QubesOS causes unstable LAN, general dissatisfaction with QubesOS

Hello. Whenever QubesOS is running on a machine in my network, the network becomes unstable. All connected devices frequently lose connection for around 30 seconds, speeds are slower overall. The QubesOS installation is in stock configuration. My home network runs on an ISP provided router which doesn’t have great debug capability.

QubesOS has been nothing but problems for me and I find it unusual that no one is replying to my posts. I have posted about multiple severe issues in the past few days and none of them have been noted. I’m certain that the issues aren’t caused by user error. I know the Qubes documentation pretty much by heart. I vigoriously research past forum topics, the mailing list, and the web, I read books about computer programming and DevOps. Setting up a VPN, for example, is an issue that has plagued the majority of the community for years. There doesn’t seem to be consensus about how to properly set this up, even though it has been discussed in dozens of topics and it shouldn’t be difficult. It’s just iptables. I have personally taken on the endeavour of trying to setup a VPN. I have five different versions of rc.local, qubes-firewall-user-script, OpenVPN configs, and related scripts yet none of them really work. DNS doesn’t work on most of them, on some I can use the tunnel on the VPN gateway but not through any connected qubes, on one everything works but I get frequent timeouts and it’s a bad experience. Most of the issues I could solve if I had better knowledge about Qubes internals and I’ve searched through the code base and related issues/user projects/commits yet it doesn’t help. Seems like networking in Qubes is a clusterfuck that is very underdeveloped and hostile to the user. Qubes always seems hostile to the user even though it is supposedly catered to people who should know what they’re doing and know not to do something that compromises their security/privacy/anonymity. Like chaning the settings of the Tor Browser in a disposable VM has been made unnecessarily difficult. It is very rare that a Qubes maintainer offers advice, though it would be very helpful since the problem is more often than not that people don’t know how Qubes works internally (almost nothing is documented). If QubesOS has an issue about not having enough maintainers it should be publicly announced since lack of maintenance is a potential security risk. I see that Qubes is certainly active certifying Laptops for use with Qubes. I have a bad feeling about Qubes since it often comes up that it runs on bad coding practices, for example qubes-core-linux-agent is often called a dumping ground for random code and unmaintanable.

This is not a bad faith post. I hope it doesn’t seem like one. Running Qubes has been a terrible experience for me and I get neurotic using it. I will most likely stop using it and use a distribution that is easier to understand. My needs are simple but even that I couldn’t achieve it with Qubes. In the end using something that you understand is probably more secure than trying to fight against Qubes’ idiosyncrasies. Running Qubes is like trying to understand a black box.

You couldn’t be more wrong about the amount of help the devs provide to the community.

Most problems are not directly related to Qubes OS, and you can get the answer by googling the question if you replace Qubes with Linux.

Qubes is definitely a complex system compared to other distributions, and if you’re really into customizing your system and isolating as much of the pieces as possible, it can be a pretty big time sink and start to become a daunting task. Reminds me of this joke in the Haskell community that in most programming languages you learn “Hello, World” first, but in Haskell it’s the last thing you learn. In Qubes, the simple stuff like configuring a browser or setting up a VPN is complex, while the complex stuff like VM communication and creating isolated environments is easy.

One of the great things about Qubes though is that you have better control over the security-usability tradeoff. For example, StandaloneVMs work very similar to your typical linux distro since they don’t have a volatile root. You can install and configure software in these VMs in a way that is already familiar to most linux users. Of course, you won’t get all of the security benefits this way, but you can still achieve pretty good security and isolation. And, down the line if you want more security and are willing to trade off a bit of usability, you have this flexibility with Qubes.

You’re referring to the Tor Browser in the whonix templates, correct? Whonix templates are technically community templates. The Whonix community would need to provide and maintain the docs for this use case. They do have some docs for modifying the Tor Browser settings, but its a bit scattered. The Tor Browser profile is copied from /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/ and needs to be modified in the Whonix template. However, modifying the settings is discouraged as it adds a very slight deanonymization risk.

If your VPN provider has a client for configuring the VPN, you can always use their software in a StandaloneVM and use that as a netvm for other qubes.