I have Qubes installed on a few machines and both times I swear there was a check box to force all dom0 AND template vm updates over tor. But I noticed template vms were still using clearnet.
Looking at the /etc/qubes-rpc/policy/qubes.UpdatesProxy file I see “#Upgrade all TemplateVMs through sys-whonix” and “#$type:TemplateVM $default allow,target=sys-whonix”. This tells me that the TemplateVMs are NOT being routed over Tor and was not set that way during installation.
While the default rule for all template vms, has an uncommented “$type:TemplateVM $default allow,target=sys-net”.
So I would need to comment out the sys-net reference and uncomment the sys-whonix reference to force all updates, Template or dom0 over tor correct?
This seems like a thing that needs to be better indicated during install, or at least more visible. I get that updates over tor, especially tor over vpn, are very slow and boring. But I was running around thinking everything was fine because I clicked a check box, and I cant be the only one.