3.2 still in testing branch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 16, 2016 at 08:21:17PM +0200, Pawel Debski wrote: > Folks, > > I'm planning R3.1 -> 3.2 upgrade and need explanation: > > |sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2 > qubes-release| > > why do I need to enable testing repo? I thought that R3.2 has already been > released as stable. You're right, testing repo is no longer needed. Instruction fixed. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYA++hAAoJENuP0xzK19csCFAH/2IlqrV0uzkOnMu9CBpAKx/n bofjVit0X9IPIShAw5vHCityCyrjPNlCm7WeCpwtFCYdbYnTfZ3JYt/r7xbfgJsb yW1RU2C1tFBSfLpFKaEf6q1Eg4PuNJtu3yLx2JcrBteZBuBLLauFAtEYgp5U9dnS 7cCwUeb6LEdBP3YTWU61YYHaZTwIeSWlVJfTCeh+O1D1YNAIF7AiIDf8raJq+tgA I89pNUIFzB8QEpxGPkXT7VNDgzlHcYx8pbh8wLL9wODGtr4DtbIaQPB9dsg4cqS8 jY5dYJ0d1omo9hy9zp2yze2HkMwd8JYdB0wiZsnqwxplJIM1RJnRjXG9CQSW/wo= =Ih/R -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161016212243.GE15776%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: philosofy on qubes and other environment
On Saturday, October 15, 2016 at 11:38:07 PM UTC-4, pleo...@gmail.com wrote: > unikernel u mean this? > http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ > i have installed it and work good. ya thats what i was talking about, nice I'll have to try it out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/942378b2-7593-4bee-a229-26ecc2076bea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Maybe a provocative question
On Saturday, October 15, 2016 at 10:28:24 PM UTC-4, QubesOS User wrote: > You mentioned some good points about QubesOS. One thing I definitely dislike > about QubesOS (and that's no offense of course - it's simply unavoidable, and > of course that's not the developers' fault - in contrast I couldn't imagine > how they could optimize it even more [maybe one could do so as a user by > switching from Fedora to a distro template which needs very few ressources > despite having to run multiple VMs]) is that it consumes a really huge amount > of CPU and memory, even on modern hardware. > > Well, another approach for isolation (not in the way by VMs employed on any > Linux distro, it's a totally different approach) is GNU Hurd, but it's still > experimental and only works on QEMU as far as I know (didn't follow it for > quite a while). However, those guys are really enthusiastic as well and maybe > that could be another promising approach someday. > > > Yes, if the NSA etc. really wouldn't be able to break into your QubesOS > system, then they'll certainly have plenty of other means to gain access to > your data (refer to the NSA-ANT catalogue, papers about key strokes and radio > sginal interception etc.). > > No, I don't agree to your last paragraph. Any well-configured Linux distro > plus a good firewall (pfsense etc.) / router (like Turris Omnia) will prevent > any (super professional) hacker from breaking into your system, if you set up > everything in the best possible way AND choose the right (open-source) > hardware. > > > Kind regards and all the best > > > 16.10.2016, 03:47, "raahe...@gmail.com": > > On Saturday, October 15, 2016 at 9:16:52 PM UTC-4, QubesOS User wrote: > >> 16.10.2016, 01:03, "raahe...@gmail.com" : > >> > On Saturday, October 15, 2016 at 5:09:46 PM UTC-4, QubesOS User wrote: > >> >> Hello everyone, > >> >> > >> >> I could imagine that this question has been discussed before already, > >> and if this should be the case, then I'm very sorry for posting this (I'd > >> be thankful for an according link if so though). > >> >> > >> >> I think that I've gained quite much knowledge about possible attack > >> surfaces provided on hardware and software level during the last 15 years, > >> trying to keep up-to-date and often doing research on new approaches in > >> this field. First of all, I'd like to stress that the 'objection' (which I > >> don't mean as such) I may raise by this post does not have any intention > >> of criticizing the great work and effort done by the QubesOS developers > >> and the community (it's not meant as an unhelpful 'critique' at all). Much > >> rather I have a huge respect for the commitment shown by everyone involved > >> in the development of QubesOS. > >> >> > >> >> Having compared various approaches in this field (e. g. OpenBSD, > >> Linux using a hardened security kernel, GNU Hurd), I'd basically come to > >> the conclusion that QubesOS is the most promising approach, especially if > >> VT-d isolation is available. > >> >> > >> >> However, the main points I'd like to address are: > >> >> > >> >> 1) XEN is developed by people working for a company based in the U.S. > >> (I know the difference between open-source and proprietary software, but > >> still they belong to the same team/company). If even developers of > >> TrueCrypt received one of those 'blue letters' - What is the reason to > >> assume that the XEN developers didn't receive one of those as well? Seen > >> from the perspective of the NSA it looks totally odd and irrational to me > >> if they would not to so, since they can do so, and it's their task to > >> thwart any efforts which might hinder them from collecting data. I don't > >> regard those people as being 'evil' or anything like that (nor do I regard > >> this as being positive, which should go without saying), I just look at > >> things in a rational way: If QubesOS is a great approach to ensure > >> security, then one must be naive to assume that this won't automatically > >> lead to classifiying this as a 'high priority target' - With all the > >> consequences. > >> >> > >> >> 1.2) Since this looks so obvious to me: Why isn't it a top priority > >> for QubesOS developers to make use of a supervisor (or develop an > >> independent one, which would surely need endless efforts, but wouldn't it > >> be worth it?), which is not subjected to the objections I tried to express? > >> >> > >> >> 2) QubesOS totally relies on 2.1) trusting XEN developers to > >> completely understand the more than just complex x64 architecture being > >> used today and 2.2) on trusting Intel's VT technology. > >> >> Regarding 2.2): Just assuming Intel would have received some kind of > >> 'advice' (they may even find motivation without getting such - I certainly > >> don't think that Intel is an 'NSA subcontractor', but they are simply a > >>
[qubes-users] Re: philosofy on qubes and other environment
On Sunday, October 16, 2016 at 12:03:59 AM UTC-4, pleo...@gmail.com wrote: > I dont know how to install it,im so stupid omg.Maybe like ProxyVM and route > trafic by pFsense? but its no option to choice only fedora debian.WTF im so > stupid.I dont know how to install it. Its too complicated for me to try, but have a look here maybe will point you in right direction https://www.qubes-os.org/doc/building-non-fedora-template/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0353ff8c-c97d-4111-923d-619da24d7c6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is Qubes R3.2 still in testing branch?
On 2016-10-16 23:22, Marek Marczykowski-Górecki wrote: On Sun, Oct 16, 2016 at 08:21:17PM +0200, Pawel Debski wrote: Folks, I'm planning R3.1 -> 3.2 upgrade and need explanation: |sudo qubes-dom0-update --enablerepo=qubes*testing --releasever=3.2 qubes-release| why do I need to enable testing repo? I thought that R3.2 has already been released as stable. You're right, testing repo is no longer needed. Instruction fixed. The thing is, that I was getting errors until I enabled testing repo. With --enablerepo=qubes*testing the upg went on. Z powazaniem / Best Regards Mit freundlichen Gruessen / Meilleures salutations Pawel Debski -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4228d0c2-bb4c-ad67-5ba8-3b03aff64f0e%40econsulting.pl. For more options, visit https://groups.google.com/d/optout.