[qubes-users] Re: Persistant routes on Qubes are not persistant?!
Thank you Marek. I was not able to put this to work via the network manager,since if I opt to choose eth0 this the connection will not be activated. And create a dedicated virtual interface just for this purpose its a little overkill. Therefore I followed your second suggestion and added the routes manually in the qubes-ip-change-hook . Although I don't think this is a very elegant solution, at least the routes were persistent added in each reboot, which solves my issue. Thank you once again. Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77c4f1b1316438f3e03fea5bc5e1f41ead76%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Oct 23, 2016 at 12:56:56PM +, 4p3dkf+6lmws56jxixyk via qubes-users wrote: > Yes, the symlink is in place: > > ls /etc/NetworkManager/system-connections > 131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 > /etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/ > > > The /dev/xvdb is properly mounted on /rw : > > /dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered) > > I don't have a /etc/system directory on my system, are you referring to the > unit files? > For the sys-firewall I'm using the default template - > fedora-23 > > When I set the routes by hand via NetworkManager they are reflected on the > qubes-uplink-eth0 file: > (...) > [ipv4] > address1=10.137.1.8/32,10.137.1.1 > dns=10.137.1.1;10.137.1.254; > dns-search= > may-fail=false > method=manual > never-default=true > route1=192.168.0.0/16,10.137.1.1 > route2=172.16.0.0/16,10.137.1.1 > #---EOF--- > > The file before the sys-firewall is rebooted has the following checksum and > md5sum: > > 2551335477 425 qubes-uplink-eth0 > 83b37a6b68007838efb1e9e9fbc841f4 qubes-uplink-eth0 > > As soon as the sys-firewall is booted the file with the NW configuration is > overwritten : > > [ipv4] > method=manual > may-fail=false > dns=10.137.1.1;10.137.1.254 > addresses1=10.137.1.8;32;10.137.1.1 > #---EOF--- > > As you can see the configuration was not preserved. > Therefore something is clearly overwritten the NM configuration, the problem > is to know what and how to avoid it, preserving the NM config. Yes, the file `qubes-uplink-eth0` is automatically generated at each VM startup (or changing network options - like switching to different netvm). I thing there was a comment about it, but indeed it isn't there right now... Anyway, your options are: 1. Create new connection with different name and set routes there. 2. Modify routing table (or NetworkManager settings) from /rw/config/rc.local, or /rw/config/qubes-ip-change-hook. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYDL+jAAoJENuP0xzK19csqqoIAIcN1VAv4btJWY9xPYSqLsBH 0RuD+4wew2c1cpLF8w7yp+4WKeSXTJIdztnSYen6Ic8Ce4Ugr+86br2z74O0z6+O ic8cyDC+urVDWTzfxvX4CjHcSWV4e7OF9zNWHNKkJHHPsJKChmVR9Q9DuvXDOTG9 xkcy+pDCVc1fPrwrYc/6SvQ6q1kic44X3K6piZkJMas55eNOThRLDpqirSi/aGZQ oSIkUpFrHDdWTWG7ULWWt+CwZOoNlt3Tr8NVuir7YHTOxSTjhqNDXsKHM7YRGdBO w+Klxv5MuOXTmTRk3LwYkbGdHV1JxlSavY5s0I59C1NjvsFgsVpQCt1SQxGPc40= =0wZ6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161023134819.GU1136%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
I'm sorry for my bad temper, but given the amount of days that I'm involved on this issue, waiting for a simple reply (since this is inherent of the Qubes design and therefore easy to answer by any of the devs) I got a little frustrated. I didn't mean to be rude/aggressive/impolite/disrespectful in any way nor making inflammatory or baseless accusations. So my sincere apologies for that. Regarding the Qubes main page, I was not aware of this discussion. I was simply baffled by the lack of the 'help' section and erroneous concluded (based on this and the lack of reply from anyone from the official team) that the ML is no longer supported. Again my apologies for that. As for the issue it was outlined in details in this thread, (and I did respond to JJ with the detailed description of the issue, which I'm quoting below): Yes, the symlink is in place: ls /etc/NetworkManager/system-connections 131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 /etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/ The /dev/xvdb is properly mounted on /rw : /dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered) I don't have a /etc/system directory on my system, are you referring to the unit files? For the sys-firewall I'm using the default template - > fedora-23 When I set the routes by hand via NetworkManager they are reflected on the qubes-uplink-eth0 file: (...) [ipv4] address1=10.137.1.8/32,10.137.1.1 dns=10.137.1.1;10.137.1.254; dns-search= may-fail=false method=manual never-default=true route1=192.168.0.0/16,10.137.1.1 route2=172.16.0.0/16,10.137.1.1 #---EOF--- The file before the sys-firewall is rebooted has the following checksum and md5sum: 2551335477 425 qubes-uplink-eth0 83b37a6b68007838efb1e9e9fbc841f4 qubes-uplink-eth0 As soon as the sys-firewall is booted the file with the NW configuration is overwritten : [ipv4] method=manual may-fail=false dns=10.137.1.1;10.137.1.254 addresses1=10.137.1.8;32;10.137.1.1 #---EOF--- As you can see the configuration was not preserved. Therefore something is clearly overwritten the NM configuration, the problem is to know what and how to avoid it, preserving the NM config. Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5623f6ad25a81d84876b7f619828db8b3247%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-22 16:23, 4ok80g+4fl8s3n7pesd8 via qubes-users wrote: > So far not a single soul from the qubes project has mentioned a single word > about this and this is simply unacceptable! This mailing list is been > abandoned! Please review the mailing list guidelines: https://www.qubes-os.org/mailing-lists/ I'll make a few points explicit: 1. No one owes you a reply. 2. If people don't know the answer to your question, they're very unlikely to reply. That doesn't mean your message is being ignored. It just means that no one who has had time to reply knows the answer. 3. The devs who are likely to know the answer to your question are very busy working on Qubes. They can't just drop everything to answer every question that comes across the mailing list. If they were to try, no development work would ever get done. Sometimes, they don't have time to respond to certain messages on the mailing list for days or even weeks. You have to be patient. Even then, there's no guarantee that your question will be answered, because no one here has an obligation to solve your problems for you (see point 1). 4. If you want people to help you, should (a) be polite and (b) make it as easy as possible for people to help you. Repeatedly bumping your own thread in a short period of time, then making baseless and inflammatory accusations is not very polite. > Point proven - all the contacts for the ML and the help section were removed > from the main site. The page https://www.qubes-os.org/help/ is now redirected > to https://www.qubes-os.org/doc/ . That was part of a website reorganization that has been under discussion for months. See: https://github.com/QubesOS/qubes-issues/issues/1833 https://github.com/QubesOS/qubes-issues/issues/1841 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDJUXAAoJENtN07w5UDAwSj8P/2zv1SzRpYhhd7jhmgbwXMKz wcOZNy5Vh4v5XteyHg7J8hRBSm50ty0gkZ9iLpXqDTBUZA/G87VFII/KyLkkPF9D BhQbi04ZJNDyaScxtWxhhsgByCgG7gzQYbQ7eTKEEWq7f1veCjfFgjTJ+WWwqDm8 /T1OZfWHyRI8xvuaUbUlaeGGlRFCfNkbIQy7Pe28XChPWR++nbrVoEa/XiyfLAT/ pAvuVBQhgWCChf2vYKkTa7mH/RLXk9J26WvBT3UDX0q+DEuvEdRC2XioOu1FJb/X tJ+y0NTE931pE51QhUEtTNOD6eEK9gtp7DN3hgbssKliTol+Q09PoDknv2Ecf7AE Pxe4/OabReJ7wCAChpIIxLISZzX81S57zjS5KBbz66Itd8es21mwj8uTuGSGHGgt Uus3CqxG+QEnQPjP5QZQJ8xTxjqNoxr+bTiOtWzXdcqwAoshiFH2+rUs017Qjq0C zAdxsn/mHVVOspqRM6cNLAI1MWViIFrmgmgnvBFEZXr1CMZbjb2OgolFMQOXSDOt xD+tAbH5QOJyQ1aK/uZUYjD4BlGcKpriVvwjFmUhPJPotmy6PR6qWHE8klUGpZsR 0436mSU8U2nGg9ZKesGXk6/HwPnIO5Lpe1vDYPxjkAkjgaXm4jGvMDBTYanc+KwP 8acYlSP/TshmG9yEUwqq =Zznw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56c2f55a-8d19-75cb-d9f7-363608395179%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!
On Sat, Oct 22, 2016 at 11:23:18PM +, 4ok80g+4fl8s3n7pesd8 via qubes-users wrote: > I assume you meant to say rc.local, as this has nothing to do with iptables > nor the qubes-firewall-user-script. > In any case, this suggestion in itself is a huge hammering. The sys-firewall > shouldn't have to change the qubes-uplink-eth0 (Network Manager > configuration) in the first place and that is the whole problem here. > > I could have set the file with the immutable flag on, I could have created a > rc.local script...etc > I could have done many workarounds, but these would be, as the name implies, > workarounds. What I want to know is to know why the static routes on the NM > configuration are being overwritten and how to avoid that. > > So far not a single soul from the qubes project has mentioned a single word > about this and this is simply unacceptable! This mailing list is been > abandoned! > Point proven - all the contacts for the ML and the help section were removed > from the main site. The page https://www.qubes-os.org/help/ is now redirected > to https://www.qubes-os.org/doc/ . > > Is this project over before it has taken off?!? > I think you should calm down. >From what I can see someone replied to you pretty quickly, asking for information and telling you that it worked for them. You dont appear to have responded to that, or provided more information. They pointed you to /rw/config/NM-system-connections. So, why not respond to JJ, who tried to help you? Set a route in NM. Then check to see that it is reflected in /rw/config/NM-system-connections What template are you using? Are other network settings retained between boots? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161023002637.GB7845%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
I assume you meant to say rc.local, as this has nothing to do with iptables nor the qubes-firewall-user-script. In any case, this suggestion in itself is a huge hammering. The sys-firewall shouldn't have to change the qubes-uplink-eth0 (Network Manager configuration) in the first place and that is the whole problem here. I could have set the file with the immutable flag on, I could have created a rc.local script...etc I could have done many workarounds, but these would be, as the name implies, workarounds. What I want to know is to know why the static routes on the NM configuration are being overwritten and how to avoid that. So far not a single soul from the qubes project has mentioned a single word about this and this is simply unacceptable! This mailing list is been abandoned! Point proven - all the contacts for the ML and the help section were removed from the main site. The page https://www.qubes-os.org/help/ is now redirected to https://www.qubes-os.org/doc/ . Is this project over before it has taken off?!? Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/972486e4bde681b07c93a4093ad0f5018d26%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
Hi, Did you try adding the commands in /rw/config/qubes-firewall-user-script file, as is indicated in the documentation? https://www.qubes-os.org/doc/qubes-firewall/ Regards El sábado, 22 de octubre de 2016, 12:54:54 (UTC-6), 4oe3ad+c69...@guerrillamail.com escribió: > Unfortunately this Mialing list seems dead. > I've opened this issue, that is specific to the Qubes architecture, for over > a week now and so far no one was able to pinpoint to the solution or explain > why static routes are being overwritten on boot. > > It seems that this ML is only breathing, beacuse of the individual effort of > its users. To the date, no one from the official team > (https://www.qubes-os.org/team/) was able to chip in or give any answer. > > This is a bad start for this project, lack of support is one of the reasons > why some projects are not successful.. > > And to think I was about to give some donations for this project > > > > > > > Sent using Guerrillamail.com > Block or report abuse: > https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b1f81c8d-ec22-4fa2-ae75-977b378b3588%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
Unfortunately this Mialing list seems dead. I've opened this issue, that is specific to the Qubes architecture, for over a week now and so far no one was able to pinpoint to the solution or explain why static routes are being overwritten on boot. It seems that this ML is only breathing, beacuse of the individual effort of its users. To the date, no one from the official team (https://www.qubes-os.org/team/) was able to chip in or give any answer. This is a bad start for this project, lack of support is one of the reasons why some projects are not successful.. And to think I was about to give some donations for this project Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1418a5831ee4c312e0fc88994f0d57a5c611%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
bump Does anyone knows how to achieve this on Qubes? Sent using Guerrillamail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58c7b07d24e0d618ef84d47702810d2c397%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Persistant routes on Qubes are not persistant?!
Hi, Does anyone knows how to achieve this on Qubes? Thanks Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92534927000b3a8ba33f465f37cd20faad66%40guerrillamail.com. For more options, visit https://groups.google.com/d/optout.
