Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 06:02 PM, balooney wrote: > the basic network is sys-net which is connected to sys-firewall > > if you connect your AppVm 'personal' with it you ll > use your original IP adress. > sys-net < sys-firewall < personal > > > > thats why I created a ProxyVM named 'vpn' > > my AppVm

[qubes-users] Loaded ethernet device modules in dom0, sound

2016-10-12 Thread johnyjukya
(Accidentally posted this to the tail of another thead; I assumed a subject change would create a new thread. Whoops. Reposting.) Why is it that the linux module for my ethernet device is loaded in dom0? There's obviously no networking, /proc/net/dev and ifconfig only show localhost. The

[qubes-users] Low memory, starting machines & assigning devices

2016-10-12 Thread johnyjukya
Hi, Qubers: Wonder if someone could tell me if this is normal/expected behaviour. (3.2rc3): If I have a few AppVM's running, at some point, the manager will refuse to start any more VM's, complaining about low memory. Similarly, assigning devices to running VM's will fail. (Most annoying.)

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Chris Laprise
On 10/12/2016 02:35 PM, Manuel Amador (Rudd-O) wrote: On 10/12/2016 06:02 PM, balooney wrote: the basic network is sys-net which is connected to sys-firewall if you connect your AppVm 'personal' with it you ll use your original IP adress. sys-net < sys-firewall < personal thats why I

[qubes-users] ReactOS instead of Win7?

2016-10-12 Thread Gaiko Kyofusho
I haven't seen much mention of ReactOS on the list but was thinking it *might* be worth trying a ReactOS AppVM as an alternative to a MS Windows AppVM but before I put myself through the frustration I thought I'd ask #1 The wisdom (or not) of the idea and #2

[qubes-users] Re: How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread pleomati
Maybe try this sudo gedit /etc/NetworkManager/dispatcher.d/vpn-up #! /bin/bash REQUIRED_CONNECTION_NAME="VM uplink eth0" ##or change to your conection name VPN_CONNECTION_NAME="example.vpn.com" default_conn=$(nmcli con show --active | grep "${REQUIRED_CONNECTION_NAME}") vpn_conn=$(nmcli con

[qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
It gives me great pleasure to release the first iteration of the leakproof Qubes VPN. https://github.com/Rudd-O/qubes-vpn This package allows you to set up a leakproof OpenVPN VM on your Qubes OS system. All VMs attached to the VPN VM are automatically and transparently routed through the VPN.

ANN: leakproof Qubes VPN (was Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?)

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 06:02 PM, balooney wrote: > how can I force my appvm to not connect to the internet of my sys-firewall > and only with the vpn ? As promised: https://github.com/Rudd-O/qubes-vpn This package allows you to set up a leakproof OpenVPN VM on your Qubes OS system. All VMs attached to

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 07:58 PM, Chris Laprise wrote: > > This requirement is already satisfied in the Qubes VPN doc: > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts > > > The scripts will stop non-VPN traffic and make sure that DNS operates > through

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread 7v5w7go9ub0o
On 10/12/2016 09:35 PM, Manuel Amador (Rudd-O) wrote: It gives me great pleasure to release the first iteration of the leakproof Qubes VPN. https://github.com/Rudd-O/qubes-vpn This package allows you to set up a leakproof OpenVPN VM on your Qubes OS system. All VMs attached to the VPN VM are

Re: [qubes-users] Upgraded to 3.2 - now my desktop is wrong

2016-10-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-12 00:56, galt...@gmail.com wrote: > I upgraded to 3.2 by backing up in 3.1 and restoring in 3.2. I was using xfce > in 3.1 and had 4 workspaces (or activities) and each had its own background > image and I had different icons placed on

Re: [qubes-users] Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-12 01:50, Robert Mittendorf wrote: > If I use /usr/bin/qvm-run to open an application in an disposible VM, the > dispVM inherits some setings from the calling VM > > example: I use > > /usr/bin/qvm-run --dispvm firefox > > In work-VM.

[qubes-users] Re: Thoughts about installed software

2016-10-12 Thread pleomati
https://www.qubes-os.org/doc/vm-sudo/ you can configure root account during instalaton process.If you want to have more secure apps then maybe use SElinux| Apparmor for additional security layer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group.

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Robert Mittendorf
Well, the discussion leaves the focus I intended it to have. It is surely worth thinking about what a minimum templates needs to have. Nevertheless I think Qubes is about "I know I can get exploited, so just protect the other parts of the system". Afaik a normal Qubes template has only the root

[qubes-users] Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread Robert Mittendorf
If I use /usr/bin/qvm-run to open an application in an disposible VM, the dispVM inherits some setings from the calling VM example: I use /usr/bin/qvm-run --dispvm firefox In work-VM. My work-VM is configured to allow intranet IPs only. The starting dispVM is blue like the work VM, even

[qubes-users] Upgraded to 3.2 - now my desktop is wrong

2016-10-12 Thread galthop
I upgraded to 3.2 by backing up in 3.1 and restoring in 3.2. I was using xfce in 3.1 and had 4 workspaces (or activities) and each had its own background image and I had different icons placed on each one. Now in 3.2 there are 4 workspaces but no icons and the same background. If I add an icon

Re: [qubes-users] Random MAC addresses working in Network Manager 1.4.2

2016-10-12 Thread Andrew
Chris Laprise: > On 10/03/2016 03:05 PM, Chris Laprise wrote: >> Network Manager 1.4.2 has been testing very well for me the last few >> days... >> >> This new version appears to randomize MAC addresses properly, and the >> feature set has evolved to the point where the randomization process >> is

[qubes-users] Why is whonix-ws necessary?

2016-10-12 Thread jkitt
Wouldn't an appvm, with the tor browser, and netvm set to sys-whonix do the same thing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/09/2016 12:44 AM, Dima Puntus wrote: > Hi, > > After testing Qubes for a few weeks (3.1, 3.2-rc1,2&3), here's my 2 cents: > > It's a great OS in many aspects but still unusable outside of the > small group of the "terminal only" ppl. Reason # 1 is graphics. In > this day and age it's

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread Robert Mittendorf
Am 10/12/2016 um 04:00 PM schrieb 7v5w7go9ub0o: On 10/11/2016 09:30 AM, Robert Mittendorf wrote: Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-,

Re: [qubes-users] Why it so big secret?

2016-10-12 Thread Mathew Evans
On Tuesday, 11 October 2016 23:37:33 UTC+1, Desobediente wrote: > Additionaly, the Bumblebee howto is here:  > https://fedoraproject.org/wiki/Bumblebee There is nothing new about these and frankly anyone could have found them via google just looking, if you managed to get Nvidia working on Q3.2

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread 7v5w7go9ub0o
On 10/12/2016 02:22 PM, Robert Mittendorf wrote: Am 10/12/2016 um 04:00 PM schrieb 7v5w7go9ub0o: On 10/11/2016 09:30 AM, Robert Mittendorf wrote: Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert, > However I would not use the "move to VM" command like this, as I > experienced those requests getting lost One time files were > actually deleted, since that time I always use copy instead of > move. Sounds troubling. Do you

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread 7v5w7go9ub0o
On 10/11/2016 09:30 AM, Robert Mittendorf wrote: Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-, SSH-Clients) So you better do not install non-universal

Re: [qubes-users] ANN: Qubes network server

2016-10-12 Thread Jeremy Rand
Manuel Amador (Rudd-O): > Folks, it gives me great pleasure to announce the product of over two > years of work (primarily because I never paid enough attention to this > project to bring it to completion): Qubes network server. > > The traditional Qubes OS networking model contemplates a

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Oct 12, 2016 at 01:30:30PM +, Manuel Amador (Rudd-O) wrote: > On 09/09/2016 12:44 AM, Dima Puntus wrote: > > Hi, > > > > After testing Qubes for a few weeks (3.1, 3.2-rc1,2&3), here's my 2 cents: > > > > It's a great OS in many aspects

[qubes-users] SMB mount point location

2016-10-12 Thread John Maher
Hello, I'm trying to access file on the command line through an SMB mount point that is created in the GUI. I'm using a debian-8 AppVM and connecting to an SMB share in a Files window, but I cannot find a mount point for the share. I would expect it to be in /run/users/1000/.gvfs, but there's

Re: [qubes-users] Qubes on a dedicated server

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/30/2016 01:05 PM, Patrick Schleizer wrote: > Does anyone ever try this? > > Did it work? Any experiences? > I wrote software for this purpose: https://github.com/Rudd-O/qubes-network-server Enjoy! -- Rudd-O http://rudd-o.com/ -- You received this message because you are

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 08:50 AM, Robert Mittendorf wrote: > Well, the discussion leaves the focus I intended it to have. > It is surely worth thinking about what a minimum templates needs to have. > Nevertheless I think Qubes is about "I know I can get exploited, so > just protect the other parts of the

Re: [qubes-users] Upgraded to 3.2 - now my desktop is wrong

2016-10-12 Thread Qubed One
galt...@gmail.com: > I upgraded to 3.2 by backing up in 3.1 and restoring in 3.2. Did you back up dom0 in 3.1? That is where such configs are. > I was using xfce in 3.1 and had 4 workspaces (or activities) and each had its > own background image and I had different icons placed on each one.

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread Drew White
On Thursday, 13 October 2016 04:23:56 UTC+11, nezn...@xy9ce.tk wrote: > https://www.qubes-os.org/doc/install-nvidia-driver/: > "You will need any Fedora 18 system to download and build packages. You can > use Qubes AppVM for it, but it isn’t necessary." > > i'm going here

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Oct 12, 2016 at 09:35:45PM +, Manuel Amador (Rudd-O) wrote: > It gives me great pleasure to release the first iteration of the > leakproof Qubes VPN. > > https://github.com/Rudd-O/qubes-vpn > > This package allows you to set up a

Re: [qubes-users] Upgraded to 3.2 - now my desktop is wrong

2016-10-12 Thread Gal Thop
I used whatever versions of xfce that come with qubes 3.1 and 3.2. I didn't install or update any extra versions. On 12 Oct 2016 22:55, "Andrew David Wong" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-10-12 00:56, galt...@gmail.com wrote: > > I

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Chris Laprise
On 10/12/2016 06:18 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Oct 12, 2016 at 09:35:45PM +, Manuel Amador (Rudd-O) wrote: It gives me great pleasure to release the first iteration of the leakproof Qubes VPN.

[qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-10-12 Thread equi488
Can you let me know how things function under 3.2? Any improvements? I am keen to get the X1 4th generation but I want to make sure it has full Qubes compatibility since that will be it's primary purpose. -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Low memory, starting machines & assigning devices

2016-10-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Oct 12, 2016 at 06:23:25PM -, johnyju...@sigaint.org wrote: > Hi, Qubers: > > Wonder if someone could tell me if this is normal/expected behaviour. > (3.2rc3): > > If I have a few AppVM's running, at some point, the manager will

[qubes-users] Re: Low memory, starting machines & assigning devices

2016-10-12 Thread pleomati
Changing default memory assign values for dom0 and appVM may also help.Default value for that is up 4GB which is huge amount of RAM and it work corectly on 1 GB or lower. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Chris Laprise
On 10/12/2016 05:40 PM, Manuel Amador (Rudd-O) wrote: On 10/12/2016 07:58 PM, Chris Laprise wrote: This requirement is already satisfied in the Qubes VPN doc: https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts The scripts will stop non-VPN

[qubes-users] USB over IP (Network Gateway)

2016-10-12 Thread equi488
Very interested to know if any reason why a USB network gateway software would not work in Qubes? For anyone interested, a USB network gateway provides USB functionality to a client over IP. USB network gate by Eltima has Linux, Windows, Mac OS X and android client applications

[qubes-users] Re: 4th gen X1 Carbon graphics issues

2016-10-12 Thread equi488
Do these issues persist under the latest release of Qubes 3.2? I am interested in buying a X1 4th generation. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Drew White
On Thursday, 13 October 2016 00:39:04 UTC+11, Manuel Amador (Rudd-O) wrote: > On 10/12/2016 05:25 AM, Drew White wrote: > > > > So what do those packages require as dependancies though? > > The dependancies are also required for full integration. > > Just saying, there is more than just

[qubes-users] Re: ANN: Qubes network server

2016-10-12 Thread Manuel Amador (Rudd-O)
Update: I have dramatically enhanced the documentation of the project: * https://github.com/Rudd-O/qubes-network-server * https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20your%20first%20server.md *

Re: [qubes-users] Qubes for running virtual servers

2016-10-12 Thread Manuel Amador (Rudd-O)
On 08/23/2016 04:07 PM, darren...@redskiesgroup.com wrote: > How does Qubes perform as the host OS in a virtualised server environment? > > I'm thinking of a configuration where the host OS is Qubes with VM's running > for things like a virtualised email server, IDS server, perhaps a Tor relay >

Re: [qubes-users] Qubes server?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 07/31/2016 12:04 AM, Manuel Amador (Rudd-O) wrote: > Hello! > > I want to roll my own Qubes server — software-defined networking, remote > VM management, all the goodies that come with Qubes like volatile VMs > and VM templates — but I have had real trouble writing code to "undo" > some of the

[qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread balooney
the basic network is sys-net which is connected to sys-firewall if you connect your AppVm 'personal' with it you ll use your original IP adress. sys-net < sys-firewall < personal thats why I created a ProxyVM named 'vpn' my AppVm 'Personal' has this ProxyVM named 'vpn' selected as NetVM

Re: [qubes-users] Re: Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/13/2016 05:52 AM, Vít Šesták wrote: > Well, the points you have mentioned are also dubious for mainstream Linux > environment, not only for Qubes, because they suppose a malicious app already > installed in the system. They do not presuppose that. They merely presuppose an app has been

Re: [qubes-users] SMB mount point location

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 12:55 PM, John Maher wrote: > Hello, > > I'm trying to access file on the command line through an SMB mount point that > is created in the GUI. I'm using a debian-8 AppVM and connecting to an SMB > share in a Files window, but I cannot find a mount point for the share. I > would

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Alex
On 10/12/2016 06:04 PM, Manuel Amador (Rudd-O) wrote: > On 10/12/2016 01:38 PM, Marek Marczykowski-Górecki wrote: >> >> >> AFAIR this particular problem was fixed (not sure if in xen 4.6 or >> 4.7). >> > > Is there support for upgrading dom0 to Fedora 24? > The main problem is, does the

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 01:38 PM, Marek Marczykowski-Górecki wrote: > > > AFAIR this particular problem was fixed (not sure if in xen 4.6 or 4.7). > Is there support for upgrading dom0 to Fedora 24? -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the

Re: [qubes-users] Why it so big secret?

2016-10-12 Thread neznaika
>This should be here: https://www.qubes-os.org/doc/install-nvidia-driver/ >Have you tried that? well... i'm stuck on line "You will need any Fedora 18 system to download and build packages. You can use Qubes AppVM for it, but it isn’t necessary." i'm going here

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread neznaika
https://www.qubes-os.org/doc/install-nvidia-driver/: "You will need any Fedora 18 system to download and build packages. You can use Qubes AppVM for it, but it isn’t necessary." i'm going here https://www.qubes-os.org/doc/templates/fedora-minimal/ and try create the template: sudo

Re: [qubes-users] Why is whonix-ws necessary?

2016-10-12 Thread entr0py
jkitt: > Wouldn't an appvm, with the tor browser, and netvm set to sys-whonix do the > same thing? > No. You can see which differences are applicable to you here: https://www.whonix.org/wiki/Other_Operating_Systems#Security_Comparison:_Whonix-Download-Workstation_vs._Whonix-Custom-Workstation

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread neznaika
> Then set up the Repos. Pls tell me how you did it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Oct 12, 2016 at 07:55:54PM +, Manuel Amador (Rudd-O) wrote: > On 10/12/2016 04:05 PM, Alex wrote: > > On 10/12/2016 06:04 PM, Manuel Amador (Rudd-O) wrote: > >> On 10/12/2016 01:38 PM, Marek Marczykowski-Górecki wrote: > >>> > >>> AFAIR

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread Drew White
On Thursday, 13 October 2016 13:12:20 UTC+11, nezn...@xy9ce.tk wrote: > > Then set up the Repos. > Pls tell me how you did it? Since 18 repos aren't around on the live server any more, you need to find the archive link from fedora. Since I'm not at home I don't have it right infront of me at

[qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread raahelps
feature. I use to make menu shortcuts to launch programs in dispvms inheriting firewall rules. But xfce only lets you edit already existing rules, not create new ones :( editing a config file is a little too much effort for me lol. -- You received this message because you are

[qubes-users] Re: ReactOS instead of Win7?

2016-10-12 Thread Drew White
On Thursday, 13 October 2016 07:48:24 UTC+11, Gaiko Kyofusho wrote: > I haven't seen much mention of ReactOS on the list but was thinking it > *might* be worth trying a ReactOS AppVM as an alternative to a MS Windows > AppVM but before I put myself through the frustration I thought I'd ask #1

[qubes-users] Re: ReactOS instead of Win7?

2016-10-12 Thread Drew White
On Thursday, 13 October 2016 07:48:24 UTC+11, Gaiko Kyofusho wrote: > I haven't seen much mention of ReactOS on the list but was thinking it > *might* be worth trying a ReactOS AppVM as an alternative to a MS Windows > AppVM but before I put myself through the frustration I thought I'd ask #1

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread raahelps
On Wednesday, October 12, 2016 at 10:44:06 PM UTC-4, raah...@gmail.com wrote: > On Tuesday, October 11, 2016 at 9:50:23 PM UTC-4, nezn...@xy9ce.tk wrote: > > i readed that proprietary driver better than free driver. Because with free > > driver you'll get hot laptop and because free driver can't

[qubes-users] Re: Why it's so big secret?

2016-10-12 Thread raahelps
On Tuesday, October 11, 2016 at 9:50:23 PM UTC-4, nezn...@xy9ce.tk wrote: > i readed that proprietary driver better than free driver. Because with free > driver you'll get hot laptop and because free driver can't adjust rotate of > the fan and etc.. > How i can add the repo? Can you write me?

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Chris Laprise
On 10/12/2016 10:58 PM, entr0py wrote: Manuel Amador (Rudd-O): On 10/12/2016 07:58 PM, Chris Laprise wrote: This requirement is already satisfied in the Qubes VPN doc: https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts The scripts will stop

[qubes-users] Tracking changes to *which* packages are installed by default

2016-10-12 Thread Jean-Philippe Ouellet
Hello, Is there a recommended way to track default-installed packages on an already-installed system? I just independently re-discovered the fix for the un-muting problem [1][2] and the hard way because the fix [3][4] (patch to qubes-installer-qubes-os) appears to not have propagated to my

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 10:18 PM, Marek Marczykowski-Górecki wrote: > On Wed, Oct 12, 2016 at 09:35:45PM +, Manuel Amador (Rudd-O) wrote: > > It gives me great pleasure to release the first iteration of the > > leakproof Qubes VPN. > > > https://github.com/Rudd-O/qubes-vpn > > > This package allows you

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/13/2016 03:13 AM, Chris Laprise wrote: > Here is a rundown of initial concerns... > > * Routing tables should not be manipulated when VPN clients will > surely do this as well The program prohibits OpenVPN from manipulating routing tables. > > * Unknown side-effects with different VPN

Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-10-12 Thread Jean-Philippe Ouellet
On Wed, Oct 12, 2016 at 8:17 PM, wrote: > Can you let me know how things function under 3.2? Any improvements? I am > keen to get the X1 4th generation but I want to make sure it has full Qubes > compatibility since that will be it's primary purpose. 3.2 is no different

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Chris Laprise
Here is a rundown of initial concerns... * Routing tables should not be manipulated when VPN clients will surely do this as well * Unknown side-effects with different VPN topologies (i.e. atypical routing commands pushed down to the VPN client) * Interdependent packet marking, detection

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 11:37 PM, Chris Laprise wrote: > > Its 6 pages, 4 if you only count the iptables/script section. And its > mostly cut-and-paste, so calling it "surgery" is another whopper. It's full of opportunities for people to make mistakes. > > But I do agree about the packaging... you could

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/13/2016 12:00 AM, Chris Laprise wrote: > On 10/12/2016 06:18 PM, Marek Marczykowski-Górecki wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> On Wed, Oct 12, 2016 at 09:35:45PM +, Manuel Amador (Rudd-O) wrote: >>> It gives me great pleasure to release the first iteration

Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-10-12 Thread Jean-Philippe Ouellet
If you're going to get one, I'd say definitely go with 16gb ram, and know that NVMe vs traditional SSDs appear to be equally well supported. The idea of a WWAN module (w/ accompanying free-to-do-whatever baseband) in a laptop is a scary proposition and highly un-recommended, and so are the

Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-10-12 Thread Jean-Philippe Ouellet
Also, here are the hashes of the files I used to update my BIOS to 1.18 without ever booting windows following the procedure described here: http://www.floccinaucinihilipilification.net/blog/2011/10/2/updating-the-bios-of-a-thinkpad-x220-using-linux.html $ sha256sum geteltorito.pl