Upgrade netVM over Tor

Good day
I don’t know if I have to ask this here or in qubes mailing list.
I want to upgrade and install application in netVM over Tor. Is it possible or I made a stupid question? :grin:

Thanks in advance for the answers

directly:
Probably not possible as far as I know. Feel free to ask this on the
qubes-users mailing list if my answer does not suffice. You never know
if someone else has another idea.

indirectly:
Yes. Install the application inside the TemplateVM which the NetVM is
based on. That TemplateVM can use sys-whonix as its ProxyVM.

Can this apply also for downloads?

Since all TemplateVM traffic would go through sys-whonix, therefore be
torified, that applies to all kind of network traffic.

So this method could be used to anonymously install packages into the
TemplateVM so these end up in the NetVM.

However, the NetVM itself will by definition always at some point
connect to clearnet. There is no way to skip connecting through your ISP.

I may be wrong but I think OP wants to know if he can download files to his NetVM anonymously by using his TemplateVM over Tor.

Literally: yes you can - as long as you save the files to a directory outside of /rw/ (which includes /home/user/). And then reboot NetVM.

Practically: no you shouldn’t.

  1. Bad security practice to be downloading untrusted files to any TemplateVM
  2. Very inconvenient. For downloading, use a workstation, or better, a disposable VM and then qvm-copy-to-vm netVM files . See qubes-os.org docs.
1 Like

Good day
I have just download one file, this option seems very good [quote=“entr0py, post:5, topic:2460”]
For downloading, use a workstation, or better, a disposable VM and then qvm-copy-to-vm netVM files .
[/quote]
Do workstation and appVM called anon-whonix offer the same security and anonymity? Because I never run workstation or gateway, I use sys-whonix like gateaway and anon-wonix like workstation

If by “workstation” and “gateway” you are referring to the TemplateVMs; and “sys-whonix” and “anon-whonix” are referring to AppVMs, then read this first:

AppVMs have a nice property that their root filesystem is non-persistent, so if you install a junk app, it should be gone after reboot. (If you need persistence, the proper way is to create a StandaloneVM based on the Template - don’t use the Template itself).

Good day
Last things
I have connect proxyVM, with my vpn, to sys-whonix but opne an error message with this line
Error starting VM: invalid argument: network device with mac … already exist
How can I solve it?

Please search first. Already discussed.

Error starting VM: operation failed: device matching mac address 00:16:3e:5e:6c: