Two VPN questions and one Qube Manager question.
87 views
Skip to first unread message
enti...@nym.hush.com
Oct 31, 2018, 3:06:44 PM10/31/18
to qubes...@googlegroups.com
1) I’ve successfully managed to set up a “ProxyVM” (or “AppVM” as it is called in Qubes 4.0) to run as VPN gateway with Private Internet Access (PIA)/Openvpn by following the guide in qubes documentation; https://www.qubes-os.org/doc/vpn/ and https://www.youtube.com/watch?v=K1_zqT7_N7k
PIA provides 33 gateways around the world to choose from, what I wonder is; how can I (easily) change and choose the various gateways of the sys-vpn (ProxyVM) as I normally can when directly using PIA? I may need to make my IP appear to come from one specific country, or have the desire to change from which country I’ve been connected to after a while. Also, can the ProxyVM be set to make gateway connections at random?
2) The Qubes doc mention that if I want to be able to use the Qubes Firewall I should create a new Firewall VM. How do I actually create a Firewall VM that uses Qubes Firewall? I assume there must be a different process than a normal “create new qube”.
Also, is it actually needed to add a firewall behind the VPN? AppVM → sys-vpn-firewall → sys-vpn → sys-firewall → sys-net, it just seems like a overly long line to me.
3) The “Autorefresh” button in Qube Manager have magically disappeared from the tool bar. Its supposed to be located in Dom0 Qube Manager, to the right of the three icons; Global Setting → Backup Qubes → Restore Qubes From Backup → “Missing” Qube Refresh.
Is there any fairy dust I can sprinkle on the terminal in dom0 to make that button reappear?
Please keep in mind that I'm a newbie Qubes user and a fairly new Linux (Mint) user of just a couple of years if/when you of you reply to these questions.
PIA provides 33 gateways around the world to choose from, what I wonder is; how can I (easily) change and choose the various gateways of the sys-vpn (ProxyVM) as I normally can when directly using PIA? I may need to make my IP appear to come from one specific country, or have the desire to change from which country I’ve been connected to after a while. Also, can the ProxyVM be set to make gateway connections at random?
2) The Qubes doc mention that if I want to be able to use the Qubes Firewall I should create a new Firewall VM. How do I actually create a Firewall VM that uses Qubes Firewall? I assume there must be a different process than a normal “create new qube”.
Also, is it actually needed to add a firewall behind the VPN? AppVM → sys-vpn-firewall → sys-vpn → sys-firewall → sys-net, it just seems like a overly long line to me.
3) The “Autorefresh” button in Qube Manager have magically disappeared from the tool bar. Its supposed to be located in Dom0 Qube Manager, to the right of the three icons; Global Setting → Backup Qubes → Restore Qubes From Backup → “Missing” Qube Refresh.
Is there any fairy dust I can sprinkle on the terminal in dom0 to make that button reappear?
Please keep in mind that I'm a newbie Qubes user and a fairly new Linux (Mint) user of just a couple of years if/when you of you reply to these questions.
Chris Laprise
Oct 31, 2018, 9:59:55 PM10/31/18
to enti...@nym.hush.com, qubes...@googlegroups.com
On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
> 1) I’ve successfully managed to set up a “ProxyVM” (or “AppVM” as it is called in Qubes 4.0) to run as VPN gateway with Private Internet Access (PIA)/Openvpn by following the guide in qubes documentation; https://www.qubes-os.org/doc/vpn/ and https://www.youtube.com/watch?v=K1_zqT7_N7k
> PIA provides 33 gateways around the world to choose from, what I wonder is; how can I (easily) change and choose the various gateways of the sys-vpn (ProxyVM) as I normally can when directly using PIA? I may need to make my IP appear to come from one specific country, or have the desire to change from which country I’ve been connected to after a while. Also, can the ProxyVM be set to make gateway connections at random?
It would not be too hard to write a shell script that shows all the ovpn
> 1) I’ve successfully managed to set up a “ProxyVM” (or “AppVM” as it is called in Qubes 4.0) to run as VPN gateway with Private Internet Access (PIA)/Openvpn by following the guide in qubes documentation; https://www.qubes-os.org/doc/vpn/ and https://www.youtube.com/watch?v=K1_zqT7_N7k
> PIA provides 33 gateways around the world to choose from, what I wonder is; how can I (easily) change and choose the various gateways of the sys-vpn (ProxyVM) as I normally can when directly using PIA? I may need to make my IP appear to come from one specific country, or have the desire to change from which country I’ve been connected to after a while. Also, can the ProxyVM be set to make gateway connections at random?
files in the /rw/config/vpn dir and lets you pick one. Then simply link
('ln -s') the chosen ovpn file to "openvpn-client.ovpn". Finally, tell
openvpn to (re)start. It also wouldn't be too hard to do this manually
if you don't change locations very frequently.
>
> 2) The Qubes doc mention that if I want to be able to use the Qubes Firewall I should create a new Firewall VM. How do I actually create a Firewall VM that uses Qubes Firewall? I assume there must be a different process than a normal “create new qube”.
> Also, is it actually needed to add a firewall behind the VPN? AppVM → sys-vpn-firewall → sys-vpn → sys-firewall → sys-net, it just seems like a overly long line to me.
Qubes firewall. But it is unnecessary to stack them so extensively in
Qubes 4.0. If your VPN provider uses verification certificates (most do)
then all you probably need is AppVM -> sys-vpn -> sys-net. If you wish
to add firewall rules to protect an AppVM you can do so on the Firewall
tab of the AppVM's settings; in my example sys-vpn will then act on
those rules and in your example sys-vpn-firewall would act on them.
>
> 3) The “Autorefresh” button in Qube Manager have magically disappeared from the tool bar. Its supposed to be located in Dom0 Qube Manager, to the right of the three icons; Global Setting → Backup Qubes → Restore Qubes From Backup → “Missing” Qube Refresh.
> Is there any fairy dust I can sprinkle on the terminal in dom0 to make that button reappear?
>
> Please keep in mind that I'm a newbie Qubes user and a fairly new Linux (Mint) user of just a couple of years if/when you of you reply to these questions.
>
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
birdynam
Nov 1, 2018, 4:45:46 AM11/1/18
to qubes...@googlegroups.com
To get your vpn randomly, just replace the openvpn.ovpn file in rc.local
by something like `ls *.ovpn|shuf -n 1` might do the job.
AppVM → sys-vpn → sys-firewall → sys-net should be ok. Just put rules in
your sys-vpn (/rw/config/qubes-firewall-user-script)
Birdy.
by something like `ls *.ovpn|shuf -n 1` might do the job.
AppVM → sys-vpn → sys-firewall → sys-net should be ok. Just put rules in
your sys-vpn (/rw/config/qubes-firewall-user-script)
Birdy.
awokd
Nov 1, 2018, 5:59:11 AM11/1/18
to qubes...@googlegroups.com
Chris Laprise wrote on 11/1/18 1:59 AM:
the theory is it's no longer needed. However, I have noticed sometimes I
still need to force it to refresh by closing and re-opening QM.
> On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
>>
>> 3) The “Autorefresh” button in Qube Manager have magically disappeared
>> from the tool bar. Its supposed to be located in Dom0 Qube Manager, to
>> the right of the three icons; Global Setting → Backup Qubes → Restore
>> Qubes From Backup → “Missing” Qube Refresh.
>> Is there any fairy dust I can sprinkle on the terminal in dom0 to make
>> that button reappear?
>
> Wish I could help you there. QM has been in a lot of flux for the past
> year.
It's gone from updated versions of QM since the switch to DBUS because
>>
>> 3) The “Autorefresh” button in Qube Manager have magically disappeared
>> from the tool bar. Its supposed to be located in Dom0 Qube Manager, to
>> the right of the three icons; Global Setting → Backup Qubes → Restore
>> Qubes From Backup → “Missing” Qube Refresh.
>> Is there any fairy dust I can sprinkle on the terminal in dom0 to make
>> that button reappear?
>
> Wish I could help you there. QM has been in a lot of flux for the past
> year.
the theory is it's no longer needed. However, I have noticed sometimes I
still need to force it to refresh by closing and re-opening QM.
qubenix
Nov 1, 2018, 9:02:22 AM11/1/18
to birdynam, qubes...@googlegroups.com
birdynam:
I've been using `remote-random` in my config for this. From the openvpn
man page it is explained:
--remote-random
When multiple --remote address/ports are specified, or if con‐nection
profiles are being used, initially randomize the order of the list as a
kind of basic load-balancing measure.
--
qubenix
CODE PGP: FE7454228594B4DDD034CE73A95D4D197E922B20
EMAIL PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
IRC OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765
man page it is explained:
--remote-random
When multiple --remote address/ports are specified, or if con‐nection
profiles are being used, initially randomize the order of the list as a
kind of basic load-balancing measure.
--
qubenix
CODE PGP: FE7454228594B4DDD034CE73A95D4D197E922B20
EMAIL PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
IRC OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765
Fidel Ramos
Nov 1, 2018, 11:55:49 AM11/1/18
to Chris Laprise, enti...@nym.hush.com, qubes...@googlegroups.com
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
https://github.com/tasket/Qubes-vpn-support/issues/17
Fidel Ramos
PGP 7F07 1B7C 479F EDD1 - https://keybase.io/fidel
On Thursday, November 1, 2018 1:59 AM, Chris Laprise <tas...@posteo.net> wrote:
> On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
>
> > 1. I’ve successfully managed to set up a “ProxyVM” (or “AppVM” as it is called in Qubes 4.0) to run as VPN gateway with Private Internet Access (PIA)/Openvpn by following the guide in qubes documentation; https://www.qubes-os.org/doc/vpn/ and https://www.youtube.com/watch?v=K1_zqT7_N7k
> On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
>
> > PIA provides 33 gateways around the world to choose from, what I wonder is; how can I (easily) change and choose the various gateways of the sys-vpn (ProxyVM) as I normally can when directly using PIA? I may need to make my IP appear to come from one specific country, or have the desire to change from which country I’ve been connected to after a while. Also, can the ProxyVM be set to make gateway connections at random?
> >
>
> It would not be too hard to write a shell script that shows all the ovpn
> files in the /rw/config/vpn dir and lets you pick one. Then simply link
> ('ln -s') the chosen ovpn file to "openvpn-client.ovpn". Finally, tell
> openvpn to (re)start. It also wouldn't be too hard to do this manually
> if you don't change locations very frequently.
I'm starting work on a systray icon for Qubes-vpn-support that will make changing the VPN configuration a breeze. Please check out this Github issue:
> >
>
> It would not be too hard to write a shell script that shows all the ovpn
> files in the /rw/config/vpn dir and lets you pick one. Then simply link
> ('ln -s') the chosen ovpn file to "openvpn-client.ovpn". Finally, tell
> openvpn to (re)start. It also wouldn't be too hard to do this manually
> if you don't change locations very frequently.
https://github.com/tasket/Qubes-vpn-support/issues/17
Fidel Ramos
PGP 7F07 1B7C 479F EDD1 - https://keybase.io/fidel
Chris Laprise
Nov 1, 2018, 1:10:04 PM11/1/18
to Fidel Ramos, enti...@nym.hush.com, qubes...@googlegroups.com
needed a reminder :)
donoban
Nov 1, 2018, 7:17:56 PM11/1/18
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Currently it uses internal Qubes API events. Do you remember sync
problems recently?
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlvbiZsACgkQFBMQ2OPt
CKVf5g//aHRcNDN93ojw9sld+ntdH7w/rRwdaO66dKrEPQZ0ujE7lKlyRXGDenjL
KfA51hNycSQcBzx0Y3suStar4HS1Fq+4KZ46pjkyRKZwx9bdJ0Rv1/66m+Mh0bTo
Tp64G0uMId46iVNv9h2CloMdcu9X7yQPiyo0tSwEZACNywPIKX08T34YNdLk201D
E6nNAc+Jl98NyjgE09MFl+eEbAHLjp/KimGEIys/vguB7LCmArZgPnCDRCL9CbeM
mTG2xV08hE1SPI3QP3QDMANxq8MzgXpBEXYHgP4jKQhVu7Rs/tAEXphOioZy4480
P2Q2KrYBVVII/rzsdrH5uC2XRJdI6k+f5bbZsMcNSKnfIzhXOFCBaquapznz3z2s
TJay9P5Z2J2IZdyH0N+r3WVsPlFrltz+0aUa719pVmWF5UxDR0Li4326ne0qiSS+
k42+rZAB2zZ+avVo2UhkeDoigICigajgBRCbH0i9o1CDvM3yK7+Gkm6WM2DY0eqS
UY3cwQyJN7FuSTTiPXdDTZsVKZ2IXSOOSjB3yqNApSzkfalMKYy5dKNxyJ1qsCOS
i/rKR07UNFP50WN2kww//oRH1on0O+fZr0EsD/X9/oevJtEjDSta1oyy6BNyqdw2
vGuJdQQafL7t7n73JbjOU3pQQQvGeURLghbO1fEKM/WvaaEB2Ks=
=zFRw
-----END PGP SIGNATURE-----
Hash: SHA256
problems recently?
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlvbiZsACgkQFBMQ2OPt
CKVf5g//aHRcNDN93ojw9sld+ntdH7w/rRwdaO66dKrEPQZ0ujE7lKlyRXGDenjL
KfA51hNycSQcBzx0Y3suStar4HS1Fq+4KZ46pjkyRKZwx9bdJ0Rv1/66m+Mh0bTo
Tp64G0uMId46iVNv9h2CloMdcu9X7yQPiyo0tSwEZACNywPIKX08T34YNdLk201D
E6nNAc+Jl98NyjgE09MFl+eEbAHLjp/KimGEIys/vguB7LCmArZgPnCDRCL9CbeM
mTG2xV08hE1SPI3QP3QDMANxq8MzgXpBEXYHgP4jKQhVu7Rs/tAEXphOioZy4480
P2Q2KrYBVVII/rzsdrH5uC2XRJdI6k+f5bbZsMcNSKnfIzhXOFCBaquapznz3z2s
TJay9P5Z2J2IZdyH0N+r3WVsPlFrltz+0aUa719pVmWF5UxDR0Li4326ne0qiSS+
k42+rZAB2zZ+avVo2UhkeDoigICigajgBRCbH0i9o1CDvM3yK7+Gkm6WM2DY0eqS
UY3cwQyJN7FuSTTiPXdDTZsVKZ2IXSOOSjB3yqNApSzkfalMKYy5dKNxyJ1qsCOS
i/rKR07UNFP50WN2kww//oRH1on0O+fZr0EsD/X9/oevJtEjDSta1oyy6BNyqdw2
vGuJdQQafL7t7n73JbjOU3pQQQvGeURLghbO1fEKM/WvaaEB2Ks=
=zFRw
-----END PGP SIGNATURE-----
awokd
Nov 3, 2018, 11:36:37 AM11/3/18
to qubes...@googlegroups.com
donoban:
that the manager missed. I'll try to keep better tabs on it for a more
actionable problem report, but the workaround of closing and re-opening
isn't hard.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 11/1/18 10:58 AM, 'awokd' via qubes-users wrote:
>> Chris Laprise wrote on 11/1/18 1:59 AM:
>>> On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
>>
>>>>
>>>> 3) The “Autorefresh” button in Qube Manager have magically
>>>> disappeared from the tool bar. Its supposed to be located in
>>>> Dom0 Qube Manager, to the right of the three icons; Global
>>>> Setting → Backup Qubes → Restore Qubes From Backup → “Missing”
>>>> Qube Refresh. Is there any fairy dust I can sprinkle on the
>>>> terminal in dom0 to make that button reappear?
>>>
>>> Wish I could help you there. QM has been in a lot of flux for the
>>> past year.
>>
>> It's gone from updated versions of QM since the switch to DBUS
>> because the theory is it's no longer needed. However, I have
>> noticed sometimes I still need to force it to refresh by closing
>> and re-opening QM.
>>
> Currently it uses internal Qubes API events. Do you remember sync
> problems recently?
It's infrequent, but still happened recently. Think it was an HVM crash
> Hash: SHA256
>
> On 11/1/18 10:58 AM, 'awokd' via qubes-users wrote:
>> Chris Laprise wrote on 11/1/18 1:59 AM:
>>> On 10/31/2018 03:06 PM, entiosis via qubes-users wrote:
>>
>>>>
>>>> 3) The “Autorefresh” button in Qube Manager have magically
>>>> disappeared from the tool bar. Its supposed to be located in
>>>> Dom0 Qube Manager, to the right of the three icons; Global
>>>> Setting → Backup Qubes → Restore Qubes From Backup → “Missing”
>>>> Qube Refresh. Is there any fairy dust I can sprinkle on the
>>>> terminal in dom0 to make that button reappear?
>>>
>>> Wish I could help you there. QM has been in a lot of flux for the
>>> past year.
>>
>> It's gone from updated versions of QM since the switch to DBUS
>> because the theory is it's no longer needed. However, I have
>> noticed sometimes I still need to force it to refresh by closing
>> and re-opening QM.
>>
> Currently it uses internal Qubes API events. Do you remember sync
> problems recently?
that the manager missed. I'll try to keep better tabs on it for a more
actionable problem report, but the workaround of closing and re-opening
isn't hard.
Reply all
Reply to author
Forward
0 new messages