Transition from Qubes 4.1 to 4.2 switch nftables for non-technical users what to do?

After transitioning from version 4.1 to version 4.2 with documentation, which additional commands will i have to execute ?
Will the configured vpn-qube stop working on the new version and I have to configure it again?
i’m not an advanced user or can someone explain this step by step if i don’t change these ntfables then the internet won’t work, won’t it be safe?
will whonix 17 be ready to use and all you have to do is change the template and netqube in whonix 16 machines?

Yes you have. For wireguard you could use this tuto: Wireguard VPN setup
For openvpn, you can configure it with the network manager like in the official tutorial: tuto.
For a sys-dns with dnscrypt, you can usee this tuto and replace the iptables configuration with this one: [guide] how-to setup a sys-dns qube - #57 by DVM .

I use all this tutos and it’s fine for cryptdns, with ProtonVpn and riseupVpn…


Thanks if I understand correctly these nft tables do not affect on correct work whonix gate only on vpn and clearnet ? So what’s the first step after the upgrade from these tutorial you mentioned i should do ? if i want to set up e.g. ivpn or proton vpn, then the first thing i do is all of them one by one,? or maybe for ivpn enough made like on this tutorial? IVPN App 4.2 setup guide

you understand correctly :slight_smile:

It depends on your own needs and what’s most important to you. Everyone has different needs!

Yes one by one.
I don’t use Ivpn, just Proton and riseup. One Vm for each vpn’s provider

1 Like

The guides are for using the App, this allow to easily switch the protocol/obfuscation/server. You must go through the guide for each different VPN you need to set up.

If you use a single VPN server (whatever the provider), the setup can be easier as you can just create an AppVM qube, load a downloaded config in the network manager and you are good to go.


sudo qubes-dist-upgrade --keep-running
i have a problem with this command entering two machines names after this command but at “shutdown of unnecessary VM” still show that want quit second vm like sys-firewall what’s wrong i do ? or maybe i should let off sys-firewall but i guess no

For sure you don’t.

i don’t understand why you want using this command??
Once you have create your sys-vpn, All you have to do is configure your appvm to use Sys-VPN as your Netvm. That’s it.

okay out of date, i know where the error was, you’re right and you helped me again thanks, i’ve already updated to version 4.2 and… everything works even old appvm vpn so i don’t understand if i still have to configure a new appvm with provide network option i understand that this is probably about some ip or dns leaks ? because everything works like on version 4.1

You have update to 4.2 BUT did you upgrade your template to 4.2. If you just restore your templates from 4.1, your templates are probably still running on r4.1 (that’s why everything work like old appvm).
I did the same error.
Check with cat /etc/yum.repo.d/qubes-r4.repo for fedora’s template and with cat/etc/apt/sources.list.d/qubes-r4.list for debian’s template to see if repositories have been updated to 4.2. If it is not the case, look at there: [guide] how-to setup a sys-dns qube - #68 by Tezeria and use the script that @DVM has linked. It’s very easy to use

where i should put these commands in the dom0 or in the terminal of a particular template? because "no such file or directory "

In your templates.
You download the script, you copy it in your templates, you make it executable with sudo chmod +x "*script* " .
Then you run it with sudo bash *script* (in the templates)

1 Like

I would still have a question, what if from a back up file on Qubes 4.2 I recreate machines that were from a 4.1 machine, what steps should be followed exactly to make everything safe ? it’s the same way like update manually or 4.2 clean installation have resolved some of these things.

If you only restore AppVMs from backup then you don’t need to do anything.
If you restore templates or standalones then try this:

1 Like