[qubes-users] Re: Windows 10 on Qubes (freeRDP)
> ** Offline Windows ** > > The best feature of `qubes-windows-tools` is that you can use Windows > offline with networking completely disabled. Without QWT, the best you can > do is have strict firewalls everywhere but especially on your proxyVM. > > The only traffic that is necessary for this setup (in proxyVM): > iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A FORWARD -i vif+ -s -o vif+ -d \ > -p tcp --dport 3389 -m state --state NEW -j ACCEPT > > Drop all other windows outbound traffic entering proxyVM: > iptables -A FORWARD -i vif+ -s -j DROP > iptables -A INPUT -i vif+ -s -j DROP > > Some other ports that you may require: > WSUS: tcp 8530-8531 > KMS: tcp 1688 > Samba is a mess: tighten with -s and -d > I am having an issue trying to get these scripts to work in my cloned-sys-firewall qube. I have got the two qubes communicating between each other using the scripts here https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes but I am not able to get the Offline Windows section to work properly. I am getting the following error in my WorkVM Terminal "failed to connect to " I inputed the first three lines in /rw/config/qubes-firewall-user-script and I inputed the 2 last iptables lines in /rw/config/rc.local in my cloned-sys-firewall qube and obviously changing my IP addresses. Any ideas as to why its not connecting? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/339d46bc-6d0d-4168-8d67-cd91abe4836e%40googlegroups.com.
[qubes-users] Re: New Install of Qubes OS 4.0.2 RC1 Dom0 Doesnt Update
On Saturday, July 13, 2019 at 4:37:47 PM UTC-4, dro...@gmail.com wrote: > > The Issue I am having is that When I try and update Dom0 in the Terminal > > using "sudo qubes-dom0-update" I am getting this. > > > > Fedora 25 - x86_64 - Updates > > Fedora 25 - x86_64 > > Qubes Dom0 Repository (updates) > > determining the fastest mirror (15 hosts)..done.. > > Qubes Templates repo138% > > Qubes Templates repository > > Last metadata expiration check: > > Dependencies resolved. > > > > Reinstalling: > > python3-blivet noarch 2:2.1.6-5.fc25 qubes-dom0-current > > python3-kickstart noarch 1000:2.32-4.fc25 qubes-dom0-current > > qubes-release noarch 4.0-8 qubes-dom0-current > > qubes-release-notes noarch 4.0-8 qubes-dom0-current > > Interesting. I don't have that problem. I did get some other error messages > the first time I ran sudo qubes-dom0-update, something about can't delete > local files, but it hasn't done it again. I did some research and found this https://github.com/QubesOS/qubes-issues/issues/4792. I have bypassed the Issue by manually installing those items in dom0 using "sudo dnf install". I have also just had the same issue when I downloaded a fresh copy of debian-10-min from testing. It downloaded but wouldnt install. I had to manually install the template using the line above. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd669663-ca5c-4314-8794-f2260804e702%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] New Install of Qubes OS 4.0.2 RC1 Dom0 Doesnt Update
Hey, I have just Updated my System to Qubes OS 4.0.2 RC1 and the Install went very Smoothly. Actually didnt have a single Error/Issue with the Install. This is also using UEFI. I am using a Lenova X1 carbon Gen 6 laptop. The Issue I am having is that When I try and update Dom0 in the Terminal using "sudo qubes-dom0-update" I am getting this. Fedora 25 - x86_64 - Updates Fedora 25 - x86_64 Qubes Dom0 Repository (updates) determining the fastest mirror (15 hosts)..done.. Qubes Templates repo138% Qubes Templates repository Last metadata expiration check: Dependencies resolved. Reinstalling: python3-blivet noarch 2:2.1.6-5.fc25 qubes-dom0-current python3-kickstart noarch 1000:2.32-4.fc25 qubes-dom0-current qubes-release noarch 4.0-8 qubes-dom0-current qubes-release-notes noarch 4.0-8 qubes-dom0-current It downloads these updates and then says: Complete! The downloaded packages were saved in cashe until the next successful transaction. After I restart the computer this just keeps repeating. Is there a way to fix this? I am also noticing that when I start Qubes OS I am getting this during the boot process "Failed to start Load Kernel Modules" but it continues to boot up with no other issues. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ee55c96-97ac-4dc0-9e10-1c5b14148455%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
I am also looking for a riseup Invite to use this service. alexw8913[at]gmail.com -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/131ccaa3-9ceb-45e6-8755-0888da710911%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN before Tor setup using Whonix help
On Monday, May 13, 2019 at 12:03:18 PM UTC-4, Chris Laprise wrote: > On 5/13/19 9:36 AM, alexw8...@gmail.com wrote: > > Hello, I am trying to achieve this: User -> VPN -> Tor -> Internet > > > > This is my setup in qubes: > > > > fedora-29-vpn (templatevm- has openvpn installed) > > > > VPN-appvm (has openvpn running in it. It is using fedora-29-vpn > > template)--> vpn-sys-whonix(ProxyVM based on whonix-gw-14 template and > > its NETVM is VPN-appVM-->Internet AppVM(based on template whonix-ws-14. > > Its NETVM is set as vpn-sys-whonix). > > You might double-check this diagram. It doesn't look right. I would > expect something more like: Anon1(whonix-ws)-->VPN(fedora or > debian)-->sys-whonix(whonix-gw)-->sys-net. wouldnt this way be User -> TOR -> VPN -> Internet? Sorry if it was a bit confusing my explanation of the setup. maybe this is better explained. whonix-ws -->Whonix-gw>sys-vm-->sys-firewall Internet VPN Internet(NETVM=vpn-sys-whonix)>vpn-sys-whonix(NETVM=sys-vm)->sys-vm (NETVM=sys-firewall) (whonix-ws template) (whonix-gw template)(fedora-29-vpn template) > > It also matters precisely where you are checking for DNS packets. > > > > > I have been following this guide > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts > > when I was setting up VPN-appvm which I followed to a tee and completed > > without too much trouble. > > > > The Issue is, I have DNS leaks by doing some online DNS checks with > > VPN-appvm. Any Idea why/how to possibly fix this. > > A vpn vm may still send out DNS packets in the clear to look up its own > servers. Beyond that, you shouldn't see any. > > You can try a more thorough vpn setup here: > > https://github.com/tasket/Qubes-vpn-support > > This will check that the anti-leak firewall rules are in place before > starting the vpn client, and generally keep the link running more smoothly. I can try this method see the difference. > > However, I should note there is at least one issue open there for Fedora > 29 weirdness. In general, I recommend using Debian (which is what Whonix > is based on) as it has been better behaved than Fedora overall. Its also > the case that Fedora is intended to be a testbed, NON-production OS and > Qubes has plans to migrate away from it. Yes I can switch over to debian and see if that fixes the problem aswell. > > You should also read the vpn-related sections of the Whonix docs; There > are tradeoffs to using a vpn with Whonix. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1aead4a0-b3c5-4471-bbb3-b667a086f92b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN before Tor setup using Whonix help
Hello, I am trying to achieve this: User -> VPN -> Tor -> Internet This is my setup in qubes: fedora-29-vpn (templatevm- has openvpn installed) VPN-appvm (has openvpn running in it. It is using fedora-29-vpn template)--> vpn-sys-whonix(ProxyVM based on whonix-gw-14 template and its NETVM is VPN-appVM-->Internet AppVM(based on template whonix-ws-14. Its NETVM is set as vpn-sys-whonix). I have been following this guide https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts when I was setting up VPN-appvm which I followed to a tee and completed without too much trouble. The Issue is, I have DNS leaks by doing some online DNS checks with VPN-appvm. Any Idea why/how to possibly fix this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6136b81c-8b70-4d97-b0ec-129283878a9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] split gpg: multiple authorization windows popping, autoaccept not working
On Wednesday, May 9, 2018 at 10:37:26 PM UTC-4, tel wrote: > On 05/08/18 10:12, Quentin wrote: > > > Trying to get split gpg to work with thunderbird. > > When I click on write in thunderbird it opens three authorization > windows. First time I give authorization to access my gpg qube, it asks > to give the permission for 5 minutes. After accepting that, there are > still authorization windows popping. > > > How to give the authorizations to access the gpg qube for 5 minutes? > > > > From the website, and new > in Qubes 4.0: > > > > New qrexec policies in Qubes R4.0 by default require the user to > enter the name of the domain containing GPG keys each time it is > accessed. To improve usability for Thunderbird+Enigmail, in dom0 > place the following line at the top of the file > /etc/qubes-rpc/policy/qubes.Gpg: > > > > work-email work-gpg allow > > where work-email is the Thunderbird+Enigmail AppVM and work-gpg > contains your GPG keys. I am having the same Issue with the Popups for Authentication between VM's. I am running Qubes 4.0.1 fully updated and I have typed in this line in /etc/qubes-rpc/policy/qubes.Gpg $work-email $work-gpg allow After this step Thunderbird doesnt see my gpg-key in work-gpg at all. It seen it before I typed that line in fine Other then the Auth popups. So I have went Back a step and re-did this in my Work-email terminal [user@work-email ~]$ export QUBES_GPG_DOMAIN=work-gpg [user@work-email ~]$ gpg -K [user@work-email ~]$ qubes-gpg-client -K Request refused I am getting this error "Request refused". It works fine leaving the qrexec policies as $anyvm $anyvm ask Any ideas on why this could be happening? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95e5b113-1f47-4377-902d-21f016fd4cab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Thinkpad X1 Carbon 6th gen - Qubes 4.0
what procedures did you have to follow to get qubes installed with UEFI? I have the same laptop lenovo thinkpad X1 Carbon gen 6 and after using rufus with 'DD' it installs fine but after it restarts, it seams to load up the system files but goes to a black screen right after. just before you type in your disk password. I have flashed to the most recent bios 1.34. I have USB UEFI BIOS Support Enabled. VT-d is enabled. secure boot is disabled. I am booting UEFI Only with CSM Support disabled. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5346c1f3-f540-4fa1-8a2a-a0c0b405e284%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Making a Qubes USB Installer USB with Fedora LiveCD
Hey, I am having an Issue putting a qubes 4.0.1-x86_64.iso image onto a Flash Drive. The laptop I am using is Lenovo X1 Carbon Gen 6. I am using the method described here https://www.qubes-os.org/doc/thinkpad-troubleshooting/. Here is my output of the command: [liveuser@localhost ~]$ sudo livecd-iso-to-disk --format --efi /run/media/liveuser/Windows/Users/Alex/Desktop/Qubes-R4.0.1-x86_64.iso /dev/sdc Verifying image... /run/media/liveuser/Windows/Users/Alex/Desktop/Qubes-R4.0.1-x86_64.iso: 9d20945f71a1e4066e742d95cfe61fb5 Fragment sums: d8d4876194afaad8b914cbf9e342df1b73a1578abc8529e135e2b8f6a3fc Fragment count: 20 Supported ISO: no Press [Esc] to abort check. Checking: 100.0% The media check is complete, the result is: PASS. It is OK to use this media. /Packages found, will copy source packages to target. WARNING: This will DESTROY All DATA on: /dev/sdc !! Press Enter to continue, or Ctrl C to abort. Waiting for devices to settle... mkfs.fat 4.1 (2017-01-24) Copying LiveOS image to target device... squashfs.img 411,631,616 100% 342.82MB/s0:00:01 (xfr#1, to-chk=0/1) Syncing filesystem writes to disc. Please wait, this may take a while... Setting up /EFI/BOOT Unable to find an EFI configuration file. I am using Fedora-Workstation-Live-x86_64-29-1.2.iso which I downloaded off of there website and I used Fedora Media Creater to put it on the Flash Drive. Any Ideas as too why I am getting this error. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c83502b-b5af-4fad-a21e-38a7ba73c9bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Changing USB Controllers
Hello, I have qubes (r4.0) installed on a USB. I have 3 USB Controllers on my laptop. When I am running qubes and try attaching a USB device, it always uses the same USB Controller(the usb qubes is installed/dom0) regardless of the USB port I am using. Is there a way to switch this? I wanted to try and create a USB qube just for untrusted usb devices. I know I cant use the one dom0 is on but I have two more controllers I would like to utilize if possible for this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6bede4f-32d3-4c8d-8ed3-8b15a5bd499d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot retrieve repository metadata (repomd.xml) for repository: qubes-dom0-current error
After running these commands in https://www.whonix.org/wiki/Onionizing_Repositories this is what my File looks like in Dom0 (qubes-dom0.repo): [qubes-dom0-current] name = Qubes Dom0 Repository (Updates) #baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/fc25 metalink = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink enabled = 1 metadata_expire = 7d gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary This is what qubes-r4.repo looks like in fedora 28 templateVM: [qubes-vm-r4.0-current] name = Qubes OS Repository for VM (updates) baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/current/vm/fc$releasever gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-primary skip_if_unavailable=False gpgcheck = 1 enabled=1 This is what my qubes-templates.repo looks like in Dom0: [qubes-templates-itl] name = Qubes Templates Repository #baseurl = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/templates-itl metalink = https://yum.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r$releasever/templates-itl/repodata/repomd.xml.metalink enabled = 1 fastestmirror = 1 metadata_expire = 7d gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ecfc6ab-f93d-4bb0-aaf3-79c31ad2fe84%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Cannot retrieve repository metadata (repomd.xml) for repository: qubes-dom0-current error
Hey, I am running qubes 4.0 and When I try to update Dom0 in the Terminal with "sudo qubes-dom0-update" I get this error: Using sys-whonix as UpdateVM to download updates for Dom0; this may take some time... Cannot retrieve repository metadata (repomd.xml) for repository: qubes-dom0-current. Please verify its path and try again. I have Whonix-gw-14 and whonix-ws-14 installed and fully updated. I also have debian-9 updates working with no errors. I have Fedora-28 installed also but when I try and update that I get this Error: Failed to synchronize cashe for repo 'qubes-vm-r4.0-current' I am relatively new to qubes so I am learning as I go. I have did some research on these issues and I havnt found a solution to my exact issue yet. I am hoping I dont have to reinstall Qubes unless I have too. I was trying to update my onion addresses from V2 to V3 when I came across this Issue using this guide: https://www.whonix.org/wiki/Onionizing_Repositories. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c267239b-82aa-426d-9ffa-0e9aa916301a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installation freezes on SSD
I used the default templates qubes assigned. I have tryed about 10 different times. I took cooloutac's advice except for I kept the default sys-net vm checkbox and unchecked the sys-usb template and its working now. Thanks for the help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b188ae3-e019-4db6-864f-7c8336c8a231%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installation freezes on SSD
Hey I am having an issue installing qubes 4.0 on my external SSD (Samsung 1TB SSD T5). Qubes installes fine with my flash drive that the qubes image is on. When it askes me to restart the computer after installation I do and boots up fine to the template configuration area. Now when I am configuring the templates it freezes on me and shows a black cursor. The mouse also stops working and no keyboards inputs work anymore. I have left this for about 8 hours and is still there. I have to power off the computer for it to stop. I have also installed this on my flash drive before this to test it out and everything installed perfectly even the template configurations. So this brings me to it has to be something with the SSD. Any ideas as to how I can resolve this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbaf9b80-758a-4c8f-90e5-e73827b4c80e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.