Re: [qubes-users] Encrypted Secondary Drive? (is it? Is it needed?)

[gaikokujinkyofusho]

On Wednesday, November 9, 2016 at 10:25:47 AM UTC-5, Desobediente wrote:
> If you just want to move files in the old fashion way and not entire AppVM in 
> the sense that the AppVMs should remain in the original drive, in other 
> words, if you want to be able to remove the other hard drive from the system 
> and will useit mainly for storage of large files,
> 
> 
> then the answers are more questions:
> 
> 
> is your qubes system encrypted?
> do you need the files to be encrypted?
> 
> 
> If you are willing to accept common knowledge as advice, then yes, you shall 
> encrypt everything every time, unless there are reasons not to. For example, 
> encrypted disks will make data unavailable to data recovery for an obvious 
> reason. If the data is not sensitive and it should remain forever 
> recoverable, that could be a reason not to encrypt data, but that is one 
> exception of the above rule.
> 
> 
> Anyway, if this is your case, it should be simple as attaching the disk into 
> any AppVM and running the GNOME Disks application. I'm not sure what's the 
> name of that in the KDE and XFCE desktops, but i know that if you call it via 
> terminal, it's gnome-disks.
> 
> 
> From there it should be straightforward, but there is this tutorial in the 
> Tails website if you want: 
> https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html

In the future I would probably store large files (or collections of large files 
like music) but for now I had in mind at least storing some of my templateVM 
copies as I have a backup copy of each template (and the WinHVM is taking up an 
esp large amt of space). 

As for my Qubes system, its def encrypted, that part I am sure of.

My general thought is, better to be safe than sorry. The exception I could 
think of is if I had short-term bkups (I do "long term" bkups on an ext drive) 
on this drive they are encrypted but most everything else I figure, why not 
encrypt? 

So gnome-disks, I think that will be pretty straight forward, but when I want 
to open it I'd have to go to a VM -> file manager and enter a passwd everytime 
... I think? (trying to wrap my head around this). If I wanted something a bit 
automatic like the https://www.qubes-os.org/doc/secondary-storage/ option, is 
there a way the drive could automatically be mounted/decrypted so that template 
backups could be accessed (and updated, wouldn't want out of date templates).

Thx!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f38bf403-1253-49e9-a46a-267b1b3b43db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Possible to run a launcher (like Synapse) in Qubes?

[gaikokujinkyofusho]

On Saturday, October 15, 2016 at 4:18:12 AM UTC-4, pixel fairy wrote:
> On Saturday, October 15, 2016 at 4:16:23 AM UTC-4, pixel fairy wrote:
> > On Saturday, October 15, 2016 at 4:13:05 AM UTC-4, pixel fairy wrote:
> > > On Friday, October 14, 2016 at 6:43:54 PM UTC-4, Gaiko Kyofusho wrote:
> > > > given qubes separation is it possible to run something like Synapse (or 
> > > > some similar launcher) in Qubes? 
> > > > 
> > 
> > theres nothing in qubes preventing this. its already in the repo. but, its 
> > best not to add anything to dom0.
> 
> Q (upper-left) / system tools / keyboard 
> there you can add a shortcut to terminal so you dont even need your mouse to 
> pull it up.

Thanks for the ideas. I was really hoping for something "smooth" (work-flow and 
looking) like synapse or Gnome-Do _but_ not if it compromises sec and as you 
said, putting things in dom0 isn't a great idea.

This is a bit of a side question but I think its realated and given what you 
said likely has the same answer but is it possible to have a clipboard manager 
(eg clipman, kilpper, or copyq) work across VMs? The assumption is "no" but 
hope springs eternal ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05df6edc-a2f4-4e50-8ae8-0df82c78a30a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ReactOS instead of Win7?

[gaikokujinkyofusho]

On Thursday, October 13, 2016 at 9:59:08 PM UTC-4, Drew White wrote:
> On Thursday, 13 October 2016 23:26:31 UTC+11, gaikokuji...@gmail.com  wrote:
> > On Wednesday, October 12, 2016 at 10:12:48 PM UTC-4, Drew White wrote:
> > > On Thursday, 13 October 2016 07:48:24 UTC+11, Gaiko Kyofusho  wrote:
> > > > I haven't seen much mention of ReactOS on the list but was thinking it 
> > > > *might* be worth trying a ReactOS AppVM as an alternative to a MS 
> > > > Windows AppVM but before I put myself through the frustration I thought 
> > > > I'd ask #1 The wisdom (or not) of the idea and #2 If its been tried 
> > > > already and doesn't work yet.
> > > > 
> > > > Thx
> > > 
> > > Qubes tools will NOT work. ROS is only 32 bit. It's still only 2003/XP 
> > > based.
> > > I'm looking at doing something with the Qubes Tools to enable at least 
> > > copy/paste/qrexec.
> > > 
> > > But at this time, it just won't have that option available if you use 
> > > ReactOS.
> > 
> > Thats too bad, it would have been nice to use OSS to run win apps but 
> > anyway thanks for the answer! Saved me a bit of frustration trying to make 
> > it work.
> 
> No problem, I just talked to the ReactOS people to find out.
> during the chat, I may have worked out exactly how to get them working 
> though, as some of them have patches/cracks to get win7 stuff to work on ROS.
> Not always well, but it does work.
> 
> On the other hand, I may just write an interpreter for ReactOS to work just 
> like the tools normally would. It shouldn't be that hard since the code is 
> already available. But who knows. I will probably encounter many issues. But 
> I think that it will be beneficial in the end.
> 
> At the moment there are other things I'm working on in Qubes to get it to 
> work right, you know, bridged networking and all. and I mean completely 
> bridged, not just forwarding.
> So that's my first priority, then I'll get onto this other thing and see what 
> I can pull off, or if it is even possible. It should be possible, and 
> shouldn't take too long if it is possible. 
> 
> I'll let you know how it goes.

Totally understand the priorities part. But hey, its great to hear that it 
will/might be added in the future as I think ReactOS fits (ethos wise) fairly 
well with Qubes. Look'n forward to it.

Thanks!!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3081a644-6b19-4945-83d5-017d03e430ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] mounting a qemu-img'd file error?

[gaikokujinkyofusho]

On Thursday, October 6, 2016 at 11:11:47 PM UTC-4, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Mon, Oct 03, 2016 at 06:51:39PM -0700, gaikokujinkyofu...@gmail.com wrote:
> > I converted a vdi file over to a raw file which seemed to go fine but 
> > mounting it is not going so well. mount seems to be having problems with 
> > the file sys. I have tried auto but no luck, I tried manually specifying 
> > but no luck. It was whonix so I assumed it was ext3 or 4 (or 2, tried em 
> > all) but no luck.
> > I have tried specifying offset points (2480 here) and just "loop" etc... 
> > nada
> > 
> > fdisk -l tells me:
> > Disk whonix.raw: 4 GiB, 4294967296 bytes, 8388608 sectors
> > Units: sectors of 1 * 512 = 512 bytes
> > Sector size (logical/physical): 512 bytes / 512 bytes
> > I/O size (minimum/optimal): 512 bytes / 512 bytes
> > Disklabel type: dos
> > Disk identifier: 0x3d6b07dc
> > 
> > Device  Boot Start End Sectors Size Id Type
> > whonix.raw1   2048 8388607 8386560   4G 83 Linux
> > 
> > thoughts?
> 
> Try `losetup -P /dev/loop0 whonix.raw`, then mount /dev/loop0p1.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJX9xJiAAoJENuP0xzK19csoNMH/jUcyBOwKFmyHsYVaEt/3TrX
> HU48pwq0WOTrwNwvtFl0WQW0PTH44vMrwoBlhYRsqlZ+S6PqBJXPukdnlyx2T6V4
> imZU1DgymFCBMNvkdlq1tFDEU8nt0JjkS7USL3Vfc0pyS+WXwSobHIJaS7mIbWzL
> XYr0mECzsVhVE1WH4QXcZO9J3v68tRPKmFKTj7jpThsFDgvRx5868Bj7URw1CqUZ
> uhAEmTd33ka3mgvHi3+ityC10AQ8/DhMt+MgSpfwH231L2apuPXkVAQ3TegafboW
> 0YmRxP3n0r6HalYmH0Gdr160avkkM7qXmHgJO5IaaIGheAcnLC+PUC4xkRkHM0U=
> =ANsq
> -END PGP SIGNATURE-

Assuming I got it right I am still getting filesystem errors (or "can't find in 
fstab), here is what I have tried:

[user@untrusted MV]$ sudo losetup -P /dev/loop0 whonix.raw
[user@untrusted MV]$ mount /dev/loop0p1
mount: can't find /dev/loop0p1 in /etc/fstab
[user@untrusted MV]$ sudo mount -t auto /dev/loop0p1 ~/whonix/
mount: wrong fs type, bad option, bad superblock on /dev/loop0p1,
   missing codepage or helper program, or other error

   In some cases useful info is found in syslog - try
   dmesg | tail or so.
[user@untrusted MV]$ sudo mount /dev/loop0p1 ~/whonix/
mount: wrong fs type, bad option, bad superblock on /dev/loop0p1,
   missing codepage or helper program, or other error

   In some cases useful info is found in syslog - try
   dmesg | tail or so.
[user@untrusted MV]$ sudo mount -t auto -o /dev/loop0p1 ~/whonix/
mount: can't find /home/user/whonix/ in /etc/fstab
[user@untrusted MV]$ sudo mount -t auto -o /dev/loop0p1 whonix.raw ~/whonix/
mount: /dev/loop1 is write-protected, mounting read-only
mount: wrong fs type, bad option, bad superblock on /dev/loop1,
   missing codepage or helper program, or other error

   In some cases useful info is found in syslog - try
   dmesg | tail or so.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6b1ed94-aef3-47d5-b7dd-1909215b9ad5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: mounting a qemu-img'd file error?

[gaikokujinkyofusho]

On Thursday, October 6, 2016 at 10:18:19 PM UTC-4, Drew White wrote:
> On Friday, 7 October 2016 12:09:40 UTC+11, gaikokuji...@gmail.com  wrote:
> > On Monday, October 3, 2016 at 9:51:39 PM UTC-4, gaikokuji...@gmail.com 
> > wrote:
> > > I converted a vdi file over to a raw file which seemed to go fine but 
> > > mounting it is not going so well. mount seems to be having problems with 
> > > the file sys. I have tried auto but no luck, I tried manually specifying 
> > > but no luck. It was whonix so I assumed it was ext3 or 4 (or 2, tried em 
> > > all) but no luck.
> > > I have tried specifying offset points (2480 here) and just "loop" etc... 
> > > nada
> > > 
> > > fdisk -l tells me:
> > > Disk whonix.raw: 4 GiB, 4294967296 bytes, 8388608 sectors
> > > Units: sectors of 1 * 512 = 512 bytes
> > > Sector size (logical/physical): 512 bytes / 512 bytes
> > > I/O size (minimum/optimal): 512 bytes / 512 bytes
> > > Disklabel type: dos
> > > Disk identifier: 0x3d6b07dc
> > > 
> > > Device  Boot Start End Sectors Size Id Type
> > > whonix.raw1   2048 8388607 8386560   4G 83 Linux
> > > 
> > > thoughts?
> > 
> > No thoughts? Anyone? Perhaps avid whonix people have run into this? or know 
> > of other ways to get stuff off a whonix vdi file?
> 

doh, sorry bout that

> What did you use to convert it?

qemu-img

> What version did you use to convert it?

v2.4.1

> What version VDI was it?

... really not sure :(
It was made about 1-1.5 years ago

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56b4d384-586a-43b1-a33a-df2682e47c9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: trouble brining up chromium in appvm?

[gaikokujinkyofusho]

On Thursday, October 6, 2016 at 10:21:24 PM UTC-4, Drew White wrote:
> On Friday, 7 October 2016 12:07:48 UTC+11, gaikokuji...@gmail.com  wrote:
> > I installed chromium in my fedora template (sudo dnf install chromium) and 
> > it seemed to install no errors, I was able to run it as well, started right 
> > up.
> > 
> > I then created a appvm and add the chromium shortcut (which is there) then 
> > go from the launcher to start up chromium but after I click on it nothing 
> > happens? I have tried from the terminal and can't seem to open it from the 
> > appvm terminal (can from the template terminal). I then tried to install it 
> > in the new appvm and it installed and started ok but of course after I 
> > restarted the appvm everything was nuked.
> > 
> > I'm stumped.
> 

Well first off, completely rebooting my computer seems to have resolved 
whatever it was but (as I answered below) I did reboot the guest (the template 
right?) it is not a standalone and i did boot the appvm after the template was 
updated.

Another small question though, I wasn't familar with "locate" i tried it and 
was prompted to install mlocate (did within the appvm and then it error'd about 
no db? Is that normal?)

> This may seem stupid, but did you reboot the Guest after you installed?

fair enough, but yes.

> 
> Did you boot the AppVM after the TemplateVM was updated?

yes

> It's not a Standalone AppVM is it?

nope

> 
> Did you try (in the appvm) doing a locate for the browser to see that it 
> actually sees it? (Then also try running providing full path)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/992195d0-d50f-4a30-b2af-9044c92be3de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] trouble brining up chromium in appvm?

[gaikokujinkyofusho]

I installed chromium in my fedora template (sudo dnf install chromium) and it 
seemed to install no errors, I was able to run it as well, started right up.

I then created a appvm and add the chromium shortcut (which is there) then go 
from the launcher to start up chromium but after I click on it nothing happens? 
I have tried from the terminal and can't seem to open it from the appvm 
terminal (can from the template terminal). I then tried to install it in the 
new appvm and it installed and started ok but of course after I restarted the 
appvm everything was nuked.

I'm stumped.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8dd1b50-4b73-4b01-92ec-52dbb8182b2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't BkUp? Error: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range (128)?

[gaikokujinkyofusho]

On Wednesday, October 5, 2016 at 6:56:35 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-10-04 17:26, gaikokujinkyofu...@gmail.com wrote:
> > I was trying to back up a VM (a single VM if it matters) to a external 
> > drive that I had mounted in one of the appvms which I have done in 3.1 with 
> > no problems but here I got the following error:
> > 
> > Error: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in 
> > range (128)
> > 
> > not sure what to make of it?
> > 
> 
> Do you have non-ASCII characters anywhere (e.g., VM name, backup name, 
> passphrase)?
> 

Does "-" count? Well regardless that seems to have been the problem as I had 
that in there, though I had used the exact same name before and it didn't make 
a diff? Anyway, no dash, no problem (it seems)?! Thanks!

> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJX9YUHAAoJENtN07w5UDAwHYsQAMy2Xb//PYRAHsprTZ6D+gC4
> aDdY7l3SRmKLBQaYZvqWAXCoMFge4AyT72j+k/6bnO64yStpG8kr+657Ayqvy8XL
> XwphVaAuIGW4yVgdwfCDDi+mhGl6kOoeA79W+uXbMFtwHIgX8fk3y4e0H4r8oM+a
> 7Y1uc84nQLcSsOQLltkTNrw3IvHsmRP6Ghy7cVRRc+P9kdfXAe+TVuLwl6IfhWfW
> KmrKoEh0E/eg7NYR6UUB4y/oLuYhz2FIvORPiQTwaqg3Ql3mGwnpYGR18ELUMEFk
> c4fIEskF0Acs/XP5kyWE9lUC4qbEE6z65kUnoPDYfnErR1KStUBDnD8b/JCt6Hdo
> VDOPWkBZQAKoHQSsSvm2VBJUX8NPnQ3Q4kpymIpe9NP/2jGr4tacxaC4030yzi2r
> ApHP8YvT3eRiufuWbxKsc4CIMBZ5rwd/CZ+f2LubePtO+nVRaAUYcyslv59UZ3QJ
> 1MM6VwYurjoojjVFJV7wTUcaRMEzQwqosR2UDJ+X1j/e8GpWVVh8UiPJd3/x+DA/
> qq0+w+nTIhh1PfyIhg8srXZbcwdi8DRHqm0r2QyxHOPvW3kdo6PdoXXGvppGWFu8
> JToffOPxQFrf8IyK964bEYMI6nSlZX9bA2YTvSMYXbohlv0l4bzhJiWnYcGFF+CX
> vfryeUVOqe7yhT4UCzDq
> =O4FM
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f398da12-2603-47f6-a3c2-34dc80023f6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't BkUp? Error: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range (128)?

[gaikokujinkyofusho]

I was trying to back up a VM (a single VM if it matters) to a external drive 
that I had mounted in one of the appvms which I have done in 3.1 with no 
problems but here I got the following error:

Error: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range 
(128)

not sure what to make of it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1437143b-f222-49a9-8061-ab96a0d69da8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] mounting a qemu-img'd file error?

[gaikokujinkyofusho]

I converted a vdi file over to a raw file which seemed to go fine but mounting 
it is not going so well. mount seems to be having problems with the file sys. I 
have tried auto but no luck, I tried manually specifying but no luck. It was 
whonix so I assumed it was ext3 or 4 (or 2, tried em all) but no luck.
I have tried specifying offset points (2480 here) and just "loop" etc... nada

fdisk -l tells me:
Disk whonix.raw: 4 GiB, 4294967296 bytes, 8388608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x3d6b07dc

Device  Boot Start End Sectors Size Id Type
whonix.raw1   2048 8388607 8386560   4G 83 Linux

thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f89e0d6-7050-400c-812e-042fbc1213e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: VM seemingly all of a suddon will no longer start up? (yellow dot)

[gaikokujinkyofusho]

On Saturday, July 30, 2016 at 9:42:25 PM UTC+3, gaikokuji...@gmail.com wrote:
> On Saturday, July 30, 2016 at 9:39:22 PM UTC+6:30, gaikokuji...@gmail.com 
> wrote:
> > I just managed to install a second hard drive on my laptop then tried 
> > restarting, everything started off fine except when I tried to start my 
> > "media vm" which mainly had Kodi media center on it. I don't see how the 
> > new hard drive would affect this appvm starting up but that is the only 
> > difference between earlier today when I last used this vm/kodi and now.
> > 
> > Now I am noticing the I can't start anything from the MediaVM, and my 
> > workvm shows up as a yellow dot but I can start firefox from there (so far 
> > at least), and the sys-firewall had a mementary error/yellow triangle, 
> > something about using/requesting more memory than available?
> > 
> > I noticed the failed to connect to gui-agent error from the logs (below) as 
> > it was about the only error that pops up, apart from that I am not sure. My 
> > qubes setup has been running pretty well lately, until now... thoughts?
> > 
> > Icon size: 128x128
> > libvchan_is_eof
> > release_all_mapped_mfns running
> > Obtained 8 stack frames.
> > Icon size: 128x128
> > Failed to connect to gui-agent
> 
> Sorry, the reoccuring error is "can not start qubes guid"

Solved.

It was apparently private storage max size was reached, so I increased it and 
everything was roses again (at least with that VM).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd72cfaf-e7d8-4564-8090-fd0226d5f548%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN Link Up, NetVM set to VpnVM but AppVMs still don't have net access?

[gaikokujinkyofusho]

On Tuesday, July 26, 2016 at 5:32:04 PM UTC+2, gaikokuji...@gmail.com wrote:
> On Monday, July 25, 2016 at 5:12:42 PM UTC-10, Chris Laprise wrote:
> > On 07/25/2016 04:25 PM, gaikokujinkyofu...@gmail.com wrote:
> > > On Thursday, July 21, 2016 at 9:41:57 PM UTC+12, gaikokuji...@gmail.com 
> > > wrote:
> > >> On Wednesday, July 20, 2016 at 4:17:32 PM UTC-8, Chris Laprise wrote:
> > >>> On 07/20/2016 02:59 PM, gaikokujinkyofu...@gmail.com wrote:
> >  On Saturday, July 16, 2016 at 5:09:48 PM UTC-4, gaikokuji...@gmail.com 
> >  wrote:
> > > I tried the 'sudo iptables -L -v -t nat' anyway and to be honest I am 
> > > not sure I understand the output:
> > >
> > > [user@VPN ~]$ sudo iptables -L -v -t nat
> > > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
> > >pkts bytes target prot opt in out source   
> > > destination
> > >   0 0 PR-QBS all  --  anyany anywhere 
> > > anywhere
> > >   0 0 PR-QBS-SERVICES  all  --  anyany anywhere   
> > >   anywhere
> > >
> > > Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> > >pkts bytes target prot opt in out source   
> > > destination
> > >
> > > Chain OUTPUT (policy ACCEPT 432 packets, 30668 bytes)
> > >pkts bytes target prot opt in out source   
> > > destination
> > >
> > > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
> > >pkts bytes target prot opt in out source   
> > > destination
> > >   0 0 ACCEPT all  --  anyvif+anywhere 
> > > anywhere
> > >   3   192 ACCEPT all  --  anylo  anywhere 
> > > anywhere
> > >  12   812 MASQUERADE  all  --  anyany anywhere
> > >  anywhere
> > >
> > > Chain PR-QBS (1 references)
> > >pkts bytes target prot opt in out source   
> > > destination
> > >   0 0 DNAT   udp  --  anyany anywhere 
> > > 10.137.4.1   udp dpt:domain to:10.137.2.1
> > >   0 0 DNAT   tcp  --  anyany anywhere 
> > > 10.137.4.1   tcp dpt:domain to:10.137.2.1
> > >   0 0 DNAT   udp  --  anyany anywhere 
> > > 10.137.4.254 udp dpt:domain to:10.137.2.254
> > >   0 0 DNAT   tcp  --  anyany anywhere 
> > > 10.137.4.254 tcp dpt:domain to:10.137.2.254
> > >
> > > Chain PR-QBS-SERVICES (1 references)
> > >pkts bytes target prot opt in out source   
> > > destination
> >  Hi, I don't think I am using Network Manager to connect, that is I 
> >  went only by the Qubes VPN wiki but while trying to diag the problem I 
> >  read about /etc/resolv.conf in some other doc while searching so 
> >  thought I'd try (obviously no luck).
> > 
> >  As for the sudo sg qvpn -c ping whateversite, does returning one thing 
> >  back and hanging count for anything? I am thinking not as I am not 
> >  able to connect to the net via the VpnVM.
> > 
> >  Any thoughts on the DNS dnat rules?
> > >>> Pinging from my vpn vm is probably the same as yours, now that I've
> > >>> checked it: I get a DNS response but the pings themselves aren't 
> > >>> permitted.
> > >>>
> > >>> I think the real problem is shown in your PR-QBS chain above. You see
> > >>> that the 'to' addresses on the right are still pointing to a Qubes
> > >>> internal subnet '10.137.x.x'. Something about the DHCP fetching of your
> > >>> DNS servers or the way qubes-vpn-handler.sh is executing is not working.
> > >>> You can verify this by taking the IP address for 'whateversite' and
> > >>> pinging it from your appvm (connected to vpn vm)... that should work
> > >>> even though DNS doesn't.
> > >>>
> > >>> Cause of the problem should be a misconfigured .ovpn (the 3 lines for
> > >>> scripting) or the qubes-vpn-handler.sh script itself can't execute
> > >>> because the execute flag is not set, or the shebang at the start was
> > >>> left out, etc.
> > >>>
> > >>> Chris
> > >> well you are right about being able to ping an IP from the appvm that is 
> > >> connected to the vpnvm, it works fine.
> > >>
> > >> As for the misconfigured .opvn I can't make heads or tails of that as 
> > >> the first time I just used the exact same file that I had backed up, I 
> > >> rechecked it and I think its ok (I also got a new pre-configured one 
> > >> from my vpn provider, c/p the needed edits in, and still get the same 
> > >> error). I checked the permissions user of the two files and I think they 
> > >> are ok?
> > >>
> > >> -rw-r--r-- 1 root root  423 Jul 21 21:28 openvpn-client.ovpn
> > >> -rwxr-xr-x 1 root root 1089 Jul 10 21:15 

[qubes-users] Re: VM seemingly all of a suddon will no longer start up? (yellow dot)

[gaikokujinkyofusho]

On Saturday, July 30, 2016 at 9:39:22 PM UTC+6:30, gaikokuji...@gmail.com wrote:
> I just managed to install a second hard drive on my laptop then tried 
> restarting, everything started off fine except when I tried to start my 
> "media vm" which mainly had Kodi media center on it. I don't see how the new 
> hard drive would affect this appvm starting up but that is the only 
> difference between earlier today when I last used this vm/kodi and now.
> 
> Now I am noticing the I can't start anything from the MediaVM, and my workvm 
> shows up as a yellow dot but I can start firefox from there (so far at 
> least), and the sys-firewall had a mementary error/yellow triangle, something 
> about using/requesting more memory than available?
> 
> I noticed the failed to connect to gui-agent error from the logs (below) as 
> it was about the only error that pops up, apart from that I am not sure. My 
> qubes setup has been running pretty well lately, until now... thoughts?
> 
> Icon size: 128x128
> libvchan_is_eof
> release_all_mapped_mfns running
> Obtained 8 stack frames.
> Icon size: 128x128
> Failed to connect to gui-agent

Sorry, the reoccuring error is "can not start qubes guid"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c31a7817-cb15-4a0e-9a21-6aefcee8fddc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VM seemingly all of a suddon will no longer start up? (yellow dot)

[gaikokujinkyofusho]

I just managed to install a second hard drive on my laptop then tried 
restarting, everything started off fine except when I tried to start my "media 
vm" which mainly had Kodi media center on it. I don't see how the new hard 
drive would affect this appvm starting up but that is the only difference 
between earlier today when I last used this vm/kodi and now.

Now I am noticing the I can't start anything from the MediaVM, and my workvm 
shows up as a yellow dot but I can start firefox from there (so far at least), 
and the sys-firewall had a mementary error/yellow triangle, something about 
using/requesting more memory than available?

I noticed the failed to connect to gui-agent error from the logs (below) as it 
was about the only error that pops up, apart from that I am not sure. My qubes 
setup has been running pretty well lately, until now... thoughts?

Icon size: 128x128
libvchan_is_eof
release_all_mapped_mfns running
Obtained 8 stack frames.
Icon size: 128x128
Failed to connect to gui-agent

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9af183b5-551d-44b0-a796-779aa9833ef1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN Link Up, NetVM set to VpnVM but AppVMs still don't have net access?

[gaikokujinkyofusho]

On Monday, July 25, 2016 at 5:12:42 PM UTC-10, Chris Laprise wrote:
> On 07/25/2016 04:25 PM, gaikokujinkyofu...@gmail.com wrote:
> > On Thursday, July 21, 2016 at 9:41:57 PM UTC+12, gaikokuji...@gmail.com 
> > wrote:
> >> On Wednesday, July 20, 2016 at 4:17:32 PM UTC-8, Chris Laprise wrote:
> >>> On 07/20/2016 02:59 PM, gaikokujinkyofu...@gmail.com wrote:
>  On Saturday, July 16, 2016 at 5:09:48 PM UTC-4, gaikokuji...@gmail.com 
>  wrote:
> > I tried the 'sudo iptables -L -v -t nat' anyway and to be honest I am 
> > not sure I understand the output:
> >
> > [user@VPN ~]$ sudo iptables -L -v -t nat
> > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
> >pkts bytes target prot opt in out source   
> > destination
> >   0 0 PR-QBS all  --  anyany anywhere 
> > anywhere
> >   0 0 PR-QBS-SERVICES  all  --  anyany anywhere 
> > anywhere
> >
> > Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> >pkts bytes target prot opt in out source   
> > destination
> >
> > Chain OUTPUT (policy ACCEPT 432 packets, 30668 bytes)
> >pkts bytes target prot opt in out source   
> > destination
> >
> > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
> >pkts bytes target prot opt in out source   
> > destination
> >   0 0 ACCEPT all  --  anyvif+anywhere 
> > anywhere
> >   3   192 ACCEPT all  --  anylo  anywhere 
> > anywhere
> >  12   812 MASQUERADE  all  --  anyany anywhere 
> > anywhere
> >
> > Chain PR-QBS (1 references)
> >pkts bytes target prot opt in out source   
> > destination
> >   0 0 DNAT   udp  --  anyany anywhere 
> > 10.137.4.1   udp dpt:domain to:10.137.2.1
> >   0 0 DNAT   tcp  --  anyany anywhere 
> > 10.137.4.1   tcp dpt:domain to:10.137.2.1
> >   0 0 DNAT   udp  --  anyany anywhere 
> > 10.137.4.254 udp dpt:domain to:10.137.2.254
> >   0 0 DNAT   tcp  --  anyany anywhere 
> > 10.137.4.254 tcp dpt:domain to:10.137.2.254
> >
> > Chain PR-QBS-SERVICES (1 references)
> >pkts bytes target prot opt in out source   
> > destination
>  Hi, I don't think I am using Network Manager to connect, that is I went 
>  only by the Qubes VPN wiki but while trying to diag the problem I read 
>  about /etc/resolv.conf in some other doc while searching so thought I'd 
>  try (obviously no luck).
> 
>  As for the sudo sg qvpn -c ping whateversite, does returning one thing 
>  back and hanging count for anything? I am thinking not as I am not able 
>  to connect to the net via the VpnVM.
> 
>  Any thoughts on the DNS dnat rules?
> >>> Pinging from my vpn vm is probably the same as yours, now that I've
> >>> checked it: I get a DNS response but the pings themselves aren't 
> >>> permitted.
> >>>
> >>> I think the real problem is shown in your PR-QBS chain above. You see
> >>> that the 'to' addresses on the right are still pointing to a Qubes
> >>> internal subnet '10.137.x.x'. Something about the DHCP fetching of your
> >>> DNS servers or the way qubes-vpn-handler.sh is executing is not working.
> >>> You can verify this by taking the IP address for 'whateversite' and
> >>> pinging it from your appvm (connected to vpn vm)... that should work
> >>> even though DNS doesn't.
> >>>
> >>> Cause of the problem should be a misconfigured .ovpn (the 3 lines for
> >>> scripting) or the qubes-vpn-handler.sh script itself can't execute
> >>> because the execute flag is not set, or the shebang at the start was
> >>> left out, etc.
> >>>
> >>> Chris
> >> well you are right about being able to ping an IP from the appvm that is 
> >> connected to the vpnvm, it works fine.
> >>
> >> As for the misconfigured .opvn I can't make heads or tails of that as the 
> >> first time I just used the exact same file that I had backed up, I 
> >> rechecked it and I think its ok (I also got a new pre-configured one from 
> >> my vpn provider, c/p the needed edits in, and still get the same error). I 
> >> checked the permissions user of the two files and I think they are ok?
> >>
> >> -rw-r--r-- 1 root root  423 Jul 21 21:28 openvpn-client.ovpn
> >> -rwxr-xr-x 1 root root 1089 Jul 10 21:15 qubes-vpn-handler.sh
> >>
> >> I didn't quite follow you about the shebang? What parts at the begining do 
> >> you think might have been left out? Are you refering to the configuration 
> >> of the VM when I was creating it? (like setting as a proxyvm etc?)
> 
> The shebang refers to 

Re: [qubes-users] VPN Link Up, NetVM set to VpnVM but AppVMs still don't have net access?

[gaikokujinkyofusho]

On Thursday, July 21, 2016 at 9:41:57 PM UTC+12, gaikokuji...@gmail.com wrote:
> On Wednesday, July 20, 2016 at 4:17:32 PM UTC-8, Chris Laprise wrote:
> > On 07/20/2016 02:59 PM, gaikokujinkyofu...@gmail.com wrote:
> > > On Saturday, July 16, 2016 at 5:09:48 PM UTC-4, gaikokuji...@gmail.com 
> > > wrote:
> > >>
> > >> I tried the 'sudo iptables -L -v -t nat' anyway and to be honest I am 
> > >> not sure I understand the output:
> > >>
> > >> [user@VPN ~]$ sudo iptables -L -v -t nat
> > >> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > >>  0 0 PR-QBS all  --  anyany anywhere 
> > >> anywhere
> > >>  0 0 PR-QBS-SERVICES  all  --  anyany anywhere   
> > >>   anywhere
> > >>
> > >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > >>
> > >> Chain OUTPUT (policy ACCEPT 432 packets, 30668 bytes)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > >>
> > >> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > >>  0 0 ACCEPT all  --  anyvif+anywhere 
> > >> anywhere
> > >>  3   192 ACCEPT all  --  anylo  anywhere 
> > >> anywhere
> > >> 12   812 MASQUERADE  all  --  anyany anywhere 
> > >> anywhere
> > >>
> > >> Chain PR-QBS (1 references)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > >>  0 0 DNAT   udp  --  anyany anywhere 
> > >> 10.137.4.1   udp dpt:domain to:10.137.2.1
> > >>  0 0 DNAT   tcp  --  anyany anywhere 
> > >> 10.137.4.1   tcp dpt:domain to:10.137.2.1
> > >>  0 0 DNAT   udp  --  anyany anywhere 
> > >> 10.137.4.254 udp dpt:domain to:10.137.2.254
> > >>  0 0 DNAT   tcp  --  anyany anywhere 
> > >> 10.137.4.254 tcp dpt:domain to:10.137.2.254
> > >>
> > >> Chain PR-QBS-SERVICES (1 references)
> > >>   pkts bytes target prot opt in out source   
> > >> destination
> > > Hi, I don't think I am using Network Manager to connect, that is I went 
> > > only by the Qubes VPN wiki but while trying to diag the problem I read 
> > > about /etc/resolv.conf in some other doc while searching so thought I'd 
> > > try (obviously no luck).
> > >
> > > As for the sudo sg qvpn -c ping whateversite, does returning one thing 
> > > back and hanging count for anything? I am thinking not as I am not able 
> > > to connect to the net via the VpnVM.
> > >
> > > Any thoughts on the DNS dnat rules?
> > 
> > Pinging from my vpn vm is probably the same as yours, now that I've 
> > checked it: I get a DNS response but the pings themselves aren't permitted.
> > 
> > I think the real problem is shown in your PR-QBS chain above. You see 
> > that the 'to' addresses on the right are still pointing to a Qubes 
> > internal subnet '10.137.x.x'. Something about the DHCP fetching of your 
> > DNS servers or the way qubes-vpn-handler.sh is executing is not working. 
> > You can verify this by taking the IP address for 'whateversite' and 
> > pinging it from your appvm (connected to vpn vm)... that should work 
> > even though DNS doesn't.
> > 
> > Cause of the problem should be a misconfigured .ovpn (the 3 lines for 
> > scripting) or the qubes-vpn-handler.sh script itself can't execute 
> > because the execute flag is not set, or the shebang at the start was 
> > left out, etc.
> > 
> > Chris
> 
> well you are right about being able to ping an IP from the appvm that is 
> connected to the vpnvm, it works fine.
> 
> As for the misconfigured .opvn I can't make heads or tails of that as the 
> first time I just used the exact same file that I had backed up, I rechecked 
> it and I think its ok (I also got a new pre-configured one from my vpn 
> provider, c/p the needed edits in, and still get the same error). I checked 
> the permissions user of the two files and I think they are ok? 
> 
> -rw-r--r-- 1 root root  423 Jul 21 21:28 openvpn-client.ovpn
> -rwxr-xr-x 1 root root 1089 Jul 10 21:15 qubes-vpn-handler.sh
> 
> I didn't quite follow you about the shebang? What parts at the begining do 
> you think might have been left out? Are you refering to the configuration of 
> the VM when I was creating it? (like setting as a proxyvm etc?)

The last three lines you refered to, of the .ovpn, I believe I added as the 
Qubes VPN doc instructed, anyway I just c/p'd from the .ovpn I have:

script-security 2
up 'qubes-vpn-handler.sh up'
down 'qubes-vpn-handler.sh down'

Is that what you were referring to?

-- 
You received this message 

[qubes-users] VPN Link Up, NetVM set to VpnVM but AppVMs still don't have net access?

[gaikokujinkyofusho]

Hi, with quite a bit of help (thanks again) I was able to setup a VpnVM and 
have it work perferctly as a NetVM for AppVMs with KDE as my desktop env. I 
then backed up (zipped) the /rw/config dir and reinstalled 3.1 with just xfce, 
recreated the VpnVM and put all the needed vpn files from the config 
dir/sub-dir in thier place. I set an AppVM to use the VpnVM as a NetVM and 
started up the VpnVM, it seems to start up fine, I get the little notification 
that the VPN is up, but I can't connect to anything. I have also tried, instead 
of using backed up config file to just recreate everything from scratch, got 
the VPN notification/confirmation that its up and running, but still couldn't 
access the net. I can access the net when using the firewall as the netvm 
though? I am not sure how to diagnose this further, thoughts suggestions would 
really be apprecaited!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87409fff-9131-42b0-a814-9439450e99f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Monday, July 11, 2016 at 11:57:04 AM UTC-7, gaikokuji...@gmail.com wrote:
> On Wednesday, July 6, 2016 at 12:29:28 PM UTC+11:30, gaikokuji...@gmail.com 
> wrote:
> > On Wednesday, July 6, 2016 at 9:50:10 AM UTC+12, Chris Laprise wrote:
> > > On 07/06/2016 09:31 AM, gaikokujinkyofu...@gmail.com wrote:
> > > > On Wednesday, July 6, 2016 at 5:40:20 AM UTC-4, Chris Laprise wrote:
> > > >> On 07/05/2016 03:05 PM, gaikokujinkyofu...@gmail.com wrote:
> > > >>> I renamed the file, and that seems to have gotten it, in that I am 
> > > >>> now prompted to login to the vpn but now I noticed that my VpnVM does 
> > > >>> not have network access?
> > > >>>
> > > >>> I don't know at what point this happened but perhaps this is related 
> > > >>> to what Chris was talking about with the firewall blocking openvpn? 
> > > >>> (though I am not even able to ping things like google.com etc, vpn 
> > > >>> running or not). I did not change the NetVM, it is still sys-firewall 
> > > >>> if that matters?
> > > >> You will probably need to put your username and password in an
> > > >> /rw/config/openvpn/auth.txt file, then add 'auth-user-pass filename' to
> > > >> your ovpn config. This will allow openvpn to connect without user 
> > > >> input.
> > > >>
> > > >> Connecting the vpn vm to either sys-firewall or sys-net is fine.
> > > >>
> > > >> Once the qubes-firewall-user-script is running you can't ping or make
> > > >> other connections from inside the vpn vm. You should connect an appvm 
> > > >> to
> > > >> the vpn vm and test from there.
> > > >>
> > > >> BTW, I'll be submitting a revised doc that mentions when and where to
> > > >> test the connection.
> > > >>
> > > >> Chris
> > > > Thanks for that auth part, quite handy. As for not being able to 
> > > > connect from inside the vpn, ok I guess except shouldn't the vpn at 
> > > > least be able to connect? when I try to start up the vpn (now with the 
> > > > handy auth automatically put in) I get this:
> > > >
> > > > sudo openvpn --cd /rw/config/openvpn/ --config 
> > > > /rw/config/openvpn/openvpn-client.ovpn
> > > > Wed Jul  6 09:10:59 2016 RESOLVE: Cannot resolve host address: 
> > > > vpnprovider.org: No address associated with hostname
> > > > ^CWed Jul  6 09:11:06 2016 RESOLVE: signal received during DNS 
> > > > resolution attempt
> > > > Wed Jul  6 09:11:06 2016 SIGINT[hard,init_instance] received, process 
> > > > exiting
> > > > [user@VPN openvpn]$
> > > 
> > > Right... It should do that because with the firewall rules only programs 
> > > run under group 'qvpn' can access the net. You didn't run it with the 
> > > group there.
> > > 
> > > And I guess you can also ping and stuff in the VPN VM, too, if you run 
> > > those programs under the group. But in general you should avoid it.
> > > 
> > > Chris
> > 
> > Hurrah! Happy to see that an error is actually a *good* thing. So, with 
> > your reminder I retried it with sg and it works! and using it as a proxyvm 
> > for other appvms works! 
> > 
> > I am going to let this soak in a bit, read up on (quite) a few things (like 
> > sg?) then try to figure some other aspects out like randomly (or somewhat 
> > randomly, or at least more easily than editing files each time) being able 
> > to switch vpn servers as my provider has a few to pick from. Thoughts?
> > 
> > Thank you so *very* much for your help/patience, there is no way I would 
> > have been able to read my way through this.
> 
> I am not sure if I should start a new thread or continue this one but will 
> continue this one for the time being I guess.
> 
> The VPN setup was running fine and I had zipped up the /rw/config dir with 
> all the new properly setup files and such and backed it up (now wishing I had 
> backed up the VpnVM now). I later read that R3.2 will be depreciating KDE so 
> I decided to startover with just xfce installed.
> 
> I reinstalled Qubes and unzipped the config dir backup and put the right 
> files in their place, tried to check permissions etc and then fired it up, 
> seemed to start up with no apparent errors. Catch is, when I try to use it as 
> a NetVM for other AppVMs it doesn't seem to work. 
> 
> The AppVMs kind of search for awhile then time out (as opposed to instantly 
> going to saying there is no connection). I also tried to redo it from 
> scratch, no backup files, same result.
> 
> I was at least hoping for an error that I could do a search on but there 
> doesn't seem to be an obvious one here?

Also, I did select, in the other AppVMs, the VpnVM and it doesn't work but then 
the same AppVM works fine when I go back to the default firewall. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Wednesday, July 6, 2016 at 12:29:28 PM UTC+11:30, gaikokuji...@gmail.com 
wrote:
> On Wednesday, July 6, 2016 at 9:50:10 AM UTC+12, Chris Laprise wrote:
> > On 07/06/2016 09:31 AM, gaikokujinkyofu...@gmail.com wrote:
> > > On Wednesday, July 6, 2016 at 5:40:20 AM UTC-4, Chris Laprise wrote:
> > >> On 07/05/2016 03:05 PM, gaikokujinkyofu...@gmail.com wrote:
> > >>> I renamed the file, and that seems to have gotten it, in that I am now 
> > >>> prompted to login to the vpn but now I noticed that my VpnVM does not 
> > >>> have network access?
> > >>>
> > >>> I don't know at what point this happened but perhaps this is related to 
> > >>> what Chris was talking about with the firewall blocking openvpn? 
> > >>> (though I am not even able to ping things like google.com etc, vpn 
> > >>> running or not). I did not change the NetVM, it is still sys-firewall 
> > >>> if that matters?
> > >> You will probably need to put your username and password in an
> > >> /rw/config/openvpn/auth.txt file, then add 'auth-user-pass filename' to
> > >> your ovpn config. This will allow openvpn to connect without user input.
> > >>
> > >> Connecting the vpn vm to either sys-firewall or sys-net is fine.
> > >>
> > >> Once the qubes-firewall-user-script is running you can't ping or make
> > >> other connections from inside the vpn vm. You should connect an appvm to
> > >> the vpn vm and test from there.
> > >>
> > >> BTW, I'll be submitting a revised doc that mentions when and where to
> > >> test the connection.
> > >>
> > >> Chris
> > > Thanks for that auth part, quite handy. As for not being able to connect 
> > > from inside the vpn, ok I guess except shouldn't the vpn at least be able 
> > > to connect? when I try to start up the vpn (now with the handy auth 
> > > automatically put in) I get this:
> > >
> > > sudo openvpn --cd /rw/config/openvpn/ --config 
> > > /rw/config/openvpn/openvpn-client.ovpn
> > > Wed Jul  6 09:10:59 2016 RESOLVE: Cannot resolve host address: 
> > > vpnprovider.org: No address associated with hostname
> > > ^CWed Jul  6 09:11:06 2016 RESOLVE: signal received during DNS resolution 
> > > attempt
> > > Wed Jul  6 09:11:06 2016 SIGINT[hard,init_instance] received, process 
> > > exiting
> > > [user@VPN openvpn]$
> > 
> > Right... It should do that because with the firewall rules only programs 
> > run under group 'qvpn' can access the net. You didn't run it with the 
> > group there.
> > 
> > And I guess you can also ping and stuff in the VPN VM, too, if you run 
> > those programs under the group. But in general you should avoid it.
> > 
> > Chris
> 
> Hurrah! Happy to see that an error is actually a *good* thing. So, with your 
> reminder I retried it with sg and it works! and using it as a proxyvm for 
> other appvms works! 
> 
> I am going to let this soak in a bit, read up on (quite) a few things (like 
> sg?) then try to figure some other aspects out like randomly (or somewhat 
> randomly, or at least more easily than editing files each time) being able to 
> switch vpn servers as my provider has a few to pick from. Thoughts?
> 
> Thank you so *very* much for your help/patience, there is no way I would have 
> been able to read my way through this.

I am not sure if I should start a new thread or continue this one but will 
continue this one for the time being I guess.

The VPN setup was running fine and I had zipped up the /rw/config dir with all 
the new properly setup files and such and backed it up (now wishing I had 
backed up the VpnVM now). I later read that R3.2 will be depreciating KDE so I 
decided to startover with just xfce installed.

I reinstalled Qubes and unzipped the config dir backup and put the right files 
in their place, tried to check permissions etc and then fired it up, seemed to 
start up with no apparent errors. Catch is, when I try to use it as a NetVM for 
other AppVMs it doesn't seem to work. 

The AppVMs kind of search for awhile then time out (as opposed to instantly 
going to saying there is no connection). I also tried to redo it from scratch, 
no backup files, same result.

I was at least hoping for an error that I could do a search on but there 
doesn't seem to be an obvious one here? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6036509-d43e-4298-98ca-18e18b4d9052%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Wednesday, July 6, 2016 at 9:50:10 AM UTC+12, Chris Laprise wrote:
> On 07/06/2016 09:31 AM, gaikokujinkyofu...@gmail.com wrote:
> > On Wednesday, July 6, 2016 at 5:40:20 AM UTC-4, Chris Laprise wrote:
> >> On 07/05/2016 03:05 PM, gaikokujinkyofu...@gmail.com wrote:
> >>> I renamed the file, and that seems to have gotten it, in that I am now 
> >>> prompted to login to the vpn but now I noticed that my VpnVM does not 
> >>> have network access?
> >>>
> >>> I don't know at what point this happened but perhaps this is related to 
> >>> what Chris was talking about with the firewall blocking openvpn? (though 
> >>> I am not even able to ping things like google.com etc, vpn running or 
> >>> not). I did not change the NetVM, it is still sys-firewall if that 
> >>> matters?
> >> You will probably need to put your username and password in an
> >> /rw/config/openvpn/auth.txt file, then add 'auth-user-pass filename' to
> >> your ovpn config. This will allow openvpn to connect without user input.
> >>
> >> Connecting the vpn vm to either sys-firewall or sys-net is fine.
> >>
> >> Once the qubes-firewall-user-script is running you can't ping or make
> >> other connections from inside the vpn vm. You should connect an appvm to
> >> the vpn vm and test from there.
> >>
> >> BTW, I'll be submitting a revised doc that mentions when and where to
> >> test the connection.
> >>
> >> Chris
> > Thanks for that auth part, quite handy. As for not being able to connect 
> > from inside the vpn, ok I guess except shouldn't the vpn at least be able 
> > to connect? when I try to start up the vpn (now with the handy auth 
> > automatically put in) I get this:
> >
> > sudo openvpn --cd /rw/config/openvpn/ --config 
> > /rw/config/openvpn/openvpn-client.ovpn
> > Wed Jul  6 09:10:59 2016 RESOLVE: Cannot resolve host address: 
> > vpnprovider.org: No address associated with hostname
> > ^CWed Jul  6 09:11:06 2016 RESOLVE: signal received during DNS resolution 
> > attempt
> > Wed Jul  6 09:11:06 2016 SIGINT[hard,init_instance] received, process 
> > exiting
> > [user@VPN openvpn]$
> 
> Right... It should do that because with the firewall rules only programs 
> run under group 'qvpn' can access the net. You didn't run it with the 
> group there.
> 
> And I guess you can also ping and stuff in the VPN VM, too, if you run 
> those programs under the group. But in general you should avoid it.
> 
> Chris

Hurrah! Happy to see that an error is actually a *good* thing. So, with your 
reminder I retried it with sg and it works! and using it as a proxyvm for other 
appvms works! 

I am going to let this soak in a bit, read up on (quite) a few things (like 
sg?) then try to figure some other aspects out like randomly (or somewhat 
randomly, or at least more easily than editing files each time) being able to 
switch vpn servers as my provider has a few to pick from. Thoughts?

Thank you so *very* much for your help/patience, there is no way I would have 
been able to read my way through this. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a79da70-210d-458f-acdc-4ac2d3a215f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Tuesday, July 5, 2016 at 2:53:22 PM UTC-4, gaikokuji...@gmail.com wrote:
> On Tuesday, July 5, 2016 at 2:14:39 PM UTC+4:30, Marek Marczykowski-Górecki 
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On Tue, Jul 05, 2016 at 12:52:18PM -0400, Chris Laprise wrote:
> > > On 07/05/2016 11:03 AM, gaikokujinkyofu...@gmail.com wrote:
> > > > On Tuesday, July 5, 2016 at 10:44:03 AM UTC-4, Chris Laprise wrote:
> > > > > On 07/05/2016 10:17 AM, gaikokujinkyofu...@gmail.com wrote:
> > > > > > On Tuesday, July 5, 2016 at 5:52:08 AM UTC-4, Chris Laprise wrote:
> > > > > > > On 07/04/2016 08:42 PM, gaikokujinkyofu...@gmail.com wrote:
> > > > > > > > No worries, honestly I should have thought of the sudo myself.
> > > > > > > > 
> > > > > > > > Well, running it with sudo and it went swimmingly, it connected 
> > > > > > > > so that is good, another hurdle cleared.
> > > > > > > > 
> > > > > > > > I am now back to one of your earlier posts in this thread, 
> > > > > > > > regarding the qubes-firewall-user-script.
> > > > > > > > 
> > > > > > > > I have to admit that I am not totally clear on needing to run 
> > > > > > > > the groupadd (it seems to be run in the firewall script?) but I 
> > > > > > > > ran it (and it shows up in /etc/group so I guess thats good?) 
> > > > > > > > but then on the next line:
> > > > > > > > 
> > > > > > > > sudo sg qvpn -c openvpn --cd /rw/config/openvpn/ --config 
> > > > > > > > openvpn-client.ovpn
> > > > > > > > 
> > > > > > > > I get an error saying:
> > > > > > > > Options error: In [CMD-LINE]:1: Error opening configuration 
> > > > > > > > file:openvn-client.ovpn
> > > > > > > > 
> > > > > > > > I don't understand groups and ids very well so am not sure 
> > > > > > > > where there breakdown is here, perhaps I need to set something 
> > > > > > > > regarding the openvpn-client.ovpn file?
> > > > > > > Error message indicates that the filename has a typo:
> > > > > > > 'openvn-client.ovpn' should be 'openvpn-client.ovpn'.
> > > > > > > 
> > > > > > > File ids will be OK if you created them with sudo. Running 
> > > > > > > groupadd
> > > > > > > multiple times with 'f' option is fine, too.
> > > > > > > 
> > > > > > > Chris
> > > > > > Thanks Chris & Eva.
> > > > > > 
> > > > > > I rechecked what I typed (I was typing from one computer the error 
> > > > > > from another computer that time, logged in on the same comp so am 
> > > > > > c/p outputs now) and I actually had typed it correctly.
> > > > > > 
> > > > > > I also tried adding the full paths to the openvpn-client.ovpn files 
> > > > > > as suggested (though I added ca.crt and crl.pem instead of ca.key 
> > > > > > and crl.key, assuming thats ok?). As for my openvpn.config 
> > > > > > (openvpn-client.ovpn right?) being stored in the wrong place, I 
> > > > > > have it in /rw/config/openvpn/ should it be somewhere else?
> > > > > > 
> > > > > > Regardless, after doublechecking what I typed, and adding the full 
> > > > > > path in as suggested the below is what I got, this time a c/p :p
> > > > > > 
> > > > > > [user@VPN openvpn]$ sudo openvpn --cd /rw/config/openvpn/ --config 
> > > > > > /rw/config/openvpn/openvpn-client.ovpn
> > > > > > Options error: In [CMD-LINE]:1: Error opening configuration file: 
> > > > > > /rw/config/openvpn/openvpn-client.ovpn
> > > > > > Use --help for more information.
> > > > > > [user@VPN openvpn]$
> > > > > > 
> > > > > > thoughts?
> > > > > > 
> > > > > I have seen SELinux restrictions cause this error. But that shouldn't 
> > > > > be
> > > > > a concern if you're using a regular fedora 23 or debian 8 template. 
> > > > > Did
> > > > > you enable SELinux or Apparmor?
> > > > > 
> > > > > http://unix.stackexchange.com/questions/94806/openvpn-options-error-in-cmd-line1-error-opening-configuration-file
> > > > > 
> > > > > Can you do 'ls -lZ /rw/config/openvpn' and paste the output here?
> > > > > 
> > > > > Chris
> > > > I am vaugely familar with SElinux and apparmour (hardening?) but I have 
> > > > not enabled it, at least not intentionally (not tinkered with anything 
> > > > realted to it either). But as for output, absoulutely! here it is:
> > > > 
> > > > [user@VPN openvpn]$ ls -lZ /rw/config/openvpn
> > > > total 16
> > > > -rw-r--r-- 1 root root ? 1395 Jul  4 17:56 ca.crt
> > > > -rw-r--r-- 1 root root ?  577 Jul  4 17:56 crl.pem
> > > > -rw-r--r-- 1 user user ?  375 Jul  5 09:58 openvpn-client.opvn
> > > > -rwxr-xr-x 1 root root ? 1088 Jul  3 20:45 qubes-vpn-handler.sh
> > > > [user@VPN openvpn]$
> > > 
> > > That shows the problem, I think. Change the ownership of the ovpn file to
> > > root...
> > > sudo chown root:root /rw/config/openvpn/openvpn-client.opvn
> > 
> > It shouldn't be a problem, as anyone can read the file anyway. And in
> > above cmdline, openvpn is running as root, so just another hint it isn't
> > permissions problem.
> > 
> > It's a typo in file name:
> > /rw/config/openvpn/openvpn-client.ovpn
> > /rw/config/openvpn/openvpn-client.opvn

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Tuesday, July 5, 2016 at 10:44:03 AM UTC-4, Chris Laprise wrote:
> On 07/05/2016 10:17 AM, gaikokujinkyofu...@gmail.com wrote:
> > On Tuesday, July 5, 2016 at 5:52:08 AM UTC-4, Chris Laprise wrote:
> >> On 07/04/2016 08:42 PM, gaikokujinkyofu...@gmail.com wrote:
> >>> No worries, honestly I should have thought of the sudo myself.
> >>>
> >>> Well, running it with sudo and it went swimmingly, it connected so that 
> >>> is good, another hurdle cleared.
> >>>
> >>> I am now back to one of your earlier posts in this thread, regarding the 
> >>> qubes-firewall-user-script.
> >>>
> >>> I have to admit that I am not totally clear on needing to run the 
> >>> groupadd (it seems to be run in the firewall script?) but I ran it (and 
> >>> it shows up in /etc/group so I guess thats good?) but then on the next 
> >>> line:
> >>>
> >>> sudo sg qvpn -c openvpn --cd /rw/config/openvpn/ --config 
> >>> openvpn-client.ovpn
> >>>
> >>> I get an error saying:
> >>> Options error: In [CMD-LINE]:1: Error opening configuration 
> >>> file:openvn-client.ovpn
> >>>
> >>> I don't understand groups and ids very well so am not sure where there 
> >>> breakdown is here, perhaps I need to set something regarding the 
> >>> openvpn-client.ovpn file?
> >> Error message indicates that the filename has a typo:
> >> 'openvn-client.ovpn' should be 'openvpn-client.ovpn'.
> >>
> >> File ids will be OK if you created them with sudo. Running groupadd
> >> multiple times with 'f' option is fine, too.
> >>
> >> Chris
> > Thanks Chris & Eva.
> >
> > I rechecked what I typed (I was typing from one computer the error from 
> > another computer that time, logged in on the same comp so am c/p outputs 
> > now) and I actually had typed it correctly.
> >
> > I also tried adding the full paths to the openvpn-client.ovpn files as 
> > suggested (though I added ca.crt and crl.pem instead of ca.key and crl.key, 
> > assuming thats ok?). As for my openvpn.config (openvpn-client.ovpn right?) 
> > being stored in the wrong place, I have it in /rw/config/openvpn/ should it 
> > be somewhere else?
> >
> > Regardless, after doublechecking what I typed, and adding the full path in 
> > as suggested the below is what I got, this time a c/p :p
> >
> > [user@VPN openvpn]$ sudo openvpn --cd /rw/config/openvpn/ --config 
> > /rw/config/openvpn/openvpn-client.ovpn
> > Options error: In [CMD-LINE]:1: Error opening configuration file: 
> > /rw/config/openvpn/openvpn-client.ovpn
> > Use --help for more information.
> > [user@VPN openvpn]$
> >
> > thoughts?
> >
> 
> I have seen SELinux restrictions cause this error. But that shouldn't be 
> a concern if you're using a regular fedora 23 or debian 8 template. Did 
> you enable SELinux or Apparmor?
> 
> http://unix.stackexchange.com/questions/94806/openvpn-options-error-in-cmd-line1-error-opening-configuration-file
> 
> Can you do 'ls -lZ /rw/config/openvpn' and paste the output here?
> 
> Chris

I am vaugely familar with SElinux and apparmour (hardening?) but I have not 
enabled it, at least not intentionally (not tinkered with anything realted to 
it either). But as for output, absoulutely! here it is:

[user@VPN openvpn]$ ls -lZ /rw/config/openvpn
total 16
-rw-r--r-- 1 root root ? 1395 Jul  4 17:56 ca.crt
-rw-r--r-- 1 root root ?  577 Jul  4 17:56 crl.pem
-rw-r--r-- 1 user user ?  375 Jul  5 09:58 openvpn-client.opvn
-rwxr-xr-x 1 root root ? 1088 Jul  3 20:45 qubes-vpn-handler.sh
[user@VPN openvpn]$ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/459f5ce8-9433-4b51-a340-78b8e4ff62fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Tuesday, July 5, 2016 at 5:52:08 AM UTC-4, Chris Laprise wrote:
> On 07/04/2016 08:42 PM, gaikokujinkyofu...@gmail.com wrote:
> >
> > No worries, honestly I should have thought of the sudo myself.
> >
> > Well, running it with sudo and it went swimmingly, it connected so that is 
> > good, another hurdle cleared.
> >
> > I am now back to one of your earlier posts in this thread, regarding the 
> > qubes-firewall-user-script.
> >
> > I have to admit that I am not totally clear on needing to run the groupadd 
> > (it seems to be run in the firewall script?) but I ran it (and it shows up 
> > in /etc/group so I guess thats good?) but then on the next line:
> >
> > sudo sg qvpn -c openvpn --cd /rw/config/openvpn/ --config 
> > openvpn-client.ovpn
> >
> > I get an error saying:
> > Options error: In [CMD-LINE]:1: Error opening configuration 
> > file:openvn-client.ovpn
> >
> > I don't understand groups and ids very well so am not sure where there 
> > breakdown is here, perhaps I need to set something regarding the 
> > openvpn-client.ovpn file?
> 
> Error message indicates that the filename has a typo: 
> 'openvn-client.ovpn' should be 'openvpn-client.ovpn'.
> 
> File ids will be OK if you created them with sudo. Running groupadd 
> multiple times with 'f' option is fine, too.
> 
> Chris

Thanks Chris & Eva.

I rechecked what I typed (I was typing from one computer the error from another 
computer that time, logged in on the same comp so am c/p outputs now) and I 
actually had typed it correctly. 

I also tried adding the full paths to the openvpn-client.ovpn files as 
suggested (though I added ca.crt and crl.pem instead of ca.key and crl.key, 
assuming thats ok?). As for my openvpn.config (openvpn-client.ovpn right?) 
being stored in the wrong place, I have it in /rw/config/openvpn/ should it be 
somewhere else?

Regardless, after doublechecking what I typed, and adding the full path in as 
suggested the below is what I got, this time a c/p :p

[user@VPN openvpn]$ sudo openvpn --cd /rw/config/openvpn/ --config 
/rw/config/openvpn/openvpn-client.ovpn
Options error: In [CMD-LINE]:1: Error opening configuration file: 
/rw/config/openvpn/openvpn-client.ovpn
Use --help for more information.
[user@VPN openvpn]$

thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67dc553b-0f50-4627-88df-20de45c27ad9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Monday, July 4, 2016 at 11:51:26 AM UTC+6, Chris Laprise wrote:
> On 07/04/2016 11:33 AM, gaikokujinkyofu...@gmail.com wrote:
> > On Sunday, July 3, 2016 at 11:32:53 PM UTC-3:30, Chris Laprise wrote:
> >> On 07/03/2016 10:10 PM, gaikokujinkyofu...@gmail.com wrote:
> >>> On Sunday, July 3, 2016 at 9:56:15 PM UTC+3, Chris Laprise wrote:
>  On 07/03/2016 09:14 PM, gaikokujinkyofu...@gmail.com wrote:
> > Some things came up so I hadn't gotten around to trying it out until 
> > now.
> >
> > I created a new VM, VpnVM, and ran
> >
> > openvpn openvpn.ovpn
> >
> > and yeah! it connected and I opened firefox from VpnVM, and it was 
> > using the vpn, then ran PersonalVM using VpnVM as my NetVM and 
> > PersonalVM also showed up as using the VPN so first hurdle cleared?
>  Yes.
> 
> > Lots more hurdles though as my understanding of it all drops off 
> > precipitously.
> >
> > I modified the /rw/config/openvpn/openvpn-client.ovpn file with the
> >
> > script-security 2
> > up 'qubes-vpn-handler.sh up'
> > down 'qubes-vpn-handler.sh down'
> >
> > lines
> >
> > and I created the qubes-vpn-handler.sh and changed permissions.
> >
> > I then tried to start openvpn /rw/config/openvpn/openvpn-client.ovpn
> >
> > and no go. I get errors:
> >
> > Options error: --ca fails with ca.crt: No such file or directory
> > Options error: --crl-verify failes crl.prm: no such file or dir
> > Options error: please correct these errors
> >
> > I didn't get these errors before I added the qubes-vpn-handler.sh
> >
> > thoughts?
>  It looks like you switched to the example ovpn config from
>  https://github.com/ttasket/Qubes-vpn-support
> 
>  I'd recommend you use your original working ovpn and just add the 3
>  script lines to that.
> 
>  Chris
> >>> Actually I am using the ovpn that the vpn provider gives, and am just 
> >>> adding the 3 lines that step "2. Set up OpenVPN." of 
> >>> https://www.qubes-os.org/doc/vpn/ page suggest to the ovpn config file 
> >>> that the vpn provider gave.
> >>>
> >>> That file seems to work until I modify it with the 3 lines. While I don't 
> >>> understand the script I would assume there is something in the handler 
> >>> script that my setup doesn't like as the 3 lines are just invoking the 
> >>> qubes-vpn-handler.sh right?
> >> Above, you switched from 'openvpn.ovpn' to...
> >> '/rw/config/openvpn/openvpn-client.ovpn' so make sure they are the same.
> >>
> >> Changing the location of the files or your current directory while
> >> omitting the '--cd' directive would cause the errors. Try starting it
> >> with 'openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn'.
> >>
> >> Chris
> > Ah sorry. Thanks. I guess, some of my lazy shorthand confused things. I can 
> > promise though I have been going off the https://www.qubes-os.org/doc/vpn/ 
> > doc, wasn't actually aware of the github one.
> >
> > When I try to execute it what dir should I be doing this from? I tried the 
> > line you suggested
> > openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn
> >
> > but got the same options errors as before (just for the heck of it I tried 
> > from my home dir and from the /rw/config/openvpn dir)
> 
> My bad, I should have said 'sudo openvpn --cd /rw/config/openvpn/ 
> --config openvpn-client.ovpn'. You want to run it with 'sudo'.
> 
> It shouldn't matter where you start openvpn from as long as you use '--cd'.
> 
> Also, verify that the two 'missing' files are in the /rw/config/openvpn 
> dir. Do an 'ls -l' there to check they are owned by root.
> 
> Chris

No worries, honestly I should have thought of the sudo myself.

Well, running it with sudo and it went swimmingly, it connected so that is 
good, another hurdle cleared.

I am now back to one of your earlier posts in this thread, regarding the 
qubes-firewall-user-script.

I have to admit that I am not totally clear on needing to run the groupadd (it 
seems to be run in the firewall script?) but I ran it (and it shows up in 
/etc/group so I guess thats good?) but then on the next line:

sudo sg qvpn -c openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn

I get an error saying:
Options error: In [CMD-LINE]:1: Error opening configuration 
file:openvn-client.ovpn

I don't understand groups and ids very well so am not sure where there 
breakdown is here, perhaps I need to set something regarding the 
openvpn-client.ovpn file?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fdd853e-9e54-4c93-99ad-def7b03ace5c%40googlegroups.com.
For 

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Sunday, July 3, 2016 at 11:32:53 PM UTC-3:30, Chris Laprise wrote:
> On 07/03/2016 10:10 PM, gaikokujinkyofu...@gmail.com wrote:
> > On Sunday, July 3, 2016 at 9:56:15 PM UTC+3, Chris Laprise wrote:
> >> On 07/03/2016 09:14 PM, gaikokujinkyofu...@gmail.com wrote:
> >>>
> >>> Some things came up so I hadn't gotten around to trying it out until now.
> >>>
> >>> I created a new VM, VpnVM, and ran
> >>>
> >>> openvpn openvpn.ovpn
> >>>
> >>> and yeah! it connected and I opened firefox from VpnVM, and it was using 
> >>> the vpn, then ran PersonalVM using VpnVM as my NetVM and PersonalVM also 
> >>> showed up as using the VPN so first hurdle cleared?
> >> Yes.
> >>
> >>> Lots more hurdles though as my understanding of it all drops off 
> >>> precipitously.
> >>>
> >>> I modified the /rw/config/openvpn/openvpn-client.ovpn file with the
> >>>
> >>> script-security 2
> >>> up 'qubes-vpn-handler.sh up'
> >>> down 'qubes-vpn-handler.sh down'
> >>>
> >>> lines
> >>>
> >>> and I created the qubes-vpn-handler.sh and changed permissions.
> >>>
> >>> I then tried to start openvpn /rw/config/openvpn/openvpn-client.ovpn
> >>>
> >>> and no go. I get errors:
> >>>
> >>> Options error: --ca fails with ca.crt: No such file or directory
> >>> Options error: --crl-verify failes crl.prm: no such file or dir
> >>> Options error: please correct these errors
> >>>
> >>> I didn't get these errors before I added the qubes-vpn-handler.sh
> >>>
> >>> thoughts?
> >> It looks like you switched to the example ovpn config from
> >> https://github.com/ttasket/Qubes-vpn-support
> >>
> >> I'd recommend you use your original working ovpn and just add the 3
> >> script lines to that.
> >>
> >> Chris
> > Actually I am using the ovpn that the vpn provider gives, and am just 
> > adding the 3 lines that step "2. Set up OpenVPN." of 
> > https://www.qubes-os.org/doc/vpn/ page suggest to the ovpn config file that 
> > the vpn provider gave.
> >
> > That file seems to work until I modify it with the 3 lines. While I don't 
> > understand the script I would assume there is something in the handler 
> > script that my setup doesn't like as the 3 lines are just invoking the 
> > qubes-vpn-handler.sh right?
> 
> Above, you switched from 'openvpn.ovpn' to... 
> '/rw/config/openvpn/openvpn-client.ovpn' so make sure they are the same.
> 
> Changing the location of the files or your current directory while 
> omitting the '--cd' directive would cause the errors. Try starting it 
> with 'openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn'.
> 
> Chris

Ah sorry. Thanks. I guess, some of my lazy shorthand confused things. I can 
promise though I have been going off the https://www.qubes-os.org/doc/vpn/ doc, 
wasn't actually aware of the github one.

When I try to execute it what dir should I be doing this from? I tried the line 
you suggested 
openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn

but got the same options errors as before (just for the heck of it I tried from 
my home dir and from the /rw/config/openvpn dir)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/392e3dc3-fbd1-492f-a9d2-2dc6771d0f81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Wednesday, June 22, 2016 at 1:48:33 PM UTC-3:30, gaikokuji...@gmail.com 
wrote:
> On Monday, June 20, 2016 at 5:19:27 AM UTC+5:45, Chris Laprise wrote:
> > On 06/19/2016 10:13 PM, gaikokujinkyofu...@gmail.com wrote:
> > > On Thursday, June 16, 2016 at 6:33:48 PM UTC+9, gaikokuji...@gmail.com 
> > > wrote:
> > >> I started trying to create a VPN VM following the 
> > >> https://www.qubes-os.org/doc/vpn/ page. I checked if openvm was 
> > >> installed, it was (using fedora/ using the "firewall" for the allow 
> > >> networking option not mentioned in the VPN page). There was not a 
> > >> /rw/config/openvm dir so I tried making one then went through the rest 
> > >> of the instructions. I am double checked what I did against the 
> > >> instructions and am fairly sure I followed them correctly.
> > >>
> > >> I tried setting my now "VPN" vm as the netvm, shutdown both then 
> > >> restarted vpn vm then the modified-to-use-vpn vm appvm and tried 
> > >> connecting to the internet, nada.
> > >>
> > >> I did go to the Fedora "establishing a VPN Connection" page but 
> > >> intimidating is a bit of an understatement.
> > >>
> > >> How can I go about diagnosing what is not working?
> > > I worked on this a bit more. Waded through the fedora establishing a VPN 
> > > connection page, rather confusing, but I opened a Network settings window 
> > > for my VPN VM and added a VPN by importing a openvpn config file via the 
> > > VPN add a network connection's "import from file" option (and it seemed 
> > > to import fine).
> > >
> > > Now I am not entirely sure what I have. I of course did everything 
> > > outlined in the Qubes VPN page. I now have two network connection icons, 
> > > one for my wifi and another showing the VPN VM's eth? problem is the VPN 
> > > VM ethernet connection doesn't seem to be connected. When I go to network 
> > > via *settings* it now shows me three connections: Wired, the VPN I setup, 
> > > and Network Proxy.
> > >
> > > When I go via *Network Connections* it now shows me under Ethernet "VM 
> > > uplink eth0" and under VPN "VPN Provider" (the provider whose openvpn 
> > > config I imported). It shows the ethernet as having been used within the 
> > > last few minutes but the VPN as never having been used.
> > >
> > > On the Fedora page it mentions setting an autoconnect (automatically 
> > > connect to VPN when using this connection) option which I thought it was 
> > > talking about for the VPN but as I couldn't find it on the VPN connection 
> > > and could on the eth0 connection I tried setting the autoconnect to (and 
> > > selected the VPN connection from the pull down menu) but while I can 
> > > select it it does not stay selected if I restart the VPN VM.
> > >
> > > Now I am not able to connect to the internet on the VPN VM and def not 
> > > from another AppVM trying to use the VPN as a proxy.
> > >
> > > I am just not sure where I have gone wrong here. Where would I look for a 
> > > log to start trying to figure out the issue? (I saw a "run in debug mode" 
> > > under VM settings... might that be a place to start?)
> > >
> > > Thanks!
> > 
> > Hi again...
> > 
> > You should create a separate proxy vm for each type of vpn configuration 
> > you're trying, otherwise they will interfere with each other.
> > 
> > To get the openvpn + firewall method working, first try running openvpn 
> > manually with 'sudo openvpn [...]' before adding any scripts. Omit the 
> > --daemon option so it will display information you can use to 
> > troubleshoot the link.
> > 
> > Once you have the link working, you can try adding script lines to your 
> > .ovpn file and the qubes-vpn-handler, then test manually again. Finally, 
> > add the qubes-firewall-user-script and reboot the vm, then test again. 
> > Keep in mind that once you add the firewall it will block openvpn unless 
> > the latter is run under group 'qvpn' so you would type the following:
> > sudo groupadd -rf qvpn
> > sudo sg qvpn -c 'openvpn [...]'
> > 
> > NM connection... Try it in a fresh vm. The vpn autoconnect might not 
> > work, however; The last time I tried to use it, NM behaved erratically 
> > (and did not have appropriate firewall protections anyway).
> > 
> > Chris
> 
> Thanks I will try that out.

Some things came up so I hadn't gotten around to trying it out until now.

I created a new VM, VpnVM, and ran 

openvpn openvpn.ovpn

and yeah! it connected and I opened firefox from VpnVM, and it was using the 
vpn, then ran PersonalVM using VpnVM as my NetVM and PersonalVM also showed up 
as using the VPN so first hurdle cleared?

Lots more hurdles though as my understanding of it all drops off precipitously. 

I modified the /rw/config/openvpn/openvpn-client.ovpn file with the 

script-security 2
up 'qubes-vpn-handler.sh up'
down 'qubes-vpn-handler.sh down'

lines

and I created the qubes-vpn-handler.sh and changed permissions.

I then tried to start openvpn /rw/config/openvpn/openvpn-client.ovpn

and no go. I 

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

On Monday, June 20, 2016 at 5:19:27 AM UTC+5:45, Chris Laprise wrote:
> On 06/19/2016 10:13 PM, gaikokujinkyofu...@gmail.com wrote:
> > On Thursday, June 16, 2016 at 6:33:48 PM UTC+9, gaikokuji...@gmail.com 
> > wrote:
> >> I started trying to create a VPN VM following the 
> >> https://www.qubes-os.org/doc/vpn/ page. I checked if openvm was installed, 
> >> it was (using fedora/ using the "firewall" for the allow networking option 
> >> not mentioned in the VPN page). There was not a /rw/config/openvm dir so I 
> >> tried making one then went through the rest of the instructions. I am 
> >> double checked what I did against the instructions and am fairly sure I 
> >> followed them correctly.
> >>
> >> I tried setting my now "VPN" vm as the netvm, shutdown both then restarted 
> >> vpn vm then the modified-to-use-vpn vm appvm and tried connecting to the 
> >> internet, nada.
> >>
> >> I did go to the Fedora "establishing a VPN Connection" page but 
> >> intimidating is a bit of an understatement.
> >>
> >> How can I go about diagnosing what is not working?
> > I worked on this a bit more. Waded through the fedora establishing a VPN 
> > connection page, rather confusing, but I opened a Network settings window 
> > for my VPN VM and added a VPN by importing a openvpn config file via the 
> > VPN add a network connection's "import from file" option (and it seemed to 
> > import fine).
> >
> > Now I am not entirely sure what I have. I of course did everything outlined 
> > in the Qubes VPN page. I now have two network connection icons, one for my 
> > wifi and another showing the VPN VM's eth? problem is the VPN VM ethernet 
> > connection doesn't seem to be connected. When I go to network via 
> > *settings* it now shows me three connections: Wired, the VPN I setup, and 
> > Network Proxy.
> >
> > When I go via *Network Connections* it now shows me under Ethernet "VM 
> > uplink eth0" and under VPN "VPN Provider" (the provider whose openvpn 
> > config I imported). It shows the ethernet as having been used within the 
> > last few minutes but the VPN as never having been used.
> >
> > On the Fedora page it mentions setting an autoconnect (automatically 
> > connect to VPN when using this connection) option which I thought it was 
> > talking about for the VPN but as I couldn't find it on the VPN connection 
> > and could on the eth0 connection I tried setting the autoconnect to (and 
> > selected the VPN connection from the pull down menu) but while I can select 
> > it it does not stay selected if I restart the VPN VM.
> >
> > Now I am not able to connect to the internet on the VPN VM and def not from 
> > another AppVM trying to use the VPN as a proxy.
> >
> > I am just not sure where I have gone wrong here. Where would I look for a 
> > log to start trying to figure out the issue? (I saw a "run in debug mode" 
> > under VM settings... might that be a place to start?)
> >
> > Thanks!
> 
> Hi again...
> 
> You should create a separate proxy vm for each type of vpn configuration 
> you're trying, otherwise they will interfere with each other.
> 
> To get the openvpn + firewall method working, first try running openvpn 
> manually with 'sudo openvpn [...]' before adding any scripts. Omit the 
> --daemon option so it will display information you can use to 
> troubleshoot the link.
> 
> Once you have the link working, you can try adding script lines to your 
> .ovpn file and the qubes-vpn-handler, then test manually again. Finally, 
> add the qubes-firewall-user-script and reboot the vm, then test again. 
> Keep in mind that once you add the firewall it will block openvpn unless 
> the latter is run under group 'qvpn' so you would type the following:
> sudo groupadd -rf qvpn
> sudo sg qvpn -c 'openvpn [...]'
> 
> NM connection... Try it in a fresh vm. The vpn autoconnect might not 
> work, however; The last time I tried to use it, NM behaved erratically 
> (and did not have appropriate firewall protections anyway).
> 
> Chris

Thanks I will try that out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9469669-a914-4ff6-bfb3-43a808e8b166%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Restored win7 AppVM now w/ issues? shortcuts gone? qvm-sync-appmenus & start VM for WTI errors?

[gaikokujinkyofusho]

On Thursday, June 16, 2016 at 7:55:21 PM UTC-4, gaikokuji...@gmail.com wrote:
> I had managed to get a nice win7 HVM working, updates and all so first thing 
> I did was backup that vm. I tried restoring it later and found that it again 
> (a problem I was having before) wasn't able to update and (unlike before) all 
> the shortcuts were missing except for "start"?
> 
> I gave up on MS's updates and just used WSUS and that worked well enough so I 
> won't bother with trying to figure out why win isn't updating properly but 
> the shortcuts would come in handy as it does kind of defeat much of the 
> purpose if I can't start the win apps in their own windows.
> 
> qvm-sync-appmenus win7 (my template
> 
> and it said the Needs qrexec agent installed
> 
> I installed it previously and it seemed to be working fine at the time I had 
> made a backup. Anyway, from the VM manager I tried to start VM for window 
> tools installation but got an internal error libxenlight failed to create win7
> 
> I'm running out of ideas...
> 
> Thoughts?

btw, here is the WTI error i get

[gaiko@dom0 ~]$ qvm-start win7 --install-windows-tools
--> Loading the VM (type = HVM)...
Traceback (most recent call last):
  File "/usr/bin/qvm-start", line 131, in 
main()
  File "/usr/bin/qvm-start", line 115, in main
xid = vm.start(verbose=options.verbose, 
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
notify_function=tray_notify_generic if options.tray else None)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 
326, in start
return super(QubesHVm, self).start(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
1901, in start
self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in 
createWithFlags
if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', 
dom=self)
libvirt.libvirtError: internal error: libxenlight failed to create new domain 
'win7'
[gaiko@dom0 ~]$ 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7764ab68-05c2-4c75-932a-42391d1a993f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

[gaikokujinkyofusho]

I started trying to create a VPN VM following the 
https://www.qubes-os.org/doc/vpn/ page. I checked if openvm was installed, it 
was (using fedora/ using the "firewall" for the allow networking option not 
mentioned in the VPN page). There was not a /rw/config/openvm dir so I tried 
making one then went through the rest of the instructions. I am double checked 
what I did against the instructions and am fairly sure I followed them 
correctly.

I tried setting my now "VPN" vm as the netvm, shutdown both then restarted vpn 
vm then the modified-to-use-vpn vm appvm and tried connecting to the internet, 
nada.

I did go to the Fedora "establishing a VPN Connection" page but intimidating is 
a bit of an understatement.

How can I go about diagnosing what is not working?



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bcd708ec-0ead-4461-a089-cb56e0170ffc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Likely that installing a second hard drive in CDrom dray would *not* work?

[gaikokujinkyofusho]

On Friday, June 10, 2016 at 3:32:26 AM UTC-1, Laszlo Zrubecz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 06/09/2016 05:13 PM, gaikokujinkyofu...@gmail.com wrote:
> > I had problems with my cdrom drive, mainly that I could not get
> > Qubes, or any other Linux, to see it. I didn't have much use for it
> > before but now it is totally useless. Even before this I had
> > considered replacing it with a hard drive caddy but now I am less
> > sure since the cdrom wasn't recognized.
> > 
> > Is my reasoning correct or since I would be installing a regular
> > hard drive and I think the interface is just SATA then its likely
> > it should work? Thoughts? (not looking for "guarantees" just some
> > feedback from those more Qubes savvy than myself).
> 
> 
> I was using such HDD caddy in my Dell E6430.
> 
> So if your device support this (means you have a HDD caddy and it fits
> to the SATA connectors) this will just work. Your BIOS and Qubes will
> see you 2nd HDD.
> 
> Using the 2nd HDD under Qubes is another question, you may find
> discussions about that topic on the mailing lists.
> 
> 
> - -- 
> Zrubi
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJXWmz+AAoJEC3TtYFBiXSvECcQAJlwPqekYm/IPzm5uaXmXof7
> HeAsMhaq8pHdXheyHpmZ2cXtR1uCg8v4+DPEQVMXAchTEX1ReThihpdvK8VsYaMW
> 6qRwYIJ3lxqn5u/hTO32CVJnTFooy3Llt6KnGxs/Nw7tOXqhXCzlm43EtWI4P1cz
> ubEmV7BZYTg6sxPxevygr20xOBo3Pkpvf/DeQba3zMgRcsaNN0eft9GpV9Dh0xj7
> Mijoxmpqk0tn0XHDfdRyBy/2gOE0gKblwtXUOx/Fk1RIIuabOGXzmyWxpO/26e7+
> paaeuvPlorE/0CqGV5s/fqrUovo4xXiE2wa6UbmcG3TX38Q4/vuhLSDTAOnj3sUr
> BSa0EO7l5YA5HLJjEJKRSH1kqEGO0aHxebpDvEr2qfErP4+DhPESkHaB/sDBOI8T
> DJp0pxTe1Ti/JFNQm06OEa07xjyEp3Sd/DVKhrBrtep5wyTtE89oJDEfZYYCg635
> 3tP8o43jeLftXJuEtPHruWiPCSz0DQQWMP/6KDUixnEFlVINcJpXhvoSMU9ShUzf
> jrNrotD58PHzAGzHSmco8K5BPr9vBzkkcbD40TpoY6ba5+DYlkxcK7wkV7pkU3qN
> BuUnqfI26Oc1W/8/7MYo1j1wF7+3KPElcvTH+AhF/JCla+mlI5Cm/i0vw0OYqKYy
> 00sGIA3YsudEyu0xz2+2
> =elOm
> -END PGP SIGNATURE-

Thanks for the response, I hadn't considered that Qubes using a 2nd hard drive 
might be an issue. I will look over the other discussions. Much appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f5ec6dd-6f4f-4132-8343-f116d1dd028a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New Win7 HVM will not update?

[gaikokujinkyofusho]

On Tuesday, June 7, 2016 at 9:22:00 PM UTC+12, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-06-07 05:39, gaikokujinkyofu...@gmail.com wrote:
> > Thanks for the response, that is a bit of a PITA but I'm totally 
> > willing to give it a try. One question, when you say unpatched do 
> > you mean w/o SP1 or you did this with a SP1 ISO?
> > 
> > Cheers
> > 
> 
> FWIW, I had a relatively painless Win 7 update experience by following
> the advice here:
> 
> https://superuser.com/questions/951960/windows-7-sp1-windows-update-
> stuck-checking-for-updates
> 
> (At the time, I followed some combination of the top two rated
> answers, but it looks like the content of the answers is different
> now. Still a good bet, IMO.)
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXV3MvAAoJENtN07w5UDAwf1kQAJ9dKEKGUWi1mmPtJGhonzh5
> E7y6HXHc/2SCMd5Ue4CsCheX0ZsbYdG8Sq4HsNNWftl2QR7kzNMCb26lYlEQVkyj
> k8EhjU6Gt8lMuWflETTuZaO6NQKHDQ13g7stWJTGSKw9EMmuNvBMrsVLTmVP/JJu
> lWNxi1POSq297nbLOSOUHEILQ9ZHWly5ZmHNS7PSFLra4B3XCnq+MI3VYaaBiNiI
> 84izWmKkNieRoj8eDQ3mVHXkhO3Z6k9hhvNFbUxOHqsLWFmL8nvQefRbHaYaXhwO
> R9+bHE+yIa6VjIqRyq0+DDlkxnB+zrL75Iux90t91RmSQWEG2VZIzuyEvptS993H
> TXCZDVmg2VPJFPIOcCO7iBrufkxYqSOSWBvXf74b6VkjUhFowE6GQRA+jpdVXqZA
> QQxMFFN27WB5dBQvtnqStXkRpL1H2p+157gQqc0KArw07D2Em1a8T02nEoxZjisU
> g0QJRvAA+px2fi0gsyCHeTpPGCFYWpdHeOnUGTjrMsEi6EVRnCsJ/QOc5zGq0+hm
> l/uLwC4wE/fROWBVqNJbtpepB6VSxvu9sk4K0he1aIXVBXR26rgvFZEt9NgUUkZL
> ureeNjmZlrc4iaF+AYFQNdoUaBhumZsbnOrTUVTqSESpMTL6fzxXaVNKrOFZd97y
> Czm3SBR+1yNXVuUCUIWx
> =pcie
> -END PGP SIGNATURE-

Thanks Andrew! I came across WSUS and actually pointed NTlite to the updates 
that WSUS downloaded so it was quite handy! (cant imagine downloading them 
separately). NTlite allows you to make an updated/customized install iso with 
all (ok, most) the updates etc. It added an extra 1.5gb to the ISO but 
*totally* worth it. So far I was able to make the win7vm, install it (almost 
unattended) and run updates immediately and fill in the few updates that NTLite 
didn't cover.

John's response got me on the right track for sure, but I wasn't able to make 
it work so I tried NTlite and WSUS as subs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3f093e5-6451-40f2-abf9-6e8f4649a590%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New Win7 HVM will not update?

[gaikokujinkyofusho]

On Monday, June 6, 2016 at 11:58:52 PM UTC+12:45, John Marrett wrote:
> I've recently completed a windows 7 install and gotten it to update
> completely. This was not at all easy.
> 
> I took my original ISO and updated it with the recent convenience
> rollup (I used an unpatched win 7 install with about 30G of user space
> to do this, you'll need the disk space necessary for two copies of the
> ISO, the 1G+ convenience patch and some software for the patching):
> 
> http://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/
> 
> I then installed from this iso, I installed another patch that's
> supposed to improve windows patching speed that I found out about on
> stackoverflow:
> 
> https://support.microsoft.com/en-us/kb/3138612
> 
> I then waited a very long time, it was still stuck checking for
> updates but the shutdown option showed patches ready to install. After
> 2-3 shutdowns to install patches and a lot of waiting the system is
> now fully patched.
> 
> Hopefully this information can help you,
> 
> -JohnF
> 
> 
> On Mon, Jun 6, 2016 at 10:15 PM,   wrote:
> > Hi, I finally got past the cdrom issue (ie didn't need it anyway!) and 
> > installed win7 with only one hiccup (512 default mem setting) and it seemed 
> > to install fine, I had net access and everything. I downloaded the GWX 
> > control panel app and anti-beacon then tried to run win updates, it ran, 
> > and ran, for like 3 hours never giving any indication that it was doing 
> > anything but "checking". That was before started "start VM for Windows 
> > Tools Installation" and ran the qubes-tools-WIN7x64-3.0.4.1 app in the virt 
> > cdrom that showed up in win7 , I then rebooted win7 and was able to open 
> > shortcuts to apps in win7 (win7 appvm?) from Qubes! Great! but then I am 
> > not sure what happened, I wasn't able to start the "windows window" at 
> > first, and I think I might have tried from the Qubes VM Manager to run 
> > "update VM" and eventually was able to get a "windows 7 window" but now no 
> > network access at all (said no connection), and I am no longer able to open 
> > win7 apps via shortcuts in their own windows, now they open up a large 
> > "win7 window" (full screen) and the app inside of that (not full screen, so 
> > win menu/taskbar etc are accessible). I then put in the network info from 
> > the Win7 settings into windows and set a DNS and I had internet access 
> > again, but still no updates and still not back to being able to open up 
> > appvms). And for what its worth, I am noticing now that before when the 
> > win7 window opened up it would not go to full screen, now it does; also it 
> > now (not sure about before) tells me in the bottom right hand side that its 
> > in "Test Mode, Windows 7, Build 7601".
> >
> > I am fine with starting over with the Win7 VM (after getting over the cdrom 
> > and bsod hurdles it doesn't seem so bad) but I would like to know if in 
> > what I have described I have done anything wrong, hopefully so as I figure 
> > I should be doing sec updates etc in win7.
> >
> > Thanks!!!
> >
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to qubes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to qubes-users@googlegroups.com.
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/43aa9356-883f-4585-9aba-64609e955567%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.

Thanks for the response, that is a bit of a PITA but I'm totally willing to 
give it a try. One question, when you say unpatched do you mean w/o SP1 or you 
did this with a SP1 ISO?

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25bbb664-ec6b-4315-b2da-2a460f42da58%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: unrecoverable bsod after installing win7 vm and installing windows tools

[gaikokujinkyofusho]

On Thursday, January 14, 2016 at 9:14:17 AM UTC, charlotte...@gmail.com wrote:
> On Monday, November 30, 2015 at 1:33:59 PM UTC, Patrick Schleizer wrote:
> > Hi!
> > 
> > In my BSoD case, Qubes Windows Tools are not even involved.
> > 
> > 1.
> > Create New VM -> HVM Template  -> insert Windows 7 Home Premium x64 iso
> > English
> > 
> > not remove dvd drive or anything
> > 
> > 2.
> > start -> install -> automatically shuts down
> > 
> > 3.
> > start -> automatically shuts down
> > 
> > 4.
> > 
> > start -> user/password setup -> skip serial number -> recommended
> > settings -> public network -> usable Windows desktop -> manual shut down
> > 
> > 5.
> > 
> > start -> usable Windows desktop -> manual shut down
> > 
> > 6.
> > 
> > start -> BSoD BAD_SYSTEM_CONFIG
> > 
> > Any idea?
> > 
> > Cheers,
> > Patrick
> 
> Hi Patrick,
> 
> I've just been having this exact problem with the same sequence of events. It 
> turns out that I'd forgotten to increase the initial memory setting for the 
> VM and it was still set at the default of 512MB. Window 7 64bit requires at 
> least 2GB, so I set the initial memory for the VM to 2GB and BSoDs stopped.

Hi, jut wanted to thank you for the memory tip! I was pulling my hair out as I 
was having cdrom issues (computer not detecting cdrom) then figured I didn't 
need one so tried installing win7 only to get the bsod, now it (seems) to all 
be working great! Cheers!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be3eaca0-e0de-4c8b-afcf-69dedc3ed66d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] No /dev/cdrom present?

[gaikokujinkyofusho]

On Monday, June 6, 2016 at 6:01:07 AM UTC, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-06-05 16:02, gaikokujinkyofu...@gmail.com wrote:
> > For what its worth I found a clonezilla (debian, not sure what 
> > tinycore is) and tried boot flash drive and tried it as well, no 
> > cdrom, and no sr0 or sr1... I am thinking linux is not recognizing
> > my drive? When windows was installed I believe it did though?
> > 
> > Thoughts? Anyone?
> > 
> 
> It's possible that the optical drive is not Linux-compatible. The
> closest test would be baremetal Fedora 20, which dom0 is based on. I
> don't think many of us use optical drives with Qubes, so there isn't
> much advice to give.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXVUnVAAoJENtN07w5UDAwYQQP/i3Yw/UufQNI5O/LGj6ViQAF
> RpxVRqoX/Dp6wT5aasOOfT02mnSuwW3oo+vmQiH2xt/jI4LytbT5HIZToXQLgFDK
> OKzpyuudQdQMxblRPJVzNriMmEO/CmRcTUn29ZTuFICZrPZHipK8Yxs4PaWf9QAd
> 371QI7rZfgq7K5+Jj/Z2IMHE+hYp4h5QV6wvP8iXntbG06R8+xNkOqSjDCzfocOT
> 0AzaYexsFfNdahYZIVq9OkROjbqG4YdV0KHJWkyJO9f/UZVGW6oSwn7N4L7scN41
> 32ZsmbXvubZ8p5c7jpoNI3ZWmfDY/gQpYiXOITuIyCQXJ2Hy67iC0kfT+C7BxJCM
> RY9QOVKxr5zY9J1O5fTTic1f/18hn9sAkQYWe5keDoayujR1k0PUDoQ0pDmRpIkn
> vyROHpl1/Xd3eeyMDDdIa1ydUbB+jLNBWQR5zkLOzKzWGavowdOgA5jvxr49Bm+M
> DqTXi95uXLI8hjp1mD2e+eE6x5UCr8p7M3dnDvvAlX6yYyhPXsLRhhsvL1Y/e9Wr
> IGdGCUchP/dfGNq+kwBeppv4IR1h2c5vr8IsD4bVrs72eW4f+MB44zcDzpT88sF/
> 7O9DjeS8fvp9hrIeUh43menwamP6JjcD/1JAZ0lePtvuPwJmSeFR9jk+fMtH6+j8
> CVu8TnUGhbcliZ+wZRuB
> =Y4bH
> -END PGP SIGNATURE-

Thanks for the response. Its ok, really I also almost never use a cdrom but in 
following the instructions to make a windows 7 vm I thought I needed it. I will 
look if there is a way to make a windows vm w/o /dev/cdrom (or post if i can't 
find more info).

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60d35425-7d59-4e75-952f-eb8cfa7650cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] No /dev/cdrom present?

[gaikokujinkyofusho]

On Sunday, June 5, 2016 at 6:55:35 PM UTC+11, gaikokuji...@gmail.com wrote:
> On Saturday, June 4, 2016 at 12:57:20 PM UTC+11, gaikokuji...@gmail.com wrote:
> > On Thursday, June 2, 2016 at 9:16:16 PM UTC+13, Gaiko wrote:
> > > On Thursday, June 2, 2016 at 8:38:12 PM UTC+6:30, Chris Laprise wrote:
> > > > On 06/02/2016 06:40 PM, gaikokujinkyofu...@gmail.com wrote:
> > > > > Hi I wanted to create a win7 HVM and was going to start off by making 
> > > > > an iso from the CD I have but then I tried the simple dd 
> > > > > if=/dev/cdrom of=~/win7_image.iso and I get an error:
> > > > > dd: failed to open '/dev/cdrom': No such file or directory
> > > > >
> > > > > I tried this from the term in the personal dom, but then opened up 
> > > > > the term from the various doms (including dom0) to see if maybe the 
> > > > > cdrom would show up then? (I am still wrapping my head around how 
> > > > > Qubes works in terms of isolation, like would it perhaps isolate 
> > > > > certain doms from seeing certain devices?)
> > > > >
> > > > > Thoughts?
> > > > 
> > > > Try /dev/sr0 instead (in dom0). You can also try assigning it to a vm 
> > > > with 'qvm-block -a -ro vmname dom0:sr0'
> > > > 
> > > > ...but you have to put the disc in first and it doesn't always work.
> > > > 
> > > > Chris
> > > 
> > > Hi, thanks for the reply. I looked for sr0 as well, it doesn't seem to be 
> > > there either. Below is a list of the devs I have in dom0
> > > 
> > > Thoughts? (thanks in advance!)
> > > 
> > > total 4
> > > drwxr-xr-x  22 root root3820 Jun  2 21:13 .
> > > dr-xr-xr-x. 18 root root4096 Jun  2 14:49 ..
> > > crw---   1 root root 10, 235 Jun  2 20:23 autofs
> > > drwxr-xr-x   2 root root 480 Jun  2 21:13 block
> > > drwxr-xr-x   2 root root  80 Jun  2 21:13 bsg
> > > crw---   1 root root 10, 234 Jun  2 20:23 btrfs-control
> > > drwxr-xr-x   3 root root  60 Jun  2 16:21 bus
> > > drwxr-xr-x   2 root root3940 Jun  2 21:13 char
> > > crw---   1 root root  5,   1 Jun  2 20:23 console
> > > lrwxrwxrwx   1 root root  11 Jun  2 16:21 core -> /proc/kcore
> > > drwxr-xr-x   6 root root 120 Jun  2 16:21 cpu
> > > crw---   1 root root 10,  57 Jun  2 20:23 cpu_dma_latency
> > > crw---   1 root root 10, 203 Jun  2 20:23 cuse
> > > drwxr-xr-x   6 root root 120 Jun  2 21:13 disk
> > > brw-rw   1 root disk253,   0 Jun  2 20:23 dm-0
> > > brw-rw   1 root disk253,   1 Jun  2 20:23 dm-1
> > > brw-rw   1 root disk253,   2 Jun  2 20:23 dm-2
> > > brw-rw   1 root disk253,   3 Jun  2 20:23 dm-3
> > > drwxr-xr-x   2 root root 100 Jun  2 16:21 dri
> > > crw-rw   1 root video29,   0 Jun  2 20:23 fb0
> > > lrwxrwxrwx   1 root root  13 Jun  2 16:21 fd -> /proc/self/fd
> > > crw---   1 root root 10,  51 Jun  2 20:23 freefall
> > > crw-rw-rw-   1 root root  1,   7 Jun  2 20:23 full
> > > crw-rw-rw-   1 root root 10, 229 Jun  2 20:23 fuse
> > > crw---   1 root root250,   0 Jun  2 20:23 hidraw0
> > > crw---   1 root root 10, 228 Jun  2 20:23 hpet
> > > drwxr-xr-x   2 root root   0 Jun  2 20:23 hugepages
> > > crw--w   1 root tty 229,   0 Jun  2 20:23 hvc0
> > > crw---   1 root root229,   1 Jun  2 20:23 hvc1
> > > crw---   1 root root229,   2 Jun  2 20:23 hvc2
> > > crw---   1 root root229,   3 Jun  2 20:23 hvc3
> > > crw---   1 root root229,   4 Jun  2 20:23 hvc4
> > > crw---   1 root root229,   5 Jun  2 20:23 hvc5
> > > crw---   1 root root229,   6 Jun  2 20:23 hvc6
> > > crw---   1 root root229,   7 Jun  2 20:23 hvc7
> > > crw---   1 root root 10, 183 Jun  2 20:23 hwrng
> > > prw---   1 root root   0 Jun  2 20:23 initctl
> > > drwxr-xr-x   4 root root 560 Jun  2 20:23 input
> > > crw-r--r--   1 root root  1,  11 Jun  2 20:23 kmsg
> > > srw-rw-rw-   1 root root   0 Jun  2 16:21 log
> > > brw-rw   1 root disk  7,   0 Jun  2 20:23 loop0
> > > brw-rw   1 root disk  7,   1 Jun  2 20:23 loop1
> > > brw-rw   1 root disk  7,  10 Jun  2 20:38 loop10
> > > brw-rw   1 root disk  7,  11 Jun  2 20:48 loop11
> > > brw-rw   1 root disk  7,  12 Jun  2 20:48 loop12
> > > brw-rw   1 root disk  7,   2 Jun  2 20:23 loop2
> > > brw-rw   1 root disk  7,   3 Jun  2 20:23 loop3
> > > brw-rw   1 root disk  7,   4 Jun  2 20:23 loop4
> > > brw-rw   1 root disk  7,   5 Jun  2 20:23 loop5
> > > brw-rw   1 root disk  7,   6 Jun  2 20:23 loop6
> > > brw-rw   1 root disk  7,   7 Jun  2 20:48 loop7
> > > brw-rw   1 root disk  7,   8 Jun  2 20:48 loop8
> > > brw-rw   1 root disk  7,   9 Jun  2 20:38 loop9
> > > crw-rw   1 root disk 10, 237 Jun  2 20:23 loop-control
> > > drwxr-xr-x   2 root root 140 Jun  2 20:38 mapper
> > > crw---   1 root root 10, 227 

Re: [qubes-users] No /dev/cdrom present?

[gaikokujinkyofusho]

On Saturday, June 4, 2016 at 12:57:20 PM UTC+11, gaikokuji...@gmail.com wrote:
> On Thursday, June 2, 2016 at 9:16:16 PM UTC+13, Gaiko wrote:
> > On Thursday, June 2, 2016 at 8:38:12 PM UTC+6:30, Chris Laprise wrote:
> > > On 06/02/2016 06:40 PM, gaikokujinkyofu...@gmail.com wrote:
> > > > Hi I wanted to create a win7 HVM and was going to start off by making 
> > > > an iso from the CD I have but then I tried the simple dd if=/dev/cdrom 
> > > > of=~/win7_image.iso and I get an error:
> > > > dd: failed to open '/dev/cdrom': No such file or directory
> > > >
> > > > I tried this from the term in the personal dom, but then opened up the 
> > > > term from the various doms (including dom0) to see if maybe the cdrom 
> > > > would show up then? (I am still wrapping my head around how Qubes works 
> > > > in terms of isolation, like would it perhaps isolate certain doms from 
> > > > seeing certain devices?)
> > > >
> > > > Thoughts?
> > > 
> > > Try /dev/sr0 instead (in dom0). You can also try assigning it to a vm 
> > > with 'qvm-block -a -ro vmname dom0:sr0'
> > > 
> > > ...but you have to put the disc in first and it doesn't always work.
> > > 
> > > Chris
> > 
> > Hi, thanks for the reply. I looked for sr0 as well, it doesn't seem to be 
> > there either. Below is a list of the devs I have in dom0
> > 
> > Thoughts? (thanks in advance!)
> > 
> > total 4
> > drwxr-xr-x  22 root root3820 Jun  2 21:13 .
> > dr-xr-xr-x. 18 root root4096 Jun  2 14:49 ..
> > crw---   1 root root 10, 235 Jun  2 20:23 autofs
> > drwxr-xr-x   2 root root 480 Jun  2 21:13 block
> > drwxr-xr-x   2 root root  80 Jun  2 21:13 bsg
> > crw---   1 root root 10, 234 Jun  2 20:23 btrfs-control
> > drwxr-xr-x   3 root root  60 Jun  2 16:21 bus
> > drwxr-xr-x   2 root root3940 Jun  2 21:13 char
> > crw---   1 root root  5,   1 Jun  2 20:23 console
> > lrwxrwxrwx   1 root root  11 Jun  2 16:21 core -> /proc/kcore
> > drwxr-xr-x   6 root root 120 Jun  2 16:21 cpu
> > crw---   1 root root 10,  57 Jun  2 20:23 cpu_dma_latency
> > crw---   1 root root 10, 203 Jun  2 20:23 cuse
> > drwxr-xr-x   6 root root 120 Jun  2 21:13 disk
> > brw-rw   1 root disk253,   0 Jun  2 20:23 dm-0
> > brw-rw   1 root disk253,   1 Jun  2 20:23 dm-1
> > brw-rw   1 root disk253,   2 Jun  2 20:23 dm-2
> > brw-rw   1 root disk253,   3 Jun  2 20:23 dm-3
> > drwxr-xr-x   2 root root 100 Jun  2 16:21 dri
> > crw-rw   1 root video29,   0 Jun  2 20:23 fb0
> > lrwxrwxrwx   1 root root  13 Jun  2 16:21 fd -> /proc/self/fd
> > crw---   1 root root 10,  51 Jun  2 20:23 freefall
> > crw-rw-rw-   1 root root  1,   7 Jun  2 20:23 full
> > crw-rw-rw-   1 root root 10, 229 Jun  2 20:23 fuse
> > crw---   1 root root250,   0 Jun  2 20:23 hidraw0
> > crw---   1 root root 10, 228 Jun  2 20:23 hpet
> > drwxr-xr-x   2 root root   0 Jun  2 20:23 hugepages
> > crw--w   1 root tty 229,   0 Jun  2 20:23 hvc0
> > crw---   1 root root229,   1 Jun  2 20:23 hvc1
> > crw---   1 root root229,   2 Jun  2 20:23 hvc2
> > crw---   1 root root229,   3 Jun  2 20:23 hvc3
> > crw---   1 root root229,   4 Jun  2 20:23 hvc4
> > crw---   1 root root229,   5 Jun  2 20:23 hvc5
> > crw---   1 root root229,   6 Jun  2 20:23 hvc6
> > crw---   1 root root229,   7 Jun  2 20:23 hvc7
> > crw---   1 root root 10, 183 Jun  2 20:23 hwrng
> > prw---   1 root root   0 Jun  2 20:23 initctl
> > drwxr-xr-x   4 root root 560 Jun  2 20:23 input
> > crw-r--r--   1 root root  1,  11 Jun  2 20:23 kmsg
> > srw-rw-rw-   1 root root   0 Jun  2 16:21 log
> > brw-rw   1 root disk  7,   0 Jun  2 20:23 loop0
> > brw-rw   1 root disk  7,   1 Jun  2 20:23 loop1
> > brw-rw   1 root disk  7,  10 Jun  2 20:38 loop10
> > brw-rw   1 root disk  7,  11 Jun  2 20:48 loop11
> > brw-rw   1 root disk  7,  12 Jun  2 20:48 loop12
> > brw-rw   1 root disk  7,   2 Jun  2 20:23 loop2
> > brw-rw   1 root disk  7,   3 Jun  2 20:23 loop3
> > brw-rw   1 root disk  7,   4 Jun  2 20:23 loop4
> > brw-rw   1 root disk  7,   5 Jun  2 20:23 loop5
> > brw-rw   1 root disk  7,   6 Jun  2 20:23 loop6
> > brw-rw   1 root disk  7,   7 Jun  2 20:48 loop7
> > brw-rw   1 root disk  7,   8 Jun  2 20:48 loop8
> > brw-rw   1 root disk  7,   9 Jun  2 20:38 loop9
> > crw-rw   1 root disk 10, 237 Jun  2 20:23 loop-control
> > drwxr-xr-x   2 root root 140 Jun  2 20:38 mapper
> > crw---   1 root root 10, 227 Jun  2 20:23 mcelog
> > crw---   1 root root245,   0 Jun  2 20:23 media0
> > crw---   1 root root248,   0 Jun  2 20:23 mei0
> > crw-r-   1 root kmem  1,   1 Jun  2 20:23 mem
> > crw---   1 root root 10,  54 Jun  2 

Re: [qubes-users] No /dev/cdrom present?

[gaikokujinkyofusho]

On Thursday, June 2, 2016 at 9:16:16 PM UTC+13, Gaiko wrote:
> On Thursday, June 2, 2016 at 8:38:12 PM UTC+6:30, Chris Laprise wrote:
> > On 06/02/2016 06:40 PM, gaikokujinkyofu...@gmail.com wrote:
> > > Hi I wanted to create a win7 HVM and was going to start off by making an 
> > > iso from the CD I have but then I tried the simple dd if=/dev/cdrom 
> > > of=~/win7_image.iso and I get an error:
> > > dd: failed to open '/dev/cdrom': No such file or directory
> > >
> > > I tried this from the term in the personal dom, but then opened up the 
> > > term from the various doms (including dom0) to see if maybe the cdrom 
> > > would show up then? (I am still wrapping my head around how Qubes works 
> > > in terms of isolation, like would it perhaps isolate certain doms from 
> > > seeing certain devices?)
> > >
> > > Thoughts?
> > 
> > Try /dev/sr0 instead (in dom0). You can also try assigning it to a vm 
> > with 'qvm-block -a -ro vmname dom0:sr0'
> > 
> > ...but you have to put the disc in first and it doesn't always work.
> > 
> > Chris
> 
> Hi, thanks for the reply. I looked for sr0 as well, it doesn't seem to be 
> there either. Below is a list of the devs I have in dom0
> 
> Thoughts? (thanks in advance!)
> 
> total 4
> drwxr-xr-x  22 root root3820 Jun  2 21:13 .
> dr-xr-xr-x. 18 root root4096 Jun  2 14:49 ..
> crw---   1 root root 10, 235 Jun  2 20:23 autofs
> drwxr-xr-x   2 root root 480 Jun  2 21:13 block
> drwxr-xr-x   2 root root  80 Jun  2 21:13 bsg
> crw---   1 root root 10, 234 Jun  2 20:23 btrfs-control
> drwxr-xr-x   3 root root  60 Jun  2 16:21 bus
> drwxr-xr-x   2 root root3940 Jun  2 21:13 char
> crw---   1 root root  5,   1 Jun  2 20:23 console
> lrwxrwxrwx   1 root root  11 Jun  2 16:21 core -> /proc/kcore
> drwxr-xr-x   6 root root 120 Jun  2 16:21 cpu
> crw---   1 root root 10,  57 Jun  2 20:23 cpu_dma_latency
> crw---   1 root root 10, 203 Jun  2 20:23 cuse
> drwxr-xr-x   6 root root 120 Jun  2 21:13 disk
> brw-rw   1 root disk253,   0 Jun  2 20:23 dm-0
> brw-rw   1 root disk253,   1 Jun  2 20:23 dm-1
> brw-rw   1 root disk253,   2 Jun  2 20:23 dm-2
> brw-rw   1 root disk253,   3 Jun  2 20:23 dm-3
> drwxr-xr-x   2 root root 100 Jun  2 16:21 dri
> crw-rw   1 root video29,   0 Jun  2 20:23 fb0
> lrwxrwxrwx   1 root root  13 Jun  2 16:21 fd -> /proc/self/fd
> crw---   1 root root 10,  51 Jun  2 20:23 freefall
> crw-rw-rw-   1 root root  1,   7 Jun  2 20:23 full
> crw-rw-rw-   1 root root 10, 229 Jun  2 20:23 fuse
> crw---   1 root root250,   0 Jun  2 20:23 hidraw0
> crw---   1 root root 10, 228 Jun  2 20:23 hpet
> drwxr-xr-x   2 root root   0 Jun  2 20:23 hugepages
> crw--w   1 root tty 229,   0 Jun  2 20:23 hvc0
> crw---   1 root root229,   1 Jun  2 20:23 hvc1
> crw---   1 root root229,   2 Jun  2 20:23 hvc2
> crw---   1 root root229,   3 Jun  2 20:23 hvc3
> crw---   1 root root229,   4 Jun  2 20:23 hvc4
> crw---   1 root root229,   5 Jun  2 20:23 hvc5
> crw---   1 root root229,   6 Jun  2 20:23 hvc6
> crw---   1 root root229,   7 Jun  2 20:23 hvc7
> crw---   1 root root 10, 183 Jun  2 20:23 hwrng
> prw---   1 root root   0 Jun  2 20:23 initctl
> drwxr-xr-x   4 root root 560 Jun  2 20:23 input
> crw-r--r--   1 root root  1,  11 Jun  2 20:23 kmsg
> srw-rw-rw-   1 root root   0 Jun  2 16:21 log
> brw-rw   1 root disk  7,   0 Jun  2 20:23 loop0
> brw-rw   1 root disk  7,   1 Jun  2 20:23 loop1
> brw-rw   1 root disk  7,  10 Jun  2 20:38 loop10
> brw-rw   1 root disk  7,  11 Jun  2 20:48 loop11
> brw-rw   1 root disk  7,  12 Jun  2 20:48 loop12
> brw-rw   1 root disk  7,   2 Jun  2 20:23 loop2
> brw-rw   1 root disk  7,   3 Jun  2 20:23 loop3
> brw-rw   1 root disk  7,   4 Jun  2 20:23 loop4
> brw-rw   1 root disk  7,   5 Jun  2 20:23 loop5
> brw-rw   1 root disk  7,   6 Jun  2 20:23 loop6
> brw-rw   1 root disk  7,   7 Jun  2 20:48 loop7
> brw-rw   1 root disk  7,   8 Jun  2 20:48 loop8
> brw-rw   1 root disk  7,   9 Jun  2 20:38 loop9
> crw-rw   1 root disk 10, 237 Jun  2 20:23 loop-control
> drwxr-xr-x   2 root root 140 Jun  2 20:38 mapper
> crw---   1 root root 10, 227 Jun  2 20:23 mcelog
> crw---   1 root root245,   0 Jun  2 20:23 media0
> crw---   1 root root248,   0 Jun  2 20:23 mei0
> crw-r-   1 root kmem  1,   1 Jun  2 20:23 mem
> crw---   1 root root 10,  54 Jun  2 20:23 memory_bandwidth
> drwxrwxrwt   2 root root  40 Jun  2 16:21 mqueue
> drwxr-xr-x   2 root root  60 Jun  2 20:23 net
> crw---   1 root root 10,  56 Jun  2 20:23 network_latency
> crw---   1 root root 10,  55 Jun  2 20:23 

Re: [qubes-users] qubes-hcl-report error? (line 158: $HOME/$FILENAME.yml: ambiguous redirect)

[gaikokujinkyofusho]

On Saturday, June 4, 2016 at 7:40:50 AM UTC+13, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Fri, Jun 03, 2016 at 02:10:40PM -0700, Andrew David Wong wrote:
> > On 2016-06-02 16:04, gaikokujinkyofu...@gmail.com wrote:
> > > Since I finally got Qubes 3.1 working on my HP 8460p (thanks again
> > > to Marek for diag'ing the rdsosreport) and thought I would 
> > > generate/upload the HCL yml file as most things seem to be working 
> > > pretty well so far. Problem is I am not sure I am using it right
> > > as when I try typing qubes-hcl-report personal
> > > 
> > > which I thought would send the file to my personal dom doesn't
> > > seem to be working? I thought I would see a report named
> > > Qubes-HCL- somewhere in my personal dom's filesystem but
> > > nothing, and when I try to generate the report qubes-hcl-report
> > > gives me the following error:
> > > 
> > > /user/bin/qubes-hcl-report: line 158: $HOME/$FILENAME.yml:
> > > ambiguous redirect
> > > 
> > 
> > Hm, that's strange. Not sure what the problem is, since this command
> > works on my system. Are you running R3.1 with all updates?
> 
> It's about this bug:
> https://github.com/QubesOS/qubes-issues/issues/1994
> 
> The fix isn't yet uploaded to 3.1 repository.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJXUr45AAoJENuP0xzK19csS+EH/3E9992Jb1SngMz0EUJ/kWOK
> 0eAIj7NMVOqe+R1wEQcp5V+mqHiadephSSR3/E0zE7G/7zjLAcasombLdJ/dS+rX
> EklQAYYjxVhaQhoRDNbMuL7cMQ0GUFv7Bma5JcnFHeLx1jFTqvNw/bmKA3vVfVE5
> q0cc/xJ5nYwGHfBkLitsTz9Ehp/LLjmhVLd4BzYyhxBmO3uUV6FT//ja8GkUrmMA
> V2FFSrWyuHJvrQGhrl0SPF4greH1tODbbDGSTk6ePXATek2jTqw37gx3ENU/7G0f
> isTf3PC3qOI3w3Q15A7t/nUbXX0sr6yck40xAXAxVbNvaPwehFW3akDR+ZlIL5M=
> =pJ4F
> -END PGP SIGNATURE-

Ah, ok then, no biggie, will wait for the bug to be fixed then will upload my 
yml. Cheers.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/91fc1e3e-926c-4ad8-81ec-7106a587d929%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] No /dev/cdrom present?

[gaikokujinkyofusho]

Hi I wanted to create a win7 HVM and was going to start off by making an iso 
from the CD I have but then I tried the simple dd if=/dev/cdrom 
of=~/win7_image.iso and I get an error:
dd: failed to open '/dev/cdrom': No such file or directory

I tried this from the term in the personal dom, but then opened up the term 
from the various doms (including dom0) to see if maybe the cdrom would show up 
then? (I am still wrapping my head around how Qubes works in terms of 
isolation, like would it perhaps isolate certain doms from seeing certain 
devices?)

Thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b8b47aa-2b6e-44f6-8f7b-9bc8f09540bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.