Jump to content
Not connected, Your IP: 18.226.222.76

Search the Community

Showing results for 'qubes'.


Didn't find what you were looking for? Try searching for:


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 71 results

  1. Correct me if I read the article from arstechnica wrong but it made it seem like the DHCP on the client device can also be exploited. So the vulnerable time period would be during the brief period where network lock is not yet online but the device is. This would also occur in a foreign network during inital login, or during the captive portal login phase(coffee shops and hotels). As best as i have found, keeping network lock on at boot time prevents something like eddie from being able to contact airvpn to initiate a connection. Wireguard came up with a solution by isolating the NICs in a namespace jail but I dont think this would work with eddie, perhaps it would work with the airvpn suite https://www.wireguard.com/netns/#the-new-namespace-solution Another solution that was mentioned in the article is to have the NICs in a vm. Much like Qubes NetVMs but there is lots of overhead for this kind of solution. Have the external facing NICs isolated in a vm while the host OS uses the virtual nic as its primary gateway with static address asignment. Then when eddie or openvpn is initialized on the host machine it wont matter if the NetVM is manipulated. I am curious myself if anyone has any other solutions. I use eddie while roaming mostly because I am lazy and need a fast way to connect to a low latency server. I cant easily do that with openvpn or airvpn suite where I generally would need to have a favorites list of servers pre-selected, with no idea of their current status.
  2. I'm running a Linux distro, connected via Tor Browser v115.4.0esr. The "Recently Used Devices" panel in my profile shows Windows and Firefox v115.0. I've not used a Windows machine with AirVPN in several months, at least. My password is > 100 bits of entropy, basically impossible to guess. A hack is always possible, of course, but my practice is to use privacy and security centric OSes, like PureOS and Qubes, which are always up to date. I don't click on strange links. I guess what I'm wondering is: how reliable is the "Recently Used Devices" panel. I'll go ahead and change my password, but I'm still curious. Otto
  3. Hello, I was trying to run eddie in a proxy vm in qubes, something like "browser vm --> eddie vm --> net vm", but eddie seems to modify routing table so that proxy doesn't route traffic downstream from a "browser vm". How would I need to modify the routing table to make eddie route traffic from "browser vm" to airvpn gateway with network lock enabled? I attached the system report of my configuration, where 10.138.37.231 is a browser vm, 10.138.35.206 is a net vm. system report.txt
  4. Sorry to reply late on my own post but i rarely log in here. In qubes and freebsd this worked in their debian and fedora templates. Until recently. I think something happened in both(3, counting qubes) recently because qubes templates became suddenly unworkable with the modem. Debian and fedora as native installs require configuring to mbim now as well. Not really sure what the issue is. I need the modem to work more then I can diag what happened. Ill keep poking at it when i have the time.
  5. Then i think i'm gonna ask around in the Qubes OS forum and in the Whonix forum as well. I think it will be related to Whonix, because if i use the QubesOS's solution it works perfectly fine. I will report back if there is any progress! Till that time i will try out the random server generator too. Am i allowed to use any AirVPN server address (like europe3.all.vpn.airdns.org) if i'm asking help? Or should i just use some random created address?
  6. Thanks @OpenSourcerer! I wanted to use the [cc].all.vpn.airdns.org configuration because it was recommended to me in the Custom random server config generator thread by @benfitita and it worked great in other setup (not with tor) in Qubes OS or in my router. So if i understand you correctly, in this situation i should use the random server generator and specify exactly what servers i'd like to use. So basically when i'm downloading the config file, i specify the resolved host and adding all server addresses i want to use to the OpenVPN custom directives under the Advanced options? Is it tor specific that the [cc].all.vpn.airdns.org does not work?
  7. Hello! I'm trying to setup a Proxy VM in Qubes OS using sys-whonix as a NetVM, actually it would be a VPN over Tor configuration. When i'm testing the connection, i'm only able to use this configuration if i specify a concrete server. Is it possible to use VPN over Tor if i'd like to use a random connection instead? To be specific: I've downloaded the european config file (TCP-443) and changed the remote line in the .ovpn file to europe3.all.vpn.airdns.org. Unfortunately if i'm testing the connection with sudo openvpn --cd /place/of/ovpn/file --config AirVPN_Europe_TCP-443-Entry3.ovpn this is what i get: RESOLVE: Cannot resolve host address: europe3.all.vpn.airdns.org:443 (Temporary failure in name resolution) Could not determine IPv4/IPv6 protocol SIGUSR1[Soft,init_instance] received, process restarting If i'm using europe3.vpn.airdns.org:443 in the .ovpn file it is working. Is this how it should work, or is there something I can do about it? Thanks any help!
  8. Hello! I'm following this description (link) to make a VPN Proxy VM in Qubes OS. Unfortunately when it says to check the connection, i can't figure out how to do it. This is what i did and got an error: 1. In the VPN Proxy VM opened a terminal 2. The .ovpn file is here /rw/config/vpn/Airvpn_Europe_TCP-443-Entry3.ovpn 3. In the terminal from /home/user i use the command: openvpn --cd /rw/config/vpn --config Airvpn_Europe_TCP-443-Entry3.ovpn Unfortunately i get an error: Option error: Unrecognized or missing or extra parameter(s) in Airvpn_Europe_TCP-443-Entry3.ovpn:19: data-ciphers (2.4.7) Use --help for more information. openvpn version (debian-10): 2.4.7-1 I downloaded the .ovpn file like this: Config Generator > choosing Linux as my OS, IPv4 only for IP layer exit and IPv4 as Connect with IP layer, tick the Advenced Mode, selecting OpenVPN version >=2.5, choosing OpenVPN TCP 443 tls-crypt, tls1.2 as the protocol and tick By Continents > Europe and finally generating and downloading the .ovpn config file, where i changed eurpe3.vpn... to europe3.all.vpn.... Could someone help me out how can i check the connection with openvpn CLI? Thanks any help you can provide!
  9. Hello! I'm following this description (link) to create a VPN-proxy VM in Qubes OS. There is a step where i should create some firewall rules in the VPN-proxy to prevent leaks. I'd like to use a random European .ovpn configuration, so i go to Config Generator > choosing Linux as my OS, IPv4 only for IP layer exit and IPv4 as Connect with IP layer, tick the Advenced Mode, selecting OpenVPN version >=2.5, choosing OpenVPN TCP 443 tls-crypt, tls1.2 as the protocol and tick By Continents > Europe and finally generating and downloading the .ovpn config file, where i changed eurpe3.vpn... to europe3.all.vpn.... To create the firewall rule, I need the IP addresses that belong to the European servers. What is the easiest way to find out these IP addresses? If i'm downloading the .ovpn file as resolved hosts, i only get 1 IP address. Thanks any help you can provided!
  10. Could the OP not just use two vpns inline as well? Keep which ever vpn connection faces the public IP static so an adversary only sees the initial connection from public ip to vpn. Then use a second vpn connection that you can change at will to write or browse wherever? For instance, the router connects to the vpn and the pc that is using to the router also connects to a different server. Or if the router cannot handle the vpn, have the pc connect to the vpn, then have a virtual machine inside the pc make the second connection and do all of your browsing from there. This is similar to what some people do with Qubes. The performance hit is not as bad as using Tor, and some websites just wont accept tor connections even if you were willing to use it.
  11. Thank you for your answer. Yes I did. However it concerns the use of the ordinary openvpn client, with fail-close filter rules to be applied manually. For the sake of knowledge: I also tried with the Hummingbird client. It apparently succeeded to set the network lock in a Debian qube, though warning that "Kernel module iptable_filter not found" (maybe it's what Eddie didn't like?) and stating that "Network filter and lock is using iptables-legacy" despite Debian 10 using nftables. The result is a mixing of the qube's nftables rules and of the vpn client's iptables-legacy rules. It goes better with ./hummingbird xxx.ovpn --network-lock nftables : the vpn client stops complaining about iptable_filter and sets a nftables network lock. In both cases, however, hummingbirds' network lock puts a DROP in the forward chain including the tunnel interface, so the setting of a vpn gateway as per the documentation linked by @giganerd doesn't work. Coming back to Eddie, perhaps the reported problem comes from its trying to use iptbles-legacy netlock mode too. It's a pity, because the vpn client of another known vpn provider worked effortlessly in Debian qubes, included network lock compatibility with a vpn gateway. Perhaps I was just lucky?
  12. I cannot have eddie's netlock feature working in a qube in Qubes OS 4. When trying to enable it within eddie-ui, I get a pop-up "Exception: Unable to initialize iptable_filter module". The same with the cli: $ eddie-ui -cli -netlock (...) Activation of Network Lock - Linux iptables Exception: Unable to initialize iptable_filter module (...) This behavior was observed both in a Debian 10 qube and in a Fedora 32 qube. I don't get this error in a Debian 10 installed over bare metal. eddie ver. 2.18.9
  13. Has anyone had any luck getting hummingbird to work as a vpn vm for Qubes 4 yet? It seems the way network lock operates also does not jive well with the way Qubes operates. I have tried running it directly in sys-net, which is obviously not ideal for many situations, as well as directly on an ethernet port clients connect to(routing towards sys-net), in addition to being a regular sys-vpn with no luck so far. Im sure I am not the only one to have tried this, perhaps someone else has had some luck
  14. I successfully created a ProxyVM within QubesOS using hummingbird and I confirm that connection works, however I have problems when trying to use this ProxyVM connections for other AppVM's. They basically do not connect. Accoring to QubesOS VPN section, it should be all working but it is not. I mean, I do not expect a solution here, I think I should post to QubesOS but heads up for hummingbird working (more or less lol) in Qubes.
  15. I have successfully used eddie-ui in Qubes 4.0... however, with a caveat... I can only use it on individual APPVm... not system-wide... I've had success using ExpressVPN on the netvm System-wide.... albeit with a caveat... the network lock-down only works once a connection is established... and everything passes the dns leak test...
  16. The only way I've found to use Eddie (or any VPN) usably in Qubes has been to have to use it in the active Qube itself. Several updates ago of Qubes I could set up a VPN qube and route other qubes through it per Qubes's instructions... but then that just stopped working along the way one day and I've never been able to get it back. Sorry, this isn't helpful as far as fixing the using of a VPN qube, just I guess letting you know 1) you're not alone and I'm looking forward to any fixing help you've managed to stir up, and 2) it used to work fine and then Qubes changed on me rather than Eddie changing and then not working. *crosses-fingers for helpful answers*
  17. I've managed to run Eddie client in it's own VM on qubes fine and route other qubes through it. They have ping to IPs but can't resolve domains. I've experiment with the DNS settings but haven't found a way to make other cubes resolve domains when using the VM with Eddie as networking. I don't know much about networking so I'm hoping someone will point me to something obvious I might have been missing.
  18. I'm experimenting with Eddie in Standalone qubes VM. It's installed but when network lock is NOT enabled it's stuck at "Checking route IPv6" when connecting. I've tried setting it to use only IPv4 in Networking>Internet protocol used for connection but it still gets stuck at the same. When network lock is enabled the eddie client itself connects fine and internet is via the VPN in that cube, but then I can't make the other qubes connect through that cube even if I've enabled "Allow lan/private" in "Netowork Lock" and even whitelisted the specific cube internal IP address. So either way I can't make it usable in qubes.
  19. DNSCrypt is not a standard of IETF. DoH is. Define your own scope, a standard protocol with internet giants, or a non-standard one with volunteers. The end case is the same, they are both end-to-end encrypted, so you are safe from your ISP/VPN, just decide which party you prefer to trust more. Personally I go with a Torified DoH everywhere in Qubes.
  20. Exactly. It's not even the vanilla FreeBSD kernel, it's a special pfSense kernel based on it. You can add extra packages to the distro to extend its functionality but these are "professional" like proxies, DHCP/DNS servers, monitoring tools, etc. Yes, should be avoided. Again, you don't need to throw money at it before you know exactly and without doubts that the functionality provided by the hardware is exactly what you need. In this case, forget activities that need direct/low-level access to hardware. Like gaming. Qubes OS is if you want to reverse engineer malware in one cube, do banking in another, social networking in a third, so that Tinder doesn't know of your banking activities and/or malicious code can't compromise the other two. I won't answer the second question because all the info is in the Qubes FAQ. Please go through it. Furthermore, I propose that your paranoia is to be destroyed.
  21. what i like about ricochet is the fact it can use tor alpha 3 torrc on arch. meaning you can set your torrc say you want to chroot it also, to strictmode, avoid any servers that have been known to inject anything, i chatted with a couple of folks on ricochet on hope they move it forward with next gen onion, so for example right now i have it running, i got tor alpha from the AUR, got ricochet, themed it, tor runs in chroot via arch linux wiki instructions, again, this is all layers, the local repo chat laptop is basically stand alone, meaning it's not doin anything else and behind airvpn stunnel openvpn, that's basically just my tor box, it hosts my tokzco onion site version 3 and my local arch repo i don't browse tor sites on that box or much of anything else, it's a lazy way of compartmentalization also qubes and whonix etc are all cool and all but yeah i'm not into the work load of switching everything over and straight up, i don't trust the tor browser version at all reason is you look through it it is serious bloat shit and call out to google etc and mozilla big time the browser is the most targeted app and why i don't like to load anything up to chat through it either online irc in general has become shit, almost every chat url you can find online via clearnet search engines is all shit links to sicko shit, imho a deliberate campaign, there is more sick shit on facebook just by sheer volume there are family friendly spots on the onion and decent places to chat clearnet and often tor 'search engines' don't do much to help reason is this, it's about ad revenue, about money, google and everyone else wants us to think that if we all of a sudden get 'anon' that we lose our minds and load up negative content or get into bad stuff it's psychological warfare 101 and they do it well i'm more or less 'squeamish' there is a lot of stuff on youtube i can't handle today anyway my point is, ricochet is a solid so far to me because it does nothing else you check it on github you will see a lot of folks involved with it in the issues tab that's a good sign i sent staff an apology, goin back through fixing some posts long story short, my family got involved in hijacking my inheritance and the banks knew, law enforcement has also been involved in covering some things up, mail intercepts and forging courthouse legal docs i'm not making this shit up, wish i were, i'm sick to my gut me, i just wrapped up a decade of probation for getting stupid, shitfaced, went for a joy ride in a truck and yeah, so not cool there so last thing i want is any correspondence or attention from law enforcement or any courthouse, goin on 50, i just want left alone more than that, my 'family' absolutely had no reason to go behind my back plan anything out ahead to get money, if they had wanted it all or just had talked straight up to me, i'd most likely have agreed to whatever they want simply to just be left alone, coz my dad was not a good man, at all so yeah, i have been under some mental strain, real world heavy surveillance i'm naive in a lot of ways, i believe in the good of people tor, privacy, openvpn, i'm just like anyone else, i don't think about it much till i don't have it airvpn has been good to me, better than i deserve, i can't buy that or even earn that
  22. Qubes OS is security focused OS. I was wondering if eddie can be ran on their network-vpn domain and if there are anything different or special when running it like that?
  23. I tried to use Qubes yesterday, but apparently my HP Z600 is not compatible. Oh well, Fedora it remains!
  24. I have tried to search but have not found a clear answer to the question in the title. What I would ideally like to do is have a second firefox profile that can browse outside of the vpn (for netflix and the occasional other site) while leaving the vpn connection and network lock active for every other application on the computer. I currently use QubesOS to achieve this (and other things), but I am looking to move to another distribution while still having the feature above. I do not care if Eddie is used for the network lock or if I need to use iptables directly (or some other way), I just do not have the knowledge to work it out myself from scratch. I would be happy with a method to let certain sites bypass the network lock, but I understand that netflix makes this very difficult or impossible to do. I have seen information regarding forcing certain applications to use the vpn while the rest of the system does not, but I do not believe those methods can be used the other way around (I do not understand enough to be sure though). Link to the only post I can find again on the subject - https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398 Thank you to anyone who can help (even if it is to say it can not be done any easier than using Qubes after all)
×
×
  • Create New...