I am trying to set up a ‘sys-vpn’ qube which works correctly as the update proxy instead of ‘sys-net’ to hide my IP when I update my Templates. I have activated the ‘qubes-updates-proxy’ service in sys-vpn, but it doesn’t seems to work.
When I tap the command
qubes-prefs updatevm
I have sys-vpn.
When I tap the commands
qvm-service -l sys-net
qvm-service -l sys-vpn
only sys-vpn has ‘qubes-update-proxy’ service on.
But when I close sys-vpn, I am still able to update my Templates. And if i close all my VM and I try to update a Template, it will only starts sys-net.
What I am missing ?
I am using wireguard as VPN, maybe it could help, but i don’t think so. I am on Qubes 4.1.
qvm-prefs is taking a qube name as an argument, do you mean you have a qube named update-vm? I can’t find a qvm-prefs attribute named update-vm either.
I didn’t try, but it seems the update proxy is defined in /etc/qubes/policy.d/90-default.policy in dom0, it defaults to sys-whonix for qubes tagged whonix, otherwise it’s sys-net.
The README file in this directory says that any change should be made in a custom file, like /etc/qubes/policy.d/30-user.policy to override the settings.
: