After installing Brave on my Debian 11 template and launching it, I lost internet connectivity. I suspected that some configuration settings might be necessary, so I started researching. However, now even Debian’s Firefox cannot access the internet, and I am unable to ping any destinations. Fortunately, I can still access the internet from other templates. Is there any recommended method to restore connectivity?
Can you specify further what you mean by that? I assume you started Brave, can you explain how you did that?
Templates (called TemplateVMs in Qubes OS jargon) have no internet connectivity by design, so if you attempted to use Brave in the template, the result is not surprising.
That is not the intended use of software installed in a template, though. Instead, you should be able to launch Brave in a qube based on that template. That qube (an AppVM to use Qubes OS jargon) can have internet connectivity, and will be able to use the software that you installed in the corresponding template.
Does that make sense to you?
The Getting started section of the documentation does explain the relation between templates and the qubes that are based on them:
1 Like
Perhaps I didn’t understand your question, but you shouldn’t launch applications directly within the templates, you need to only install them there and launch within the AppVMs, otherwise you’re risking to infect your template.
You probably let 5 min internet access tot he template.
But I’m just a newbie as you, so perhaps you can wait for someone with more knowledge.
1 Like
Note that even that is not necessary to install software, and is not usually recommended.
1 Like
Thank you very much. 
I started exploring Qubes OS just yesterday, so I’m setting it up while researching. I couldn’t connect to the internet using the template, but I confirmed that I have internet connectivity in the Cube: untrusted. Thank you for telling me, I understand now.
Now that I have access to DeepL, I will gradually read through the documentation and continue with the setup. Thank you once again for your assistance.
Can you please explain?
Thank you. I haven’t thoroughly read the documentation yet and accidentally installed it in the template. I will use it in Qube going forward.
Thank you. I will now thoroughly read and study the documentation going forward.
I’m not opening a new thread because I think this is still in the scope of the initial post.
TemplateVM have no network connectivity (in Qubes OS terms, and if you look in the Qube Manager, they have no NetVM defined by default).
However, you can install software in a TemplateVM using dnf (for Fedora templates) or apt (for Debian templates) and the corresponding software packages will be downloaded from the internet. If you’re wondering how that’s possible or why that is, this page of the documentation explains it (see section: Why don’t templates have network access?):
For additional context, the page about templates is also worth reading (the Network access section links to the page above):
2 Likes
Installing software in the template (TemplateVM) and using/running software in the AppVM is the right way to go.
What you want to avoid is using software in the template.
The first of the two links I posted above explains more about that. (Both are very good starting points to understand more about this essential aspect of Qubes OS IMHO.)
Wow, so I did it wrong too. So, btw, in one of the previous threads: Need explanation on organizing qubes and installing software - #9 by gonzalo-bulnes I can also install snap in the template and then use snap packages withing the AppVM that I will clone later on? This may reduce the attack surface, isn’t?
I would open a new thread asking that question @nona! (And as for me, I haven’t looked much into snap and I don’t know!)
OK, thanks