Migrating to Qubes OS
33 views
Skip to first unread message
Flex
Feb 26, 2021, 5:49:22 PM2/26/21
to qubes...@googlegroups.com
Hello,
migrating from Ubuntu 20.04 to Qubes OS I have still quite a few
problems I ran into and could not solve yet using the documentation etc.
1. I need to use an external USB-Keyboard which is plugged into the
docking station of my X230 Thinkpad. I can connect the Keyboard to one
running VM using sys-usb but this results in a falsely changed keyboard
layout (US instead of DE) and I need to reboot to reset this as the
built in keyboard layout is affected in the same way.
2. Further it would be great to know how to automatically connect to
several selected VM after boot without connecting it directly to dom0 or
if not possible how to connect it to dom0 as I was not able to
understand the many different options mentioned in the documentation etc.
3. The sys-net VPN (PPTP) is not working although the settings are the
same as using Ubuntu, where it connected. Is there a way to get the VPN
up and running?
4. The qubes add on for thunderbird is not compatible with thunderbird
78 is it planned to upgrade it soon?
5. When disconnecting from the docking station to which the 2nd screen
is connected to, the windows are not automatically resized/-grouped so
it is kind of hard to access those invisible on the second screen which
is no longer attached, is there a way to improve this?
That is it for now though I might run in to more issues the coming days.
Hope you can help me especially with the first and 3rd issue as those
are most urgent.
Many thanks!
Flex
migrating from Ubuntu 20.04 to Qubes OS I have still quite a few
problems I ran into and could not solve yet using the documentation etc.
1. I need to use an external USB-Keyboard which is plugged into the
docking station of my X230 Thinkpad. I can connect the Keyboard to one
running VM using sys-usb but this results in a falsely changed keyboard
layout (US instead of DE) and I need to reboot to reset this as the
built in keyboard layout is affected in the same way.
2. Further it would be great to know how to automatically connect to
several selected VM after boot without connecting it directly to dom0 or
if not possible how to connect it to dom0 as I was not able to
understand the many different options mentioned in the documentation etc.
3. The sys-net VPN (PPTP) is not working although the settings are the
same as using Ubuntu, where it connected. Is there a way to get the VPN
up and running?
4. The qubes add on for thunderbird is not compatible with thunderbird
78 is it planned to upgrade it soon?
5. When disconnecting from the docking station to which the 2nd screen
is connected to, the windows are not automatically resized/-grouped so
it is kind of hard to access those invisible on the second screen which
is no longer attached, is there a way to improve this?
That is it for now though I might run in to more issues the coming days.
Hope you can help me especially with the first and 3rd issue as those
are most urgent.
Many thanks!
Flex
awokd
Mar 2, 2021, 4:43:34 AM3/2/21
to qubes...@googlegroups.com
Flex:
For 1 & 2, have you attempted the steps under
https://www.qubes-os.org/doc/usb-qubes/#manual-setup ?
3 Does your VPN provider support OpenVPN? It's better. If so,
https://github.com/QubesOS-contrib/qubes-tunnel is probably the best
approach. Otherwise, try
https://www.mail-archive.com/qubes...@googlegroups.com/msg02913.html.
4 Unknown
5 Only fix I can think of might be to switch the desktop from xfce to
something like i3, but haven't attempted that.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
https://www.qubes-os.org/doc/usb-qubes/#manual-setup ?
3 Does your VPN provider support OpenVPN? It's better. If so,
https://github.com/QubesOS-contrib/qubes-tunnel is probably the best
approach. Otherwise, try
https://www.mail-archive.com/qubes...@googlegroups.com/msg02913.html.
4 Unknown
5 Only fix I can think of might be to switch the desktop from xfce to
something like i3, but haven't attempted that.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
Janosh
Mar 2, 2021, 10:46:32 AM3/2/21
to qubes...@googlegroups.com
Am 02.03.21 um 01:21 schrieb 'awokd' via qubes-users:
> For 1 & 2, have you attempted the steps under
> https://www.qubes-os.org/doc/usb-qubes/#manual-setup ?
>
> 3 Does your VPN provider support OpenVPN? It's better. If so,
> https://github.com/QubesOS-contrib/qubes-tunnel is probably the best
> approach. Otherwise, try
> https://www.mail-archive.com/qubes...@googlegroups.com/msg02913.html.
>
> 4 Unknown
>
> 5 Only fix I can think of might be to switch the desktop from xfce to
> something like i3, but haven't attempted that.
1&2: I had a look into that but did not try yet as I was afraid of
> https://www.qubes-os.org/doc/usb-qubes/#manual-setup ?
>
> 3 Does your VPN provider support OpenVPN? It's better. If so,
> https://github.com/QubesOS-contrib/qubes-tunnel is probably the best
> approach. Otherwise, try
> https://www.mail-archive.com/qubes...@googlegroups.com/msg02913.html.
>
> 4 Unknown
>
> 5 Only fix I can think of might be to switch the desktop from xfce to
> something like i3, but haven't attempted that.
breaching the security of dom0, but if it is the only workaround
possible I might take that risk.
Would https://www.qubes-os.org/doc/usb-qubes/#automatic-setup do the same?
Further I am not sure if that will solve the keyboard layout problem or
has a potential to make things worse?
3: My VPN Provider reccommends IKEv2 strongswan but PPTP is mentioned as
well and worked fine using Ubuntu. After PPTP failed I tried strongswan
with a debian VM but although the connection seems to work for a few
moments (not really, but it just displays a notification the connection
was established succesfully) and then displays an error message the
connection failed.
The providers reply was the default-route might not point to the
VPN-Interface, which seems to be the case referring to the output of 'ip
route'.
5 As far as I understood Qubes is quite bound to xfce as a desktop
environment at the moment and problems might occur when switching,
therefore I am not keen to try this.
Would it be safe to use "Session and Startup" of dom0 to autostart
Applications and is there a command to assign a workspace to each
specific App or restore the session (tried ticking the option but no
changes)?
Flex
Mar 2, 2021, 11:07:21 AM3/2/21
to qubes...@googlegroups.com
the usb-controllers to both qubes and giving one usb-controller the
access to dom0 as described in
https://www.qubes-os.org/doc/usb-qubes/#automatic-setup ?
awokd
Mar 5, 2021, 1:07:02 PM3/5/21
to qubes...@googlegroups.com
Flex:
to not do so on install. However, if sounds like you did, so it won't
help to run again. The manual step I linked to permit an external
keyboard to dom0 isn't awful from a security perspective, as sys-usb
still acts as a middleman between the USB hardware and dom0. It does
open up a class of attacks where if your keyboard gets reprogrammed by
someone with physical access without your knowledge (or is hopefully not
wireless), they could maliciously send keystrokes.
Splitting USB controllers between dom0 and sys-usb is entirely possible,
but is arguably less safe than passing the external keyboard through
sys-usb, as it exposes dom0 to the USB controller and USB devices
attached to it.
Not positive either way about the keyboard layout issue, or the others,
sorry.
>
>> 1&2: I had a look into that but did not try yet as I was afraid of
>> breaching the security of dom0, but if it is the only workaround
>> possible I might take that risk.
>> Would https://www.qubes-os.org/doc/usb-qubes/#automatic-setup do the same?
>> Further I am not sure if that will solve the keyboard layout problem or
>> has a potential to make things worse?
>
>> 1&2: I had a look into that but did not try yet as I was afraid of
>> breaching the security of dom0, but if it is the only workaround
>> possible I might take that risk.
>> Would https://www.qubes-os.org/doc/usb-qubes/#automatic-setup do the same?
>> Further I am not sure if that will solve the keyboard layout problem or
>> has a potential to make things worse?
>
> Regarding 1&2 would it be possible to clone the usb-qube and then sort
> the usb-controllers to both qubes and giving one usb-controller the
> access to dom0 as described in
> https://www.qubes-os.org/doc/usb-qubes/#automatic-setup ?
>
Those automatic setup steps will create a USB qube for you if you chose
> the usb-controllers to both qubes and giving one usb-controller the
> access to dom0 as described in
> https://www.qubes-os.org/doc/usb-qubes/#automatic-setup ?
>
to not do so on install. However, if sounds like you did, so it won't
help to run again. The manual step I linked to permit an external
keyboard to dom0 isn't awful from a security perspective, as sys-usb
still acts as a middleman between the USB hardware and dom0. It does
open up a class of attacks where if your keyboard gets reprogrammed by
someone with physical access without your knowledge (or is hopefully not
wireless), they could maliciously send keystrokes.
Splitting USB controllers between dom0 and sys-usb is entirely possible,
but is arguably less safe than passing the external keyboard through
sys-usb, as it exposes dom0 to the USB controller and USB devices
attached to it.
Not positive either way about the keyboard layout issue, or the others,
sorry.
Reply all
Reply to author
Forward
0 new messages