[qubes-users] Re: I can't install Qubes 4.0
Do you have VT-x enabled? I managed to get mine installed when I changed the LCD/Display settings in the BIOS. This is not my strong point but it sounds like you are close... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc662bb9-e3bb-4ea9-8be3-bc3ca9b1077d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
> > 1) > can you update your templates otherwise? Yes I can update my templates > 2) > sudo apt-get install openvpn should have nothing to do with the later > step of install the tasket scrip-let . (not the tunnel) just > the VPN script on GitHub I was just hoping to make sure I haven't missed a basic step. It is my understanding the stock Debian-9 template that comes with 4.0 does not have OpenVPN installed. "sudo apt-get install openvpn" is all thats needed? Is there additional commands to install any dependencies? > 3) > if you Not talking about the "tunnel" script just the VPN tasket > script, why not leave the Template out of the equation and just > install the script in a fresh App-ProxyVM that "allows networking" > (proxy) Whats strange is I had the "Tunnel" script working prior to my fresh 4.0 install. The "VPN Tasket" also worked but moved to the "Tunnel" prior to my fresh install. I tried going back to the "App-ProxyVM" only(i.e. no template configuration) but it too didn't work > > and just leave Tor out of the whole puzzle IMO I'll try with out TOR to see if that changes anything... Thanks, V (Morlan - I used to connect my VPN proxy via sys-net -> VPN -> AppVM when I had this running...I would defer to other more seasoned Q users but consider multiple VPNs configured for different IPs, TOR over VPN...my thought was VPN thru sys-firewall consumed resources and wasn't sure it provided additional security...I would be open to being corrected if that is wrong) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48167f14-15c5-404b-a4e5-e4a97e21116e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Strangest thing, I did a fresh installation of Qubes and now I can't get this to work again? Sorry for the basic question but is there something I need to do to the fresh debian template after installation? I am trying to eliminate all possible issues but to install OpenVPN to the debian template: 1) I simply allow access to TOR or a network to get OpneVPN 2) Type : sudo apt-get install openvpn I am having the same issue with Fedora as well, could there be another reason for this not connecting? I get the "Waiting for connection" message but I don't get the "Link is up"... Thanks for any thoughts... V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43185fcd-09f6-470c-acab-23553d7af623%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I can't install Qubes 4.0
Having struggled with installation I have found trying different BIOS settings helps. Even what I thought was the most unrelated change in the BIOS sometimes worked including: Legacy only Turning off secure boot LCD settings Boot order I wish I had a specific answer but have you tried changing these settings? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f14962d-ecca-4605-bee9-3aa1caf5ca6b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Sorry correction to my notes: Using qTunnel: For Debian proxy, add OpenVPN package to your VPN template: su apt-get update && apt-get install openvpn unzip Download and transfer file to template https://github.com/tasket/qubes-tunnel.git cd “Then drag downloaded file into terminal from tasket” sudo bash ./install Create proxy AppVM using VPN template: sys-VPN Colour: Green Provides Network Checked connect to sys-net Launch settings - Checked Settings: Add files and Terminal to Applications Add “qubes-tunnel-openvpn” to services Move VPN config files to new proxy AppVM Open proxy AppVM terminal: sudo mkdir /rw/config/qtunnel sudo /usr/lib/qubes/qtunnel-setup --config Enter VPN name and password sudo mv “Then highlight the .pem, .crt and config file (renamed to xx.ovpn)” /rw/config/qtunnel Optional - Change config DNS: setenv tunnel_dns '208.67.222.222 208.67.220.220' cd /rw/config/qtunnel sudo ln -s xx.ovpn qtunnel.conf (xx is the VPN client config) Restart AppVM...look for “Links is up” pop-up https://github.com/tasket/qubes-tunnel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4bf9dd58-16af-48e7-b372-5c819946d402%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Here are my notes/instructions I made based on yours, I drag and drop some files into terminal(vs purely command lines): Using qTunnel: For Debian proxy, add OpenVPN package to your VPN template: su apt-get update && apt-get install openvpn unzip Download and transfer file to template https://github.com/tasket/qubes-tunnel.git cd “Then drag downloaded file into terminal from tasket” sudo bash ./install Create proxy AppVM using VPN template: sys-VPN Colour: Green Provides Network Checked connect to sys-net Launch settings - Checked Settings: Add files and Terminal to Applications Add “qubes-tunnel-openvpn” to services Move VPN config files to new proxy AppVM Open proxy AppVM terminal: sudo mkdir /rw/config/qtunnel sudo /usr/lib/qubes/qtunnel-setup --config Enter VPN name and password sudo mv “Then highlight the .pem, .crt and config file (renamed to “openvpn-client.ovpn)” /rw/config/qtunnel Optional - Change config DNS: setenv tunnel_dns '208.67.222.222 208.67.220.220' cd /rw/config/qtunnel sudo ln -s xx.ovpn qtunnel.conf (xx is the VPN client config) Restart AppVM...look for “Links is up” pop-up https://github.com/tasket/qubes-tunnel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/81279605-3256-4e42-a2c4-c62337fcfdf6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Adding this to my config: setenv tunnel_dns '208.67.222.222 208.67.220.220' instead of: setenv vpn_dns '208.67.222.222 208.67.220.220' worked. Both http://welcome.opendns.com/ and https://www.dnsleaktest.com/ show that OpenDNS are being used. I am more then happy to help test, I was planning to make the shift but my DNS wasn't working...all good now. Thanks for the help... I'll move my sys-VPNs to this new project...I was just reluctant to make the move as my DNS was not showing correct. All good now! Thanks again...if anything comes up I'll report back. If you want me to try something more then happy to help... Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bba2bdb-0253-4283-9be4-d8ce097e261a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Using debian 9, link indicates "Link is up", I get internet connection, https://www.dnsleaktest.com/ indicates my VPNs IP(despite "setenv vpn_dns '208.67.222.222 208.67.220.220'" in my vpn configuration) when I use this configuration... V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71b39261-7ea0-4259-a639-05a007c1cfa0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: Testing new VPN code for Qubes
Chris/Tasket, I am currently using this version: https://github.com/tasket/Qubes-vpn-support "Master version" I have this running in a proxy AppVM (Not in a template) Using PIA VPN service OpenDNS checks out OK I just tried this version in 4.0 in the template. Some notes feedback: 1) When I tried changing the DNS to OpenDNS in my config file: setenv vpn_dns '208.67.222.222 208.67.220.220' I then went to: http://welcome.opendns.com/ It failed and informed me I was not using OpenDNS. 2) The step 3. in the abbreviated instructions say to run: /usr/lib/qubes/qtunnel-setup --config However I had to run: sudo /usr/lib/qubes/qtunnel-setup --config I was able to get to the internetI didn't do any further testing. If you want me to try some things more then happy to help... Thanks again for the work. V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b86bb2c7-91db-4c6f-aa4d-a9de218eea88%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] The best compromise for a Laptop (Balance security with reality of implementation)?
I am exploring the best Qubes laptop based on the following criteria: 1) Secure/Privacy 2) Usability and maintenance for the layman in need of security 3) Price 4) New laptop Based on my research the most secure would be: Older laptops: G505 x220 T420 W520/W530 Pro: -price/value -Coreboot Cons: -only available as used/refurbished For a new, currently available on the market(a positive HCL report just came up): Lenovo - T480 I am sure other Lenovo work well...my experience has been good. Other products I have looked at include: Carbon 5/Developers - Recalled...potentially good in the future refurbished market. Huge value in the fact the Qubes developers use this laptop. A little expensive Purism - Libre or coreboot? with proprietery software in BIOs System 76 - Gaming PC primarily Thinpenguin - Libre or coreboot? with proprietery software in BIOs, manufacturer unsure of 4.0 compatability Talos2 - expensive(desktop only?) My specific questions are: 1) A lot of custom gaming laptop makers in the USA...any companies flashing Coreboot or Libre on new or refurbished laptops commercially for Linux? 2) My wish list would be able to crack open a laptop and flash coreboot(orLibre) but I am concerned this is just too techy. Is it hard to do? Is it hard to maintain? Hard to repeat? 3) How risky are the proprietery BIOS? Is this Nation state, Lenovo threats only? While I like my privacy I likely have bigger issues if they want access. How risky are "stock" BIOs from say a Lenovo...realistically/practically speaking. 4) Is Qubes still better then a Mac or PC even with proprietery BIOS? I am an open source purist(wannabe) but I need to balance usability/practicality. I am trying to understand and quantify the benefit of OSS BIOS and the security benefit balanced with ease of maintaining/implementing. While its frustrating the hardware compatability challenges, I like the hard stance Qubes makes on hardware "certification" Any feedback or dialogue is welcome. (PS Thanks for the forum members for prior posts and helping with the info above) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/118c3bcc-88c2-40a3-bfc5-902718a2636c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Errors on booting 4.0 and time is off? Otherwise working great!
I am getting ACPI errors when I boot, everything works, or at least I haven't seen a functionaility issue. I am however concerned and trying to understand implications from a functonal and security perspective. The errors are: [ 1.] ACPI Error: [\_PR_.CPU0._CST] Namespace lookup failure, AE_NOT_FOUND (###/pspargs-364) [ 1.] ACPI Error: Method parse/execution failed \_PR_.CPU3._CST] , AE_NOT_FOUND (###/psparse-550) [ 1.] ACPI Error: Method parse/execution failed \_PR_.CPU._CST] , AE_NOT_FOUND (###/psparse-550) Not sure this is related but my time is off by 5 hours in Qubes. My BIOS time is set correctlyalways seems to be 5 hour difference. My functionaility seems to be great Any thoughts on how I can get rid of the errors or if I should be worried about the errors? Thank you again -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ef594d2-37ad-4116-a78a-7785b66fd877%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Stock firewall vs a new created firewall in 4.0?
I created a new sys-firewall from the one that came with the installation of 4.0...is there anything special I need to do to make this the same as sys-firewall in terms of configuration? Its working: New appvm, provides networked=checked, connected to sys-net is what I did to create it. Thanks in advance... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f29d007c-e040-4f18-86dc-ae15e4ef1ce6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4.0 and Private Internet Access? Tasket VPN solution...
Manage to get this working on 4.0 using the Master! Below are my abreviated steps: Using Master File from Tasket Create proxy using VPN template: sys-VPN Green Provides Network Checked connect to sys-net Launch settings - Checked Settings: Add files and Terminal to Applications Add “vpn-handler-openvpn” to services Optional-Change DNS in your PIA config: setenv vpn_dns '208.67.222.222 208.67.220.220' sudo mkdir /rw/config/vpn sudo mv “highlight all 3 vpn files and drag to terminal here” /rw/config/vpn cd “Then drag master4 file into terminal from tasket” sudo bash ./install Close terminal, open new terminal: cd /rw/config/vpn sudo ln -s this_vpn.ovpn vpn-client.conf Restart new proxy vm Tasket...I needed to create the "/rw/config/vpn" file first, add my PIA files before I could get the Tasket file to "link". Thanks again for this solution...is there an ETA when this will be built into 4.0/4.1? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/410c5352-0625-40e1-b1aa-33372473eb4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo Thinkpad T480
Thanks for sharing...my understanding is you can get this Laptop new? Not sure if you know but this can come with either these processors: 8th Generation Intel® Core™ i7-8550U Processor (1.80GHz, up to 4.0GHz with Turbo Boost, 8MB Cache) or 8th Generation Intel® Core™ i7-8650U Processor with vPro (1.90GHz, up to 4.20GHz with Turbo Boost, 8MB Cache) Your HCL states you have the vPro... Would you or anybody know if you can get all the functionality including AEM with the i7-8550U (with out the vPro)? Is there a higher risk of attack with the vPro? Thanks for doing this HCL... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9b2132e-3224-44d6-a76a-0b251f5dd8f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes 4.0 and Private Internet Access? Tasket VPN solution...
Chris, I tried the Master and it didn't work, following your guidleines(and trying mine above). The Qubes4.0 version does work... Using a Debian template, setup entirely in a AppVM, using 4.0, I follow the instructions on Github: https://github.com/tasket/Qubes-vpn-support. After step 2 in your instructions, I am not prompted for username and password. I have tried running: sudo /usr/lib/qubes/qubes-vpn-setup --config after step 2 with out shutting down. No luck... When I shutdown and restart the proxy I am prompted for username and password in a terminal that doesn't allow me to copy username and password(I didn't try manually entering username/password). I close this terminal try running again: sudo /usr/lib/qubes/qubes-vpn-setup --config I tried changing the order of my steps with no luckI think it connected 1 time but have not been able to reproduce. Qubes4 works fine as a proxy...is qubes4.0 OK? Seems to work great... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e773da0a-a9da-46aa-b580-3a49d27d847c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
Correction to instructions I followed: Create proxy using VPN template: sys-VPN Green Provides Network Checked connect to sys-net Launch settings - Checked Settings: Add files and Terminal to Applications Initial memmory = 500mb Max memory = 4500 Add “vpn-handler-openvpn” to services Open a terminal and file manager in new proxy appVM: cd “Then drag qubes4 file into terminal from tasket/github” sudo bash ./install Enter VPN name and password Close terminal Reopen terminal Transfer XXX PIA config files into your new VPN AppVM: Change your PIA config file to “openvpn-client” and add DNS if wanting to use a DNS service other then PIA setenv vpn_dns 'IP of DNS provider' Move PIA files by running this command: sudo mv “Then highlight the .pem, .crt and config file (renamed to “openvpn-client.ovpn) and drag them into the terminal” /rw/config/vpn Final terminal commands to create .conf file: cd /rw/config/vpn sudo ln -s openvpn-client.ovpn vpn-client.conf Restart VM!!! Wait for “Ready to Connect” and “Link is UP” -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ce3d2efe-dc10-472b-a9c2-3062d1fed894%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
Once again Tasket/Chris thanks for the help...got it working with both Debian and Fedora in 4.0 running as a Appvm. The issue was in the .conf file/password linking and the order I was doing this. I think my debian issue was not having openvpn in the debian template. Is Qubes4 still the file to use? Great work and thanks again. V I followed these specific directions (kinda of a hybrid between terminal and GUI...inline with your instructions on github): Create new appvm Qube: For Debian proxy, add OpenVPN package to your VPN template: su apt-get update && apt-get install openvpn unzip Create proxy using VPN template: sys-VPN Green Provides Network Checked connect to sys-net Launch settings - Checked Settings: Add files and Terminal to Applications Initial memmory = 500mb Max memory = 4500 Add “vpn-handler-openvpn” to services Open a terminal and file manager in new proxy appVM: cd “Then drag qubes4 file into terminal from tasket/github” sudo bash ./install Enter VPN name and password Close terminal Reopen terminal Transfer Tasket/Qubes4 file and PIA config files into your new VPN AppVM: Change your PIA config file to “openvpn-client” and add DNS if wanting to use a DNS service other then PIA setenv vpn_dns 'IP of DNS provider' Move PIA files by running this command: sudo mv “Then highlight the .pem, .crt and config file (renamed to “openvpn-client.ovpn) and drag them into the terminal” /rw/config/vpn Final terminal commands to create .conf file: cd /rw/config/vpn sudo ln -s openvpn-client.ovpn vpn-client.conf Restart VM!!! Wait for “Ready to Connect” and “Link is UP” -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54bb1ca5-c093-47de-839b-0d4e822bdd02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
> > I pulled the logs, looked thru them, I didn't see any personal information. > > Seemed OK to past on the forum but sent them to you directly just in > > case...feel free to post any info for the greater good of the community. > > Thank you again for the help... > > > > I pulled the 3 files .crt, .pem and the renamed openvpn-client.ovpn file > > and put them into the VPN folder. > > Just FYI, putting all the configs (instead of selecting them) in /vpn is > easier. Thanks for that...I'll try that! > > Totally willing to try to "avoid > > the initial failure and restart, add a 2sec delay "sleep 2s" in rc.local > > just before the first systemctl command; it will start quicker." Would you > > be open to sharing the commands for this? > > The command is just "sleep 2s". If I am launching a VM from the GUI when would I put "sleep 2s" into the terminal? I am learning but not there yet... > > I am using "openvpn-ip" file from PIA under Advanced OpenVPN SSL > > Restrictive Configuration: > > https://www.privateinternetaccess.com/pages/client-support/ > > I then move each of the 3 individual files mentioned above into the > > /rw/config/vpn folder. > > > > Thanks again for the help... > > Got your log... I think the real culprit shows up here: > > "AUTH: Received control message: AUTH_FAILED" > > This could mean the user/password weren't entered correctly. You can see > how its stored by issuing this command: > > sudo cat /rw/config/vpn/userpassword.txt > > To fix it you can edit that file, or run the --config step again from > the instructions. Thanks for that tip...the password is good. Tested it with another application and it is correct and working. The VPN proxy also had the correct password. What else could this be? What I know: * This worked with 3.2 in Fedora but I experienced the same error with Debian in 3.2 * This worked for a brief moment in 4.0(fedora), had saved the beta file and was using that when it worked. I lost that older github/tasket file, I downloaded the 4.0 file and have not got it working again. * I get the "Ready to start link" but then no connection * This is new infromation but I can connect to my phone wireless but when I try another AP it can't connect. I am not sure this is relevant but in my network connection I get the following messages: Ethernet Network (vif6.0) Device not managedmy connection works Ethernet Network (vif.20) Device not managedmy connection DOES NOT work Tasket my gut tells me I have something else missing, if you can get it to work, I am getting a ready to connect message, I had it working. Would a BIO setting have an impact? When I boot I get this error: ERROR parsing PCC subspaces from PCCT [Failed] Failed to start Load Kernel Modules - Followed by [OK] started Apply Kernel Variable/[OK] Started Setup Virtual Console The struggle I am having is a lack of knowledge about how to trouble shoot this although you have taught me a lot Tasket thank you. Any other thoughts? I don't want to go back to 3.2 but with out a VPN/kill switch I don't see I have a choice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0ab23db-a923-4d81-a87c-a00df1055c7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
I pulled the logs, looked thru them, I didn't see any personal information. Seemed OK to past on the forum but sent them to you directly just in case...feel free to post any info for the greater good of the community. Thank you again for the help... I pulled the 3 files .crt, .pem and the renamed openvpn-client.ovpn file and put them into the VPN folder. Totally willing to try to "avoid the initial failure and restart, add a 2sec delay "sleep 2s" in rc.local just before the first systemctl command; it will start quicker." Would you be open to sharing the commands for this? I am using "openvpn-ip" file from PIA under Advanced OpenVPN SSL Restrictive Configuration: https://www.privateinternetaccess.com/pages/client-support/ I then move each of the 3 individual files mentioned above into the /rw/config/vpn folder. Thanks again for the help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0416e045-f71f-4cf7-a99e-d64c8270b925%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Error: Failed to synchronize cache for repo 'qubes-vm-r4.0-current' with Fedora and 4.0?
Worked like a charm! Thanks... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af024728-42aa-45c0-843a-46a4aa62402e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
Thanks Chris...again thank you for the effort! This tool is great... Does it matter that Private internet access provides 3 seperate files (key, cert and client config)? I have the proxy AppVM set up with "provides network"(proxy) checked, I have tried a setup in proxy only and a setup in Template/Proxy, PVH(tried PV...similar to 3.2)...I don't think it is the setup as much as the configuration of the template? I installed GNOME and Openvpn (Using those names specifically) in Debian, no additional packages installed in stock fedora... I feel like I am missing a very basic command or tweak, whonix works, wireless works, sys-firewall works...any help would be appreciated. It seems something releated to PIA VPN configuration or VPN-handler-openvpn Here are my logs/commands from your suggestions: root@sys-VPNb5:/home/user# ls -l /rw/config/qubes-firewall.d total 0 lrwxrwxrwx 1 root root 38 Apr 5 13:16 90_tunnel-restrict -> /usr/lib/qubes/proxy-firewall-restrict root@sys-VPNb5:/home/user# iptables -v -L FORWARD Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- eth0 any anywhere anywhere 0 0 DROP all -- anyeth0anywhere anywhere 0 0 ACCEPT all -- anyany anywhere anywhere ctstate RELATED,ESTABLISHED 0 0 QBS-FORWARD all -- anyany anywhere anywhere 0 0 DROP all -- vif+ vif+anywhere anywhere 0 0 ACCEPT all -- vif+ any anywhere anywhere 0 0 DROP all -- anyany anywhere anywhere I copied errors when I run journalctl: Apr 06 02:09:52 sys-VPNb5 gnome-terminal-[966]: unable to open file '/etc/dconf/db/local': Failed to open file '/etc/dconf/db/local': open() failed: No such file or directory; expect degra Apr 06 02:09:50 sys-VPNb5 systemd[664]: pam_unix(systemd-user:session): session opened for user user by (uid=0) Apr 06 02:09:50 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Control process exited, code=exited status=1 Apr 06 02:09:50 sys-VPNb5 systemd[1]: Failed to start VPN Client for Qubes proxyVM. Apr 06 02:09:46 localhost systemd[1]: Started Adjust root filesystem size. Apr 06 02:09:46 localhost kernel: Error: Driver 'pcspkr' is already registered, aborting... Apr 06 02:09:46 localhost mount-dirs.sh[351]: Private device management: fsck.ext4 of /dev/xvdb succeeded Apr 06 02:09:45 localhost kernel: xvdc: xvdc1 Apr 06 02:09:45 localhost kernel: EXT4-fs (xvda3): couldn't mount as ext3 due to feature incompatibilities Apr 06 02:09:45 localhost kernel: EXT4-fs (xvda3): couldn't mount as ext2 due to feature incompatibilities Apr 06 02:09:45 localhost kernel: EXT4-fs (xvda3): mounted filesystem with ordered data mode. Opts: (null) Apr 06 02:09:45 localhost kernel: EXT4-fs (xvdd): mounting ext3 file system using the ext4 subsystem Apr 06 02:09:45 localhost kernel: dmi-sysfs: dmi entry is absent. Apr 06 02:09:50 sys-VPNb5 systemd[1]: Started Serial Getty on hvc0. Apr 06 02:09:50 sys-VPNb5 systemd[1]: Reached target Login Prompts. Apr 06 02:09:50 sys-VPNb5 systemd[664]: pam_unix(systemd-user:session): session opened for user user by (uid=0) Apr 06 02:09:50 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Control process exited, code=exited status=1 Apr 06 02:09:50 sys-VPNb5 systemd[1]: Failed to start VPN Client for Qubes proxyVM. Apr 06 02:09:50 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Unit entered failed state. Apr 06 02:09:50 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Failed with result 'exit-code'. Apr 06 02:09:50 sys-VPNb5 systemd[664]: Listening on GnuPG network certificate management daemon. Apr 06 02:09:50 sys-VPNb5 systemd[664]: Listening on GnuPG cryptographic agent (ssh-agent emulation). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcabc134-6488-46c4-a359-bca31e0d365e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Error: Failed to synchronize cache for repo 'qubes-vm-r4.0-current' with Fedora and 4.0?
I think there is an issue with Fedora updates thru TOR... Any body willing to share the specific commands or instructions to change an update file from http to https? Here is the thread: https://github.com/QubesOS/qubes-issues/issues/3737 A potential solution was: "Try to modify /etc/yum.repos.d/qubes-r4.repo to use https instead of http." I didn't even know how to google the question? Any help would be surely appreciated... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3aa4b2e6-156c-49d6-a1b0-8a48f75ec246%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Help with 4.0 transition from 3.2?
Sorry lots of questions in 1 thread but thank you all for the responses: Question 1- The ACPI errors were: ERROR parsing PCC subspaces from PCCT [Failed] Failed to start Load Kernel Modules - Followed by [OK] started Apply Kernel Variable/[OK] Started Setup Virtual Console ACPI error: parse execution failed\_PR.CPU0PSParse-550 ACPI error: Namespace lookup failure\_PR.CPU1PSParge-364 ACPI error: Namespace lookup failure\_PR.CPU2PSParge-364 Using Legacy only boot, Lenovo notebook Question 2 - Still slow but functional for what I use this .iso for...the additional templates I can add with 4.0 kinda make me less interested in this functionality. All for the security!! Question 3, 4, 5 - I managed to delete the templates I wanted to. Did a fresh install and was smarter the second time. My advice would be to leave the current templates until you are comfortable with the new setup and how they work. 2nd time advice for templates in 4.0- *Make most configuration changes in the "core" template before creating a new"core"-dvm from which the disposable VMs are spawned from i.e. printer setups in "core" template *Make changes to firefox in the "new-dvm" that require browser ad-ons *Don't make any templates default until you get comfortable with multiple templates...painful to have to remove them from your VMs Pretty slick feature having multiple templates once you get used to managing them!! Thank you for the help... Question 6- Did a manual update in Dom0: sudo qubes-dom0-update "No updates needed or available"?? Couldn't remember the exact words but I had to do manual update and I think I am up-to-date. Question 7- I found the article(https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/) being considered with Qubes 4.0. I also remember it not being implemented yet but wasn't sure if one had the option to turn this feature off. I totally get the need to have enterprise embrace this project...it really is comforting knowing I am more secure but the remote feature is what turned me off MS and Apple. Just wanted to make sure I wasn't missing something... Going thru a few growing pains but if my questions helps others and the developers its the best I can do... Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/308af9a9-6391-4ffe-a65c-9af9fb350515%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...
I thought I would start a new thread, I had Taskets VPN solution working like a charm with 3.2 but when I transitioned to Qubes 4.0 it no longer worked. I did manage to get it working but I didn't capture my steps:( 3.2 thread: https://groups.google.com/forum/#!topic/qubes-users/FUQaRPWXPj8 I have been trying this for a few days but admit I am stumped... How do I trouble shoot and get this up? Notes: I am trying to use Debian 9 for this I was experiencing similar issues with Fedora(I didn't capture the logs) I get a message that my VPN VM is "Ready to start link" message I have tried using the 4.0 VPN file and the Master file (similar results) When I run "Su journalctl" on my VPN-VM I find these errors: Apr 05 10:15:12 sys-VPNb5 systemd[1]: Reached target Network is Online. Apr 05 10:15:12 sys-VPNb5 systemd[1]: Starting keep memory of all UPnP devices that announced themselves... Apr 05 10:15:12 sys-VPNb5 systemd[1]: Starting /etc/rc.local Compatibility... Apr 05 10:15:12 sys-VPNb5 qrexec-agent[560]: executed user:QUBESRPC qubes.SetMonitorLayout dom0 pid 649 Apr 05 10:15:12 sys-VPNb5 qubes-vpn-setup[636]: iptables: Bad rule (does a matching rule exist in that chain?). Apr 05 10:15:12 sys-VPNb5 qubes-vpn-setup[636]: Error: Firewall rule(s) not enabled! Apr 05 10:15:12 sys-VPNb5 systemd[1]: Starting Permit User Sessions... Apr 05 10:15:12 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Control process exited, code=exited status=1 Apr 05 10:15:12 sys-VPNb5 systemd[1]: Failed to start VPN Client for Qubes proxyVM. Apr 05 10:15:12 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Unit entered failed state. Apr 05 10:15:12 sys-VPNb5 systemd[1]: qubes-vpn-handler.service: Failed with result 'exit-code'. Apr 05 10:15:12 sys-VPNb5 su[633]: Successful su for user by root Apr 05 10:15:12 sys-VPNb5 su[633]: + ??? root:user Apr 05 10:15:12 sys-VPNb5 qrexec-agent[649]: pam_unix(qrexec:session): session opened for user user by (uid=0) Is there anybody who can help? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36678578-6a53-49ad-a530-a68a7d85f548%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Help with 4.0 transition from 3.2?
I recently transitioned to the new 4.0thank you Qubes Developers and Community for the effort and help. I really appreciate the better security. I managed to get 4.0 installed however I am having some challenges and concerns: 1) I am getting numerous ACPI erros when I boot? 4.0 seems to boot, I can login and function but I am concerned. Is this a concern? I didn't get these errors when booting 3.2. 2) I used to be able to download a .iso file, keep it in a VM and boot it from another VM. 3.2 even had a "Boot from .iso" function. I managed to get this working with 4.0 but it is extremely slow and sometimes doesn't work. Was the boot from .iso functionality removed? 3) I am struggling with customizing the DVMs. Specifically I can't delete a DVM. I tried the steps on this link: https://www.qubes-os.org/doc/dispvm-customization/ but it just didn't delete. Are there other instructions available? Maybe some one is willing to post there steps/commands? 4) I am unsure how to add a wireless printer into a DVM? I either can't install the driver i.e. Do I install software into e.g. Print-dvm(based on Debian-9-Gnome), Debian-9-Gnome Template, other? 5) Could be related to 4) above but I have been unable to get my printer to even provide an error(possible networking issue). In 3.2 I would add the printer to the Debian-9-Gnome template and then generate a new "DVM" 6) When I attempt to update Dom0 after install I get the pop-up from Dom0 that something is happening, I get the "green update" window(similar to 3.2) but then it just stops...no message about "No updates needed" or any response. Is my Dom0 up-to-date? 7) It is my understanding that 4.0 introduces a remote admin functionhow do I confirm this is OFF and can never be turned on? Please understand this is by no means critism...I truly do appreciate the new version and sense it is more secure with the PVH default and with the new code that is under the hood. Some things that worked well: * VPN by Tasket works great. * Love the clean and updated Debian/Fedora templates * Ability to swap templates and a VM and get the new programs refreshed * The potential of multiple DVMs and additional drop downs beyond just Firefox Any help with my questions above would be greatly appreciated and I would be happy to summarize the instructions for users having similar challenges now or going forward. Thanks again for the effort, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1b39fdf-44f1-43b2-a1ca-31ddc085e557%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] how to add "Files" manually to AppVM
In Debian you need to install it: su apt-get install nautilus By no means an expert...but I struggled with this in the Debian template AppVMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d24e398b-1f86-4ea0-898c-efaffabad6b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
My Fedora setup is still working great. Passes OpenDNS check when they are added to config, reconnects generally after I turn off my wireless. I am trying to get this to work with a stock Debian9 template(upgraded from Debian8 with stock install). I can't seem to get it to work with Debian, the closest I have come is to a pop-up alert saying "Ready to connect" or words to that effect. I feel like I am missing a basic step in adding OpenVPN. I am adding the following commands: su apt-get install openvpn apt-get install nautilus apt-get install network-manager-openvpn-gnome ? It just works using the Fedora 26 template(Not minimal template)... Any suggestions? Thanks in advance... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a96b06fc-0bec-43e1-9c20-806a66ce11cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Spilt-GPG help - 3.2
I am not sure if the "Split-GPG" is for email signing and encryption only but I am being prompted to enter a password for a VM that I use for email. Is this expected? I like the idea of a password to access this VM but is there a better way to secure this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c91db6ae-f686-4b88-a267-200543eeda2f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Enhancing Template security?
I am trying to harden my Fedora and Debian templates and was hoping for some basic help and commands to do the following: How would I enable sudo authentication in a Template? How would I add a service like Qubes-VM-hardening ? Should I enable AppArmor in a template and VM? Any other hardening best practices? Thanks you in advance...I am hoping these are easy for the layperson! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6206c49f-fb01-4163-9437-e0ed9560f4c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Spilt-GPG help - 3.2
I love Qubes! Kudus to those developing and helping on this forum...I am sure others would agree that the effort is greatly appreciated. I am hoping I can get some help with "split-GPG" setup and signing emails. Some notes and questions about my configuration: * I plan to use Thunderbird. * I have since created a new vault from default during installation - I have some files in this vault, documents, some passwords...I consider this non-networked VM my "vault", although I am just getting into certificates for email signing and email encryption. - Should I use this VM for my certificates(or a dedicated certificate VM) or is it a big no? * I found a good tutorial on creating certificates using GnuPG with QubesOS: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/ ( a little dated but did create test certificates...thanks Apapadop!) * I followed the steps in this Qubes-OS wiki: https://www.qubes-os.org/doc/split-gpg/ , however I get lost here: Setting up the GPG backend domain Make sure the gpg is installed there and there are some private keys in the keyring, e.g.: [user@work-gpg ~]$ gpg -K /home/user/.gnupg/secring.gpg - sec 4096R/3F48CB21 2012-11-15 uid Qubes OS Security Team ssb 4096R/30498E2A 2012-11-15 (...) How do I create this file: /home/user/.gnupg/secring.gpg ? Where do I keep my certificates in the "vault"? What commands or folders do I need to create? I tried finding more basic instructions but my "Googling" had no luck...how do I put private keys in my "vault" keyring and use Thunderbird in a seperate, dedicated VM to sign and encrypt my emails utilizing split GPG? Excuse me if this has already been answered or clarified in another post I couldn't find. Greatfully, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e9a52d7-1a30-45cf-ac17-f396280620cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
Pretty slick Chris... I just reconfigured with your Qubes4 (https://github.com/tasket/Qubes-vpn-support/tree/qubes4)...I assume it defaults to 1.4beta2. I added the following to the PIA OpenVPN config file: setenv vpn_dns '208.67.222.222' ...at the bottom of the config file and hit "save". I went to: https://support.opendns.com/hc/en-us/articles/227986567-How-to-test-for-successful-OpenDNS-configuration- and it showed it worked OpenDNS was "active". Question: 1) If I wanted to put both OpenDNS IPs into this would the addition to the config file look like this?: setenv vpn_dns '208.67.222.222 208.67.220.220' (i.e. space between the IPs) I'll keep you posted how it works on Qubes 3.2...not sure I can do any formal tests but it is working. Would be happy to try if you tell me how...otherwise I'll keep you posted on what I see. Thanks again for all you do...this is super hero type stuff!! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8caeab8c-eae5-4609-83b0-59138e7aa51b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
Again I have been using the Tasket VPN setup with Fedora 26 for a few weeks and it works well...love the kill switch element! I was hoping to beef up the security(maybe compromise the privacy) of the VPN service by adding OpenDNS or Quad9 DNS addresses to this configuration. My questions I was hoping to get some thoughts on were: 1) I was presented with a Phishing site the other day...understand I am being targetted so I am not suprised. Is OpenDNS, Quad9 better then others? Are there others that would provide just as good filtering? 2) Tasket I found some documentation in the Qubes-vpn-support-master (README.md file) and references the ability to change your DNS address: You can manually set your VPN's DNS addresses with: ``` export vpn_dns="" sudo /rw/config/vpn/qubes-vpn-ns up ``` How would I specifically change this? Is this a command? Would this be the specific command I would enter into my VPN VM if I was using OpenDNS: export vpn_dns="208.67.222.222 208.67.220.220" sudo /rw/config/vpn/qubes-vpn-ns up I am asking here in the spirit of maybe providing some help to people trying to do the same thing... Gratefully, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3725e34-23d7-4f11-9fc8-e6a3e607f57c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anonymizing your MAC Address with macchanger and scripts
Chris if you could replicate the simplicity in your instruction for a "kill-switc-VPN" for the this feature that would be awesome... This seems like a great feature...I am getting up to speed on the Linux commands but I suspect a lot of the laypeople(who likely need the security) would appreciate this feature if they could understand the detailed steps, even if simple. Thanks again for all you do V https://groups.google.com/forum/#!searchin/qubes-users/vpn$20github%7Csort:date/qubes-users/FUQaRPWXPj8/SMlPfhwuAgAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/861e424b-3955-4fb4-a6fa-2915ff776105%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] High spec laptop for Qubes OS
I know they were volunteered recalled but could be an opportunity for good refurb pricing... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0978efa7-9f08-41a1-b748-b4ada2b3ca28%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] High spec laptop for Qubes OS
I think a Lenovo is the way to go...the Qubes developers use them, the X1/Gen5 was mentioned as being popular with them. I googled and Max Ram is 16, however I went from 8-12 and more then satisfied with improvement. I wanted the X1 but thought it was out of my budget and thought I would look too cool using it:) gmx.com...your comment: > Notes: > There isn't much point using qubes with hardware that has ME/PSP, Is the ME/PSP risk more from a Governement/Intel threat or are the vulnerabilities with these features available to other threat vectors as well? Would appreciate your thoughts... Thanks again Qubes team... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eacb8b5a-1a38-474f-b05a-d431086e9554%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What does an AEM alert look like?
Curious as to what to look for with an AEM alert? Is there log? Does it alert you when you boot? Appreciate any thoughts... Thanks, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba7f6280-b857-4cd8-914e-d572142a451c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Proxy/firewall VM with template fedora-26-minimal non-functional
Try downloading a fresh fedora 26 template: https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ce65d625-a1a7-4eba-a3cb-8d35472f247f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem installing Qubes on Lenovo Thinkpad T450s
I am trying to load 3.2 onto a T450s, I'd like to keep Legacy mode as it allows me to have AEM. I was able to install using the same thumb(created using dd) on another computer, no problems, however I keep going back to "Test and install 3.2" when trying to load Qubes onto a T450s. I saw some users having similar challenges...any suggestions? Kind of a bummer thought I was getting a popular "all green" choice from the HCL list. Any help would be greatly appreciated V (I corrected an omission in this post: "I was able to install using the same thumb(created using dd) ON ANOTHER COMPUTER" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23fc9d9c-070e-49f6-a3bd-1c1026bb8a87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem installing Qubes on Lenovo Thinkpad T450s
I am trying to load 3.2 onto a T450s, I'd like to keep Legacy mode as it allows me to have AEM. I was able to install using the same thumb(created using dd), no problems, however I keep going back to "Test and install 3.2" when trying to load Qubes onto a T450s. I saw some users having similar challenges...any suggestions? Kind of a bummer thought I was getting a popular "all green" choice from the HCL list. Any help would be greatly appreciated V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89ebdc33-9f24-407e-b12a-9a53fee01f2b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
Thank you Tasket\Chris... Thanks for the education on trust/veracity/trustworthiness with Github. You and the Qubes team are doing a good thing! I really appreciate all the help... Thank you! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a06d65d-ee00-4ec8-bd2f-20b7d30bda0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
Thanks Chris(and "tasket"!)took me a few tries but I managed to get it going, I tweaked the implementation a bit(scarey). I was not however able to get this command going from step #3 of the Github guide: sudo /usr/lib/qubes/qubes-vpn-setup --config I doubt I did this right/well but when I went to DNSleaktest.com it showed no leaks. Couple of questions: * What security am I not getting by doing step #3? * Is using a script from Github good? Appreciate the lead but will this be sanctioned by the Qubes community long term? * How can I test the kill switch functionality? * Any feedback, comments, ways to do it better? Looking forward to those instructions Chris... My sketchy/newbie steps are detailed below: Create Proxy VM Make Green Proxy Connected to sys-Net - Name it Add Files and Firefox in applications (didn’t really need firefox as I could download it in a disposable and the move it to my new sys-VPN) Go to the services tab and add vpn-handler-openvpn then hit the + button Notes: * All commands were done in the proxy VM (No template was used) * Not a huge terminal expert, so used GUI for some things Download config files: https://github.com/tasket/Qubes-vpn-support hit the green Clone or Download button https://www.privateinternetaccess.com/pages/client-support/ (Download the “openvpn-ip.zip” file) specifically https://www.privateinternetaccess.com/openvpn/openvpn-ip.zip Unzip openvpn-ip.zip in download folder Manualy change name in file from “US East.ovpn” to “openvpn-client.ovpn” sudo mkdir /rw/config/vpn sudo mv “openvpn-client.ovpn” '/rw/config/vpn' sudo mv “.crt file” '/rw/config/vpn' sudo mv “.pem file” '/rw/config/vpn' cd '/home/user/Downloads/Qubes-vpn-support-master' Type cd(space)then drag and drop from downloads the whole “Qubes-vpn-support” from “Github” in your downloads folder(Manually Unzipped folder by double clicking) sudo bash ./install Enter VPN User name and password Close terminal cd /rw/config/vpn sudo ln -s openvpn-client.ovpn vpn-client.conf Restart VM Connect your VMs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b126ae28-d76a-4670-9f6a-3e8e200aa56b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Setting up privateinternetaccess on qubes 3.2
I have tried, tried, tried ...and tried and I am over my head! (Fedora 26, Qubes 3.2) I am stuck I tried this: https://www.qubes-os.org/doc/vpn/ and this, this was a pretty good video but unfortunately its not the same as PIAs config.: https://www.youtube.com/watch?v=K1_zqT7_N7k (Nice video internetz.me...learned a lot) Qubester I went down your path as well but wasn't sure where to go after. But couldn't really get off step 2 of the Qubes instructions...primarily due to my linux skills. Can anybody help? I got a NetVM working but with out a kill switch and credentials exposed it just doesn't work for me. Looking at the Qubes instructions, I was able to create the "sudo mkdir /rw/config/vpn" but then things fall apart. My specific questions from the VPN instructions that keep derailing me, specifically the basic commands needed are: 1) How do I copy files to: "Copy your VPN config files to /rw/config/vpn"? 2) "Create a file in the /rw/config/vpn folder with your credentials and using a directive"...how do I do this? 3) I haven't gotten further but suspect I'll have more questions. Anybody have a source for a tutorial...I have googled the h3ll out of this and more questions then answers. I will give you my first born(or a beer/wine!) for a step-by-step on how to do this! This seems like an absolute must feature but I am at my wits end. Help! Here are the sad instructions I have so far: sudo -s dnf install nano y mkdir /rw/config/vpn -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf4c87c9-6cd6-4108-bcad-26e5709f0489%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?
Is legacy BIOs still preferred and likely compatible with 4.0 when final? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40f6953b-3c11-42a7-914b-ac46970de69c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes update to fedora 26 but dnf still using fedora 23 repo
When you say upgraded did you install a fresh fedora 26 template? https://www.qubes-os.org/news/2018/01/06/fedora-26-upgrade/ I think the advice is not to "upgrade" from fedora 23 but to install a fresh template. Not sure thats your issue...if not I am not sure how to correct. Qubes rocks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19548009-a582-49d6-9838-eb35fdcebeac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] noscript xss warning on qubes os site
I got it in Fedora 26 appVM as well but the website was fedora.org. I am using 3.2... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab192c78-be63-4109-9187-47af9c5a0eee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DebianTemplate for DVM with additional software is flagging an update(despite already updated)? 3.2
Running Qubes 3.2the Debian Template I created for printing is showing an update is needed in my GUI interface (Green arrow pointing down). I updated this template and other Debian templates but my printer template keeps showing an update is needed? *Tried an update again from GUI-Terminal said nothing needed *Restarted computer *Did a manual update directly from terminal using: sudo apt-get update && sudo apt-get dist-upgrade Is there another option I can try before rebuilding the template? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58e39c33-b5e2-437e-9db5-e33e9d3959e5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Just installed AEM(Anti-Evil-Made)...see an error:(
Managed to find what was causing the error and how to remove the error: https://askubuntu.com/questions/778875/tpm-error-6-when-booting-thinkpad https://bugzilla.redhat.com/show_bug.cgi?id=1413409 In my BIOS I went to Security -> Security Chip -> Security Chip set to "Active" However this brings up additional BIOS setting questions... Any body have any thoughts on the best configuration for my default BIOS for a Lenovo? Specifically related to the "Security Chip" settings? Clear Security Chip? Intel TXT Feature? I am not sure I am comfortable yet with changing my BIOS to Coreboot but love the idea:) My threat vector is more from a well funded malicious hacker(vs Intel or a Government). Just trying to harden my PC the best I can... Any thoughts or advice would be greatly appreciated. Thanks, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d1eba89-166f-4d97-883f-a0a81abdfb2b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to reinstall template? (i think it's not enabled by repo)
No expert, but try: sudo yum remove qubes-template-whonix-ws then sudo qubes-dom0-update --enablerepo=qubes-templates-community \ qubes-template-whonix-ws You might have tried this but I had to do the whonix reinstall myself Source: https://www.qubes-os.org/doc/templates/ https://www.qubes-os.org/doc/remove-vm-manually/ https://www.qubes-os.org/doc/reinstall-template/ I hope this helps you... V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c764184a-bca2-49f4-8cd1-e0c013dd75fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Just installed AEM(Anti-Evil-Made)...see an error:(
I have been running Qubes for a few months now, numerous 3.2 installs, most recent install was a month or so ago on the the same PC. I just installed AEM for the first time. Everything still works, however in my BIOS I had "enabled" the ability to see notes/alerts during boot. Before I enabled AEM, I hadn't seen an error, however after enabling AEM I now see the following error during booting: "[ 6.387306] tpm tpm0: A TPM error (6) occurred attempting to read a pcr value" It boots and everything is working so far as I can see. Is this a concern I should be worried about? Thanks V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f62c5c15-059c-437f-bad1-df12d7afa3b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Basic setup verification tests for correct setup? VT-d? Other?
Thank you awokd and Yethal...learned a lot! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b7c9d444-1857-4ab1-be46-d5baffd83ba3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Basic setup verification tests for correct setup? VT-d? Other?
Thank you, a lot quicker results...the results were: XEN Intel VT-d iommu 0 supported page sizes: 4kB XEN Intel VT-d iommu 1 supported page sizes: 4kB XEN Intel VT-d Snoop Control not enabled XEN Intel VT-d Dom0 DMA Passthrough not enabled XEN Intel VT-d Queued Invalidation enabled XEN Intel VT-d Interrupt Remapping enabled XEN Intel VT-d Shared EPT tables not enabled Does this mean my VT-d functionality is working? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/575b25db-b804-4ac6-9b76-03f7b6163c0e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Basic setup verification tests for correct setup? VT-d? Other?
I am hoping some folks can help me with some basic tests and commands to verify my Qubes 3.2 is set up correctly: I ran a qubes command in Dom0 to verify if VT-d is working(https://www.qubes-os.org/doc/security-guidelines/): qubes-hcl-report AppVM (Name of "AppVM" I was running) The results were as follows: It listed my computer, BIOS, XEN version, etc... It also stated: HVM: Active I/O MMU: Active HAP/SLAT: Yes TPM: Device present Remapping: Yes Per some googling: "Alternatively, in dom0 (under Qubes OS or Xen more generally) you could grep for "virtualisation" or "VT-d". You should either see "I/O virtualisation enabled" or "I/O virtualisation disabled"...: In Dom0 I ran the command: grep "VT-d" grep "virtualisation" Nothing really happened after waiting 10 minutes...so I closed the terminal. My concerns are: I have VT-d and VT-x enabled in my BIOSam I actually using this feature? Any other commands or checks I can do to confirm my installation is done correctly? Thanks again and happy new years Qube group...thank you again for all you do! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6bc22877-3b4b-4c23-a59b-84f917f262eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] AEM? USB devices? Love the name but need guidance...running 3.2
I have read the instructions here: https://www.qubes-os.org/doc/anti-evil-maid/ In dom0: sudo qubes-dom0-update anti-evil-maid ...but still a little unsure how and where to set up AEM? My setup is as follows: a) I have setup a sys-usb with 2 devices selected in VM settings(working well!) b) I believe my threat is likely from something I click online or in email(including an attachment) c) I am concerned however with some one plugging in a malicious USB d) I am running qubes 3.2 on a laptop and do not have/need any peripheral USB devices such as mouse, webcam, etc. e) I do however need to plug in a thumbdrive and backup drive so I can backup my data and save/get files to and from a thumb drive. If I am reading the instructions correctly I need to make a choice between threat vector c) or d). My question are: 1) I have only selected 2 devices for my sys-usb yet have 3 USB slots on my laptop? Why is there not a 3rd device for me to select in my sys-usb? The 2 I have selected are labeled "00:1a.0" and "00:1d.0" followed by "USB controller..." 2) If I need to decide between threat vector c) or d). How would this command be different for each scneario? "sudo qubes-dom0-update anti-evil-maid"... 3) If I add AEM to my laptop can I still wipe my laptop and reinstall Qubes again? Sorry for the noobie question... Thanks, V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f73261c-5b94-4789-8aaf-dafadcdbdb16%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trying to get my head around a configuration for a VPN-Proxy VM and its firewall?
I have scenario #1 working...I checked DNS leak and was able to get different results depending on the VM I was on. Is this just likely to break due to the bug you reference? Scenario 2 was supposed to depict 3 separate sys-net, not running at the same time. clarified as follows: Clarrified Scenario #2 a) VMa--sys-vpn--sys-firewall---sys-net(Wireless and ethernet) b) VMb---sys-firewall---sys-net(Wireless and ethernet) c) VMc---sys-firewall---sys-net(Wireless and ethernet) If I want to get on VMa(VPN)...I would need to close all VMs in b) and c), if I wanted to get on VMb, I would need to close all VMs in a) and c), etc...pain in the but! But is this more secure due to multiple seperated sys-net? Scenario #3 clarified a) VMa--sys-vpn-sys-net(Wireless and ethernet) b) VMb--sys-firewallsys-net(Ethernet only) c) VMc--sys-firewallsys-net(Wireless only) #3 Scenario is insipired by this post(multiple sys-net's): Multiple sys-net: http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html ...is the only benefit of this configuration that I can use VMb and VMc at the same time? or is there better isolation with this config having multiple sys-net's? This assumes all VMs in a) and b) would need to be closed to get on VMa(VPN) Regarding the firewall rules in sys-vpn: Unfortunately (or fortunately?) my VPN provides a domain name instead of IPs e.g. VPNprovider.Canada.com, the VPN provider requires port 1194(UDP only), with user name/password and a local cert(all set up in the OpenVPN client in sys-vpn). In the sys-vpn VM firewall, I would "allow DNS queries" and "deny network access except": 1) put a rule that allows "*"(Which I believe allows "Any" domain/IP to pass, although it is limited to VPNprovider.Canada.com i.e. the Gateway in OpenVPN client )for "address", 2) port 1195 for "service" and 3) a protocol of "UDP". Wouldn't this block port 80, 443 and all other ports and only allow VPNprovider.Canada.com on port 1195 via UDP only? Therefor if VPN goes down all other ports 80, 443 would not be allowed? i.e. a kill switch?...similar to whats on the Qubes instructions except GUI configured? Similar to this post: https://github.com/Rudd-O/qubes-vpn Specifically: Firewall your VPN VM Open the Firewall rules tab of your new VPN VM's preferences page. Deny network access except for Allow DNS queries. If the VPN server is just an IP address (check the configuration given you by the VPN provider) then you do not have to Allow DNS queries at all. Add a single rule: Address: either * (all hosts) as address (use this when you do not know the IP address of the VPN server in advance, and all you have is a DNS host name), or the fixed VPN IP address (if your VPN configuration has a fixed IP address). Protocol: choose the protocol that your VPN server configuration indicates (TCP or UDP). Port number: type in the port number of your VPN server (with OpenVPN, it's typically 1194, 5000 or 443, but refer to your VPN configuration). Thanks for the thoughts...I know there are multiple questions here that are difficult for me to articulate. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbb5a97f-5693-479e-914a-8a75cf5f64ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Trying to get my head around a configuration for a VPN-Proxy VM and its firewall?
I just wanted to clarify my questions...I made some edits: > Scenario #1 > VM---sys-vpn--\ >\ > \ > VM-sys-firewall---sys-net > / > / > VM-/ > > > > Scenario #2 > VM--sys-vpn--sys-firewall---sys-net(Wireless and ethernet) > VM---sys-firewall---sys-net(Wireless and ethernet) > VM---sys-firewall---sys-net(Wireless and ethernet) > > > > Scenario #3 > VM--sys-vpn-sys-net(Wireless and ethernet) > VM--sys-firewallsys-net(Ethernet only) > VM--sys-firewallsys-net(Wireless only) > > > I am looking at configuring a VPN for 3.2 and I am trying to find the best > configuration and firewall settings balancing usability, efficiency and > security. My questions are: > > 1) If sys-net is not trustworthy do these scenarios matter from a security > perspective regarding sys-net? Scenario #1 I assume consumes the least > resources... > > 2) Regarding sys-vpn firewall...do these setting in effect create a kill > switch in my sys-vpn firewall?(I am only provided a URL from my VPN provider, > not the IPs), firewall settings in my sys-vpn firewall: > Address= * > Service= I enter the port number provided by my VPN provider > Protocol= I enter UDP or TCP depending on my VPN providers instructions? > > Thanks...any dialogue, options, opinions or answers are appreciated > > Happy holiday and thanks again Qubes! > > V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6969d994-fef0-4380-b1f4-daa42158e2aa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Trying to get my head around a configuration for a VPN-Proxy VM and its firewall?
Scenario #1 VM---sys-vpn\ \ \ VM-\sys-firewall---sys-net / / VM---/ Scenario #2 VM--sys-vpn--sys-firewall---sys-net(Wireless and ethernet) VM---sys-firewall---sys-net(Wireless and ethernet) VM---sys-firewall---sys-net(Wireless and ethernet) Scenario #3 VM--sys-vpn-sys-net(Wireless and ethernet) VM--sys-firewallsys-net(Ethernet only) VM--sys-firewallsys-net(Wireless only) I am looking at configuring a VPN for 3.2 and I am trying to find the best configuration and firewall settings balancing usability, flexibility and security. My questions are: 1) If sys-net is not trustworthy do these scenarios matter from a security perspective regarding sys-net? Scenario #1 I assume consumes the least resources... 2) Regarding sys-vpn firewall...do these setting in effect create a kill switch in my firewall?(I only have a URL, not the IPs): Address= * Service= I enter the port number from my VPN provider Protocol= I enter UDP or TCP depending on my VPN providers instructions? Thanks...any dialogue, options or answers are appreciated Happy holiday and thanks again Qubes! V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c3cd2c1-1d8e-4915-b15f-28d80f3bf433%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2: Debian 9 template fails to update 50% of the time
Thank you both! Not sure if thanking on this forum is appropriate as the post goes to the top but thanks anyway! Learnt a lot! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ec9d03c-dff8-4b2c-8d3b-6c8f1e210173%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Trying to download new Whonix templates and fedora 23 gets updated?
I am trying to download new whonix templates and I get the following(abbreviated): Time sync failed! - Exiting Using sys-firewall to download updates for Dom0... I then get (in red text) Qubes Templates repository Fedora 23... Qubes Dom0 Repository Fedora 23... No Packages downloaded Redirecting to '/usr/bin/dnf --exclude=qubesa list of all the templates including the 2 whonix template...(see "man yum2dnf") Qubes OS Repository for Dom0 Dependencies resolved. Nothing to do. [V@dom0 ~]$ ...and then an unhappy face on me as whonix doesn't load. Is there a way to fix this besides a complete Qubes install? Truly appreciate any help... V -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a69d105-fd58-4550-a4be-688cf1cfae67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2: Debian 9 template fails to update 50% of the time
I am struggling with this same issue...I find that after a restart I can do the update but wanted to do this right. I checked the link posted above: "User-initiated updates/upgrades may not run when a templateVM first starts. This is due to a new Debian config setting that attempts to update automatically; it can be disabled with systemctl disable apt-daily.timer" But as a rookie I am unsure of the specific terminal steps in my template. Any chance I can ask the Qubes community for help on the specific terminal commands to get this accomplished? I would truly appreciate the help...thank you and thank you Qubes! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e8c86c2-d98a-4eb1-be79-08bcac41d40a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Optimize my Lenovo T420 BIOS (or settings when I hit “ThinkVantage” during start-up)
I wanted to start by thanking all those who have made Qubes possible….the idea of a “reasonably” secure operating system is such a great thing! Not only do I think I am more secure but I feel more secure...again thank you! I am hoping some folks can help me harden and optimize my hardware/OS even more(described in very basic terms if possible): I am diving into optimizing my BIOS/hardware or in non-technical terms, optimize the settings I get when I “hit” the ThinkVantage button during start-up on my Lenovo T420(one of the most “greened” box hardware on the Qubes OS list (https://www.qubes-os.org/hcl/) and a “Qube core developer” reviewed hardware. 1) After entering “F1” I get a menu to make changes to Security and Time amongst other options, I have adjusted the following in order to secure and optimize my computer for Qubes OS: Security- a) Intel ® Virtualization Technology Enabled b) Intel ® VT-d Feature - Enabled I/O Port Access- a) Bluetooth Disabled b) Integrated Camera Disabled (also have a piece of tape on my camera...just in case:)) c) Microphone Disabled d) Fingerprint Raeder - Disabled 2) After hitting “Ctrl + p” I was introduced to Intel ME. I started reading about Intel ME (https://en.wikipedia.org/wiki/Intel_Management_Engine) and began to get concerned….I did manage to change the default password of “admin” but I am not sure what to change in “Intel ® ME General Settings” or “Intel ® AMT Configuration”. While Qubes is working as I want, no issue with connectivity, customizing VMs, printing (no USB devices, no desire for cameras or microphones, LibreOffice installed, email access, etc…). I am hoping I can harden and optimize my set-up for Security even more(maybe privacy and anonymity as well?). What other settings in these screens can I adjust to optimize Qubes OS? Thank you again in advance... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a55c5eae-f1c6-41fa-a4e9-1a7a4717bc47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
I am not sure of the pros and cons but I actually think its OK and makes sense. I like the restricted DVM having restrictions. Thanks again...and thanks Qubes team! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6e26cc8-7d45-43f3-a3c6-2f5349f6214c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
I managed to work it out! It is a wireless printer...thank you Unman...you rock! However my trouble shooting brought up another question: It appears as if the DVM launched from "work" inherits the firewall settings from "work"? Is that to be expected? All I needed to do was add my printers IP to my "work" firewall...is that correct? It does work! I have detailed the step-by-step instructions I followed below in case others want to do this. If I have done something wrong or there is a better way to do this...I am open to feedback. Installing wireless network HP Printer into Debian template for DVM: 1) Clone updated Debian Template for printer 2) Download “HPLIP” driver in disposable VM(from HP website) 3) Move drivers/downloaded file to “Cloned Debian Template for printer” 4) Move file to “Cloned Debian Template for printer” desktop 5) Open terminal in “Cloned Debian Template for printer” and type: cd Desktop sh hplip-3.17.11.run(“hplip-3.17.11.run” was the file name for my drivers) (when prompted for password type “su”) 6) Open printer settings in “Cloned Debian Template for printer” 7) Click “+” icon in the printer settings 8) Click “Network Printer” → “AppSocket/HP JetDirect” → enter printers ip address in “Host:” → “Forward” 9) A choose driver screen pops up → in my case I selected “HP” → I then selected my specific printer → this then allowed me to print a test page Additional Notes: * Assumes GNOME is installed (sudo tasksel → GNOME (use space bar to select GNOME) * Need to temporary allow network access to “Cloned Debian Template for printer” to print test page * If printing from “work” or other trusted VM, make sure to allow firewall access in “work” to printer IP if firewall for “work” is restricted * Change DVM to “Cloned Debian Template for printer” https://www.qubes-os.org/doc/dispvm-customization/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c91c606-2c59-41b4-84ae-4a5e6c6c958a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
I am using Qubes 3.2, I have a dedicated Debian Template for my more trusted VMs and a separate dedicated Debian Template for my DVMs with printer drivers installed. This is tricky but I will try to explain: I managed to get my printer set up using a Debian Template(printed Test Page fine from template). Changed my DVM to Debian, I can print a web page and document using a Dedicated Debian based DVM i.e. Q(Top left Q menu icon) -> DisposableVM...no issues with printing web pages and transfered docs from here! When I use a trusted VM(lets say my Work VM), I open a document using "Open in DisposableVM", I see the printer I set up, try to print and I get an error(something like "printer not connected")? What might cause this? Any thoughts on a fix? Thanks in advance... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ebb48684-2e63-4797-9189-b3cce4768e90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?
Ahhh...space bar! I think I tried every key except the biggest oneit worked! All working...thank you both and thank you to all who have made this OSS package possible! Probably going to try a fresh install again and start from scratch just to make sure. My only concern is I have Firefox ESR however I suspect it might be do to the order I originally updated the software. Thanks again... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d328f38c-a621-4861-ab5a-faac1945e1a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?
Thank you both for taking the time to help... Managed to upgrade the template, also managed to get my wifi working on debian-8 template(seems faster now to boot!). I found this post with instructions: 1) sudo apt install firmware-iwlwifi 2) sudo apt update && sudo apt upgrade However I am struggling with getting the Gnome desktop installed. I run 'sudo tasksel' and get the option to scroll down to GNOME, the red cursor seems to move however I am unable to select GNOME, I tried just leaving the red cursor on GNOME, hit enter(or OK) but nothing happens?? It simply closes and I go back to the terminal with user@debian... Sorry for the basic question but how do I select "GNOME" in this window?(I saw a "*" by googling but no keys seems to work. Thank you again...unfortunately I have been the target of an ongoing attack and having been hacked with Microsoft, then Apple I decided to go with Qubes as it is the most secure. But it has been a huge learning curve! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a678c02b-9332-4cda-aa5d-18d37ed53390%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?
On Sunday, November 19, 2017 at 4:03:44 PM UTC-6, Chris Laprise wrote: > On 11/19/2017 01:48 PM, v wrote: > > I have been using Qubes 3.2 for about 5 months and love it...thank you all > > who have contributed! > > > > I am a noobie so be gentle...I am also by no means an expert at Linux > > however I have been forced to learn quick. > > > > I managed to upgrade my Fedora template to 25 and have most of my VMs > > running on Fedora25 except for the default Debian8(Which I have reinstalled > > since my initial Qubes installation), my Whonix WS and GW are also > > defaults. I have also periodically upgraded these templates. > > > > I have some basic questions I am hoping I can get some help with: > > > > 1) It seems that alot of the experts use Debian as thier working > > VMs(Personal, Work, Banking, etc...) and have Fedora as the sys-firewall, > > sys-net, etc...is it more secure to use Debian in this way? Am I just as > > secure as using Fedora for my working VMs? I would have to think hacking > > Xen, then Fedora, then Debian would be harder... > > There are three issues that stand out for me: > > * Fedora is the only distro I've seen that doesn't sign their repository > manifest. The idea is if you want full security for updates you pay $$$ > for RHEL (Red Hat controls the Fedora project). > > * Fedora releases expire (stop getting security updates) after a > relatively short period (again, idea is pay $$$ to Red Hat for long-term > updates). > > * Fedora repositories are pretty sparse compared to the software > available in Debian and Ubuntu. > > These are the main reasons I choose to use Debian over Fedora. Debian > templates also work great for sys-net and firewall/VPN. > > > > 2) I have been able to copy/move files from Fedora VMs to other Fedora VMs > > but I have struggled to try and copy/move files from Debian(or Whonix-ws) > > to Fedora? Fedora has the "File" option from my "Q" menu(top right), when I > > am in the files I can right click and "Copy to Other AppVM" or "Open in > > DispVM". How do I access Debians version? > > The debian-8 template is close to a 'minimal' release and comes without > a file browser. You can copy from the terminal with the 'qvm-copy-to-vm' > command, or install a supported file browser (the one used in Fedora > template is nautilus). > > When installing nautilus, remember that its meant to work in concert > with the rest of Gnome... it may not work right if you install it by > specifying 'nautilus' (also you will have to install the python-gtk2 > package separately). The easiest way to get this working like it does in > Fedora is to run 'sudo tasksel' and select the Gnome desktop for > installation. > > -- > > Chris Laprise, > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Thank you Chris...instead of asking a myriad of follow up questions, do you or anybody else have some good resources for detailed "how tos" on how to configure the Debian Template for the laymans use? I managed to get LibreOffice loaded but my wish list would be an up-to-date Firefox, Nautilus(file manager) and what ever is required to get my wireless working with sys-net? I tried changing sys-net to Debian and my wireless wouldn't turn on(Couldn't find the option in my network icon in the top right of my screen). I would be happy to post these instructions back and submit them to the Qubes community if that is of value. Thank you again... I tried -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3cfa59a8-73af-4725-baa3-0843129a315b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?
I have been using Qubes 3.2 for about 5 months and love it...thank you all who have contributed! I am a noobie so be gentle...I am also by no means an expert at Linux however I have been forced to learn quick. I managed to upgrade my Fedora template to 25 and have most of my VMs running on Fedora25 except for the default Debian8(Which I have reinstalled since my initial Qubes installation), my Whonix WS and GW are also defaults. I have also periodically upgraded these templates. I have some basic questions I am hoping I can get some help with: 1) It seems that alot of the experts use Debian as thier working VMs(Personal, Work, Banking, etc...) and have Fedora as the sys-firewall, sys-net, etc...is it more secure to use Debian in this way? Am I just as secure as using Fedora for my working VMs? I would have to think hacking Xen, then Fedora, then Debian would be harder... 2) I have been able to copy/move files from Fedora VMs to other Fedora VMs but I have struggled to try and copy/move files from Debian(or Whonix-ws) to Fedora? Fedora has the "File" option from my "Q" menu(top right), when I am in the files I can right click and "Copy to Other AppVM" or "Open in DispVM". How do I access Debians version? Thanks in advance for any help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/00c1d251-d9a4-46bb-b808-6c9097f486ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.