Re: [qubes-users] Whonix 15 has been released
Hey, On 7/3/19 4:44 PM, 'trichel' via qubes-users wrote: >> I got the impression that a complete reinstall requires (a) a fedora >> appvm (I have none), (b) does not work over TOR, since the AppVM's >> based on whonix must be removed (or set to dummy template) before >> removing the whonix-14-templates. Then sys-whonix is gone, right? >> That seems awkward asprocedure. Can someone explain, please? Why can't I >> install whonix-gw-15 and whonix-ws-15 via dnf in dom0 and THEN remove >> the -14- ones? Cheers, Bernhard > > After botching the whonix-14 template with an unsuccessful upgrade attempt I > reinstalled it by entering sudo qubes-dom0-update > --enablerepo=qubes-templates-community --action=reinstall > qubes-template-whonix-gw-14 as explained at > https://www.whonix.org/wiki/Qubes/Reinstall > > Because this page gives 'sudo qubesctl state.sls qvm.anon-whonix' as a > mandatory step I executed that after the reinstall. This installed 2 new > templates whonix-gw-15, whonix-ws-15 and a whonix-ws-15-dvm, with all the old > stuff still present. I deleted the Whonix 14 templates with dnf and all seems > fine now. > > So, apparently just entering sudo qubesctl state.sls qvm.anon-whonix is the > easiest way to install new Whonix 15 templates. I didn't create a special > update VM for this. Probably it is best to remove the old ones first even > though it also works if you don't, apparently. If you need to *upgrade* for > some reason (instead of simply replacing the templates with new ones) then > you should *NOT* follow this procedure, of course. > Also see: https://www.whonix.org/wiki/Qubes/Install > > I find it pretty confusing too ... Maybe an expert can give some additional > info :) No expert here, but tested stuff on a QubesOS R4.0 with a working Whonix 14 installation. Running `sudo qubesctl state.sls qvm.anon-whonix` alone would *not* install Whonix 15 for me, it would just note that all relevant VMs exist already and call it quits. What worked for me was: 1. Install the Whonix 15 templates: sudo qubes-dom0-update \ --enablerepo=qubes-templates-community \ --action=install \ qubes-template-whonix-gw-15 \ qubes-template-whonix-gw-15 2. Using Qube Manager, change the templates for relevant qubes (sys-whonix, anon-whonix, whonix-ws-14-dvm) to relevant Whonix 15 templates. Restart any modified qubes afterwards, of course, and test stuff works. 3. Remove the unneeded Whonix 14 templates: sudo dnf remove \ qubes-template-whonix-gw-14 \ qubes-template-whonix-gw-14 So far so good. -- Regards, rysiek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06ca8210-42ab-a398-f959-259d65d7f126%40hackerspace.pl. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: Whonix 15 has been released
The new template is out. The way to install it is with: sudo qubesctl state.sls qvm.anon-whonix If you previously had Whonix 14 installed, change 14 to 15 with: sudo vim /srv/formulas/base/virtual-machines-formula/qvm/whonix.jinja I found this last info on the whonix site but cant find it right now -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/qflgod%241smc%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question on the new format of rules for Qubes mirage firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, With the old format of rules for the mirage firewall I had the following setup: ... let git_addr = Ipaddr.V4.of_string_exn "192.168.1.101" let allowed_to_git = List.map Ipaddr.V4.of_string_exn [ "10.137.0.20" ; "10.137.0.21" ] let local_subnet = Ipaddr.Prefix.of_string_exn "192.168.0.0/16" let mgmt_local = Ipaddr.V4.of_string_exn "10.137.0.22" let from_client = function | { src = `Client c; dst = `External e } when Ipaddr.Prefix.mem e local_subnet && c#other_ip = mgmt_local -> `NAT | { src = `Client c; dst = `External e } when e = Ipaddr.V4 git_addr && List.mem c#other_ip allowed_to_git -> `NAT ... Is it possible to get the same functionality with the new rules using the prefix and the lists of addresses? It would also be useful to be able to block prefixes as well if that's possible. Thanks for your help -BEGIN PGP SIGNATURE- iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXR6YDBIccHJhZ29AdHV0 YW5vdGEuZGUACgkQPPHARjGwCFhrWwD9HZeHlNTUmw0R2gjZHqkTaqJ5rZYSv7rb l4QdI0Y2POoA/1h50GNz+LL/XXlGJyfwGjSq+kKpbX8D1mqiJ1gJXUXw =rWJK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LizX-vj--3-1%40tutanota.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: No vpn-handler-openvpn in service tab
On 7/6/19 1:05 AM, Philip Pians wrote: Hmm… First install of Qubes had networking error which couldn’t be completely rectified without fresh install. Second install seemed to have worked flawlessly, but if the DisposableVM’s networking setting is not what it should be by default, is it possible my Qubes iso is faulty? The only networking I recall changing is that of sys-net, and the VPN AppVM at time of creating if you count that? Perhaps a third install is needed? Changing sys-net networking back to (none) (current) hasn't helped being able to connect to the net again, so can't even find out if I finally got the VPN setup correctly. in a dom0 terminal you can do $qubes-prefs to see what the default system-wide default_disp_vm is or you the menus -> global settings I advise if your concerned just do $qube-prefs default_dispvm none then later when you've used qubes for a while you can use the Qubes Manager Application and go in there and change some qube to the disposable vm you might want like for opening pdf files from thunderbird, so you would use your Mail AppVM (TBAVM) "qube" settings to change to 1 AppVM disposable VM setting rather than system-wide, then you won't have to see the yellow triangles :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4bfafc6-45b0-1369-e5da-6fe01a9d0a45%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is not safe to use Qubes OS 3.2?
'awokd' via qubes-users: davidmizr2...@gmail.com: Hi, i'm asking because my hardware is not compatible with qubes 4.0 Is not safe to use Qubes OS 3.2? Thanks It is less safe to use 3.2 than it used to be when it was getting patches. It doesn't immediately become unsafe once it is no longer supported, especially if you are keeping the templates up to date with security patches. However, the longer you stay on 3.2, the less safe it gets. If the choice is between using qubes 3.2 and using a monolithic linux distro (because of incompatibility with 4.0), i'd say 3.2 is still the better choice, but i'm not an expert. -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44de23d1-d7f3-979e-98c9-9717ceb28050%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: No vpn-handler-openvpn in service tab
Hmm… First install of Qubes had networking error which couldn’t be completely rectified without fresh install. Second install seemed to have worked flawlessly, but if the DisposableVM’s networking setting is not what it should be by default, is it possible my Qubes iso is faulty? The only networking I recall changing is that of sys-net, and the VPN AppVM at time of creating if you count that? Perhaps a third install is needed? Changing sys-net networking back to (none) (current) hasn't helped being able to connect to the net again, so can't even find out if I finally got the VPN setup correctly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/512bf30b-1f39-4d9a-9cbc-d24ed2ff9aca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installing qubes, new machine.
I'm a long time Qubes user. Qubes has been happily running on an older laptop. Decided to go for more modern hardware. Long story made short. Apart from the graphic invite never showing (just plain old vga text messages scrolling), on the first few installations, there were some random problems ranging from not shutting down to missing the Qubes system tray icon, but it was installing. Some red lines in dmesg, apparently unrelated to the issue(s), since, more or less, the same messages were shown after installing Debian 10, and fixed with some firmware (iwliwifi, realtek, and the nvidia driver). Now, installation is impossible. The hardware is detected until the the USB boot drive, attached as a SCSI device (5:0:0:0). The size, serial number and so on is displayed, then it freezes for some time before showing an endless "dracut-initqueue timeout" message. I'm at a loss. Just in case: Intel i7-8750H, GeForce MX150 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5780f516-b447-432d-b414-490d483dad42%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is not safe to use Qubes OS 3.2?
davidmizr2...@gmail.com: Hi, i'm asking because my hardware is not compatible with qubes 4.0 Is not safe to use Qubes OS 3.2? Thanks Just curious, I'm guessing it's because of the VT-d requirement? Like others have said, 3.2 is still probably safer than some random distro. I wish we could have stuck with the PV-based VMs, which wouldn't require VT-d, and are probably more efficient, but I can understand the reasons for the switch to PVH. - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9be810bd-8124-aad7-2fe8-429412919c4f%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] strange experince with Qube
On 7/5/19 12:30 PM, 27casanov...@gmail.com wrote: Right now I was about to get an acount at an email provider. I have done this before, verification is not soposed to be nessesary. But all of a suden Im soposed to enter a phonumber. Because: "to many acount has bin sett up" This is a bit worying when using Qubes to protect once privacy to say the least. Next step. I chekt whatsmyip. And Ironicly This servis also told me that I hade bin using the service to many times. Then I tride an other "ip servise" that confirmed that my ip adress whasent showing. At that point I tought that some one might have sett up acounts from that particular ip adress that I was using at that time (trough Tor). So I tride changing my identaty in the Tor broser twice. But got the same mesage. Then tought that ther might be traces left in the broser. So I even tride setting upp a new vm. But still gett the same message. Whats going on here? AFAICT this isn't Qubes related. Tor exit nodes experience "bad weather" when, for example, too many people do abusive things with Tor. Then Internet sites will blacklist Tor IPs or increase the restrictions on Tor users. So a Tor list or forum is probably a better place to discuss this issue. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4cf15ad-51aa-894b-6fcd-714642705240%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best laotop investment for Qubes?
On Friday, July 5, 2019 at 12:05:46 PM UTC+3, 27casa...@gmail.com wrote: > Eventuly Im getting a new lapptop for qubes. What would be the best model > that will work with qubes future uppdates? Im considering Lenovo Carbon X1. I would suggest to find out more about Clevo laptops, for example here: https://www.clevo.com.tw/index.html About prices you could find out here: https://www.avadirect.com/search?sq=Clevo I am using Oryx Pro 4 which means CLEVO P955ER but with higher price https://www.xoticpc.com/sager-np8955-clevo-p955er.html So I would recommend to buy Clevo directly without System76 or any other company who sell this Brand with overprice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1249e80f-069f-4d4b-854b-7643ea96c113%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] strange experince with Qube
Right now I was about to get an acount at an email provider. I have done this before, verification is not soposed to be nessesary. But all of a suden Im soposed to enter a phonumber. Because: "to many acount has bin sett up" This is a bit worying when using Qubes to protect once privacy to say the least. Next step. I chekt whatsmyip. And Ironicly This servis also told me that I hade bin using the service to many times. Then I tride an other "ip servise" that confirmed that my ip adress whasent showing. At that point I tought that some one might have sett up acounts from that particular ip adress that I was using at that time (trough Tor). So I tride changing my identaty in the Tor broser twice. But got the same mesage. Then tought that ther might be traces left in the broser. So I even tride setting upp a new vm. But still gett the same message. Whats going on here? Yes my speling is this bad. Sorry -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41d9065e-f0ae-4c15-b9b1-3352944b85f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TemplateVM updates almost instantly fail when target is VPN qube but dom0 updates run just fine
On 6/28/19 3:03 AM, Sphere wrote: On Thursday, June 27, 2019 at 11:44:51 AM UTC, unman wrote: On Wed, Jun 26, 2019 at 10:12:40PM -0700, Sphere wrote: @unman: thanks for that I also noticed that qubes-updates-proxy.service fails by default on startup and I'm unsure if that is a minimal template-only problem but I was able to fix it thanks to it indicating that the problem is a missing folder: /var/run/qubes-service/qubes-updates-proxy Pretty much the same problem that I get with clocksync service thankfully so I was able to confirm that this service was running as intended systemctl status qubes-updates-proxy: qubes-updates-proxy.service - Qubes updates proxy (tinyproxy) Loaded: loaded (/usr/lib/systemd/system/qubes-updates-proxy.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-06-27 12:06:14 +08; 2s ago Process: 1603 ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start (code=e xited, status=0/SUCCESS) Main PID: 1608 (tinyproxy) Tasks: 3 (limit: 414) Memory: 4.1M CGroup: /system.slice/qubes-updates-proxy.service ??1608 /usr/bin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf ??1609 /usr/bin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf ??1610 /usr/bin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf Jun 27 12:06:14 redacted systemd[1]: Starting Qubes updates proxy (tinyproxy)... Jun 27 12:06:14 redacted systemd[1]: Started Qubes updates proxy (tinyproxy). Jun 27 12:06:14 redacted tinyproxy-wrapper[1608]: Found tinyproxy at /usr/bin/tinyproxy Despite this however, the problem still persists and still behaves the same even after trying dnf update for 5 times I think is right about the fact that there is a bug about this @Chris I think you may be right about the fact that this is a bug and I guess it's time to escalate it into an issue in github. I'm willing to lend a helping hand in making the issue as needed. My setup is all fully dependent on variations of fedora-30-minimal template that I have tailored depending on use-case of the AppVM that would be using it. Like Chris, I use a separate qube for updates. Unlike you and Chris I don't see the behaviour you report. Let's try to dig in before raising a bug report. I've tested this with 30-minimal template 201905071541 and 201906241949, from stable and testing. I've tested against dom0 stable and dom0 testing: both fully updated. Test boxes are an old x230 and a custom rig with X-series CPU and 32G RAM. In all cases, the proxy is started as appropriate, and the update process (from fedora 29 and 30-minimal) waits until proxy is up and then proceeds. What hardware are you, Sphere and Chris, running? Sphere - if you create a dedicated update qube using the 30-minimal with qubes-core-agent-networking installed, enable the qubes-updates-proxy service, route it through sys-firewall, and edit the policy file appropriately, do you see the same behaviour? (Almost instant fail) What if you start the new update proxy before attempting a 'dnf update'? unman Big update: I was able to solve the problem What I essentially did: 1. Ensure to run the Update Qube first 2. Confirm and ensure that the qubes-updates-proxy is already running after the qube is started. qubes-updates-proxy was listed and set as checked in the services tab of Qubes Settings GUI before starting the update qube. checking was done through the `systemctl status qubes-updates-proxy` command. 3. Ensure that qubes.UpdatesProxy policy file is configured correctly before starting the templateVM 4. Ensure that DNS queries are resolving in the update qube 5. Start the templateVM and try to do a dnf update One big thing to note here is that I encountered the problem after step 4 and was able to solve it by ensuring that my update qube is able to properly resolve DNS queries but I have to say that what's unique in my situation is that I use DNSCrypt for resolving DNS queries. So basically, the problem was solved after I ran DNSCrypt on the update qube. Admittedly that was kinda dumb on my part to not realize that the f30 template definitely needs to have DNS resolutions to do updating along with that fact that I have already blocked all plaintext DNS from going out. However, I can't quite remember whether or not I had DNSCrypt running on the update qube last time I tested it so there's a possibility that strictly doing the first 2 steps that I did contributed greatly in solving the problem. For the purpose of troubleshooting this problem however, the qube that I used to update and the qube that I used for VPN is one and the same. I guess I'll try to use separate ones next week to see how it goes (I have none to very minimal online activity throughout the weekend). @Chris: Maybe you could try what I did and see how it goes? Unfortunately its not helping. I can successfully update my Debian templates usually on the first try, bu
Re: [qubes-users] Is not safe to use Qubes OS 3.2?
'awokd' via qubes-users: davidmizr2...@gmail.com: Hi, i'm asking because my hardware is not compatible with qubes 4.0 Is not safe to use Qubes OS 3.2? Thanks It is less safe to use 3.2 than it used to be when it was getting patches. It doesn't immediately become unsafe once it is no longer supported, especially if you are keeping the templates up to date with security patches. However, the longer you stay on 3.2, the less safe it gets. If the choice is between using qubes 3.2 and using a monolithic linux distro (because of incompatibility with 4.0), i'd say 3.2 is still the better choice, but i'm not an expert. -- Jackie -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36548514-3694-b5fc-fa6d-d7726cf5a068%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Qubes-vpn-support v1.4.1 released!
On 7/4/19 1:51 PM, Jon deps wrote: On 6/20/19 8:00 PM, Chris Laprise wrote: Version 1.4.1 of Qubes-vpn-support has been released. It includes tweaks for smoother operation, greater control over the firewall, and revised docs in the Readme: https://github.com/tasket/Qubes-vpn-support Features Provides a fail closed, antileak VPN tunnel environment Isolates the tunnel client within a dedicated Proxy VM Prevents configuration errors Separate firewall VM not required Easy setup Simple install script; No file editing or IP numbers necessary Lets you 'drop in' configuration files from VPN service provider Flexible installation into template or to individual ProxyVMs New in this version, v1.4.1 Qubes 4.0.1 support Control over specific firewall restrictions Better compatibility with MTU fragmentation detection New in v1.4.0 Anti-leak for IPv6 All DNS requests forced to chosen VPN DNS Firewall integrity checked before connecting Quicker re-connection Supports passwordless cert authentication * Also note that Qubes 3.x is no longer detected or supported. * Updating to the new version is simple and described in the 'Quickstart' guide. * For users of qubes-tunnel (twin vpn project), an equivalent update is forthcoming in the next week. However, if you wish to switch to Qubes-vpn-support now, you can install it without issues for a new VPN VM. Which Debian-9 packages besides openvpn need to be installed in the Template for QVS to work ? Only openvpn. I'm finding that sudo apt-get install openvpn isn't enough on the default Deb-9 Template just installed, and copying over backed up AppVMs from another machine. It does worked with another Debian-9 template copied over from the other machine but I'd like to use the fresh installed Deb-9 on the new machine instead. am finding that bash ./install is just returning empty if it's installed already . would that be normal ? It should only do that if you omit 'sudo'. - Also. I just posted a bug fix. VPN passwords with special symbols like '\' were not being saved correctly, preventing successful connection in that case. The updated code should save any combination of ASCII symbols correctly now. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4022be3f-28f0-e0ea-6a2a-db101b3f79ce%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: No vpn-handler-openvpn in service tab
On 7/5/19 2:48 AM, Philip Pians wrote: …Followed instructions, next day start up Qubes, got networking error, opened settings for sys-net, saw under networking it said (none) (current), tried changing it to sys-firewall (default) and got “[Dom0] Error while changing settin (sic) ERROR: Basic tab: Loops in network are unsupported”. Immediately after that the internet connection was disconnected, and it won’t reconnect even by putting networking back to (none) (current). I tried all the different networking options all of them give the same “Loops” error message and nothing. By randomly clicking the firewall tab, it says in red lettering “This qube has no networking – it will not have any network access anyway”. And a popup also says “[Dom0] Qube configuration problem! This qube has networking disabled (Basic -> Networking) network will be disabled. If you want to use firewall please enable networking”. The sys-net VM should always have its netvm set to (none), because its the one VM that communicates through the hardware and not through another VM. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/45a687a5-edb2-fa29-5b8b-c666c7c7ca5b%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How do I install programs in Windows 7 Qube?
On Thursday, July 4, 2019 at 5:44:53 PM UTC-4, awokd wrote: > > On Wednesday, July 3, 2019 at 4:18:05 PM UTC-4, awokd wrote: > > > >>> On Monday, July 1, 2019 at 7:32:32 PM UTC-4, awokd wrote: > >>> > > Installer programs I believe need to be run from the windows os, so not > > sure how to copy it to the desktop of the os to run it. > > > > If you have the windows tools properly installed, you should be able to > copy to it from a different VM with qvm-copy. > >>> > >>> Great, now I can't install Windows Tools. When I type in the command > >>> from Qubes website it says: > >>> > >>> Cannot retrieve repository metadata (respond.xml) for repository: > >>> Qubes-dom0-current. > >>> > >> A repo is temporarily unavailable. Try again tomorrow. In the meantime, > >> it would probably be a good idea to shutdown your win7 VM and make a > >> clone. Installing those Windows Tools can often result in a broken VM if > >> you miss a step, so you want to have a good copy. > > > > Tried to clone qube, got error: " Got empty response from qubesd. See > > journalctl in dom0 for details." > > > What were the details, and what troubleshooting steps did you take in > response to them? Sorry, I'm new to this, I don't know how to check journalctl. I can follow directions on their instructions fine, but have trouble with other stuff. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa2733b2-dd56-4584-8430-0ba8a049bf10%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: No vpn-handler-openvpn in service tab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 05/07/2019 1.48 AM, Philip Pians wrote: > [...] > > Edit: There’s also a little yellow caution sign beside networking > which says “Caution: default DispVM template has a different > Networking setting than this Qube. Unexpected network access may > occur!” > The presence of that icon means that the Default DisposableVM Template (see the Advanced tab) has a different Networking setting than this qube. This configuration may result in unexpected network access. For example, you may have set this qube's Networking to "none" in order to prevent any data from being transmitted out. However, if the Default DisposableVM Template's Networking is set to "sys-firewall," then a DisposableVM started from this qube may be able to transmit data out, contrary to your intention. You may wish to set the Default DisposableVM Template for this qube to one with equally restrictive Networking settings. Related issue: https://github.com/QubesOS/qubes-issues/issues/5115 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0fF0EACgkQ203TvDlQ MDC8qQ//QXiZHafmf8/sDKnnY/BtalQpTwwjPjL8M99cKy2bvVT4UGtkalC1NwN/ aFuv9UIbChqtBCdrtONeDcmDmU7kwhrJGn5BfuFS8MeogrMqvLgIuVbEhfRH7Z/r jIHw+bMtOXBmhGPBLdbERCtzsT8FeZ06bmM/uZQBX/kgz3Qp5JvHQ2aqPlRkx+zE uJS97h1UncacpSFGxDNcSGFrclGRCW5qtHkHCfJii3lbulx/QVwRX9M3ZQ+o3Dva yRu/4oVlswPxPzs6GDrXTSqlrX/iVctHODcvQTHMkEW/19TaXPej2G8zrs5v9el6 kfpJiuOc431ouXEjuk7Mvqd1VRnAAauCso9E9wYrTsXzX53L/2J8q/req7yeQOBb Zd99yXSz1UyP8xhTpO0tuU4EJ3U9t07mkl5YvicxvUaOIiL3G0/hdoomSGF0pDvB 3LurLPerZK25zwbDf2rP2aZPzUyzA/Rbmttjh1MYmw9K6ka2Mf9srMSM6hu0SA0T mSrc8uN7qwYPi3mav3/n4/qBAGxrlir2sfW5m1CpdMwubys7tNMQzDQKTfyBWGnd 4eyds3MG4a+CsBpFFMeV4iPDCHF3fpFDLVVEl40VJUs8nXMHoK1lvltZDALmyLQC vHfERq7K8WFQIobdBIZVIvM8Dqv/kmPAVfA82H21UB/AxQvUvvc= =LMia -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/334295db-8565-5aa8-02c6-5a8a1637929e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Best laotop investment for Qubes?
Eventuly Im getting a new lapptop for qubes. What would be the best model that will work with qubes future uppdates? Im considering Lenovo Carbon X1. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c110b97f-8cc6-4b1d-ad4a-a16e578a0f30%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.