Re: [qubes-users] Custom LAN Network with dhcpd

[Frédéric Pierret]

Hi,

Le 3/15/21 à 12:40 PM, 'Nyx' via qubes-users a écrit :

Hello,

I am trying to implement an internal Qubes LAN with HVMs that receive dhcp from 
a netvm using dhcpd. A classical network layout sort of speak. Reading Xen 
Networking makes it look possible but Qubes auto configuring the VM networking 
is being a bit troublesome for what I am trying to setup. Note that the entire 
network will be on Qubes only with no internet access.

The reason I am trying to set this up is I have some HVMs that are not getting 
an ip through dhcp and I cannot access them to set ip manually (they are 
vulnhub vms). I was thinking of just running an hvm with virtualbox but the 
limits of emulation only wont work. I read that qubes can be recompiled to 
enable nested virtualization to get that working but if there is a way to 
create a custom network that would be preferred.

Is there a way to allow a set of HVMs to get ip from a netvm running dhcp and 
communicate like a classic network?

--


You might be interested in such thing: 
https://github.com/fepitre/qubes-mgmt-salt-qubes-server/blob/devel-140320/qubes-server.png

I'm currently working on several adjustment recently (not pushed) but for you case, you 
might want to start by using usual "bridge" for which we have support of this 
in QubesOS-contrib:

dom0 component: 
https://github.com/QubesOS-contrib/qubes-core-admin-addon-bridge-device
vm component: 
https://github.com/QubesOS-contrib/qubes-core-agent-linux-addon-bridge-device

When this installed, in a given AppVM named for example "lan-net", with NetworkManager you can create a bridge interface named for example 
"br0" that will be made available as bridge device to be attached. Then, in dom0, running "qvm-device bridge" will show you the 
bridge created in "lan-net". At this point, this is exactly like USB, BLOCK or MIC devices. You can attach an AppVM named for example 
"personal" to this bridge (meaning it will have an interface that is linked into the bridge): "qvm-device bridge attach personal 
lan-net:br0". You can do that for multiple VMs, and then, you would have local classical network between several VMs. Even more, you can attach 
a physical interface into "br0" and link external network with other machines.

Notes:
 - It supports options like: "qvm-device bridge attach personal lan-net:br0 
--option=ip=192.168.0.1 --option=netmask=255.255.255.0 
--option=gateway=192.168.0.254"
 - Be careful that using standard bridge network model is NOT the Qubes model 
using NAT and based on isolation of each component.
 - You would need to probably adjust iptables if your "lan-net" has a NetVM.

I plan to make proper README and documentation describing this and also related 
Qubes-server formula soon. In the mean time I can help here or on discourse.

Best,
Frédéric

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/187fb4d0-a475-0a95-8c9f-a9b9ce3aa441%40qubes-os.org.


OpenPGP_signature
Description: OpenPGP digital signature

Re: [qubes-users] Custom LAN Network with dhcpd

[Manuel Amador (Rudd-O)]

On 28/03/2021 00.24, Ulrich Windl wrote:

On 3/16/21 4:59 PM, Manuel Amador (Rudd-O) wrote:

I have the treat for you!

https://github.com/Rudd-O/qubes-arbitrary-network-topology


Sounds nice, but maybe the README should contain shot instructions how 
to undo "attach-network-to".


Done.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb6dc255-ee30-7d0b-5552-a51f98492839%40rudd-o.com.


OpenPGP_signature
Description: OpenPGP digital signature

Re: [qubes-users] Custom LAN Network with dhcpd

[Ulrich Windl]

On 3/16/21 4:59 PM, Manuel Amador (Rudd-O) wrote:

I have the treat for you!

https://github.com/Rudd-O/qubes-arbitrary-network-topology


Sounds nice, but maybe the README should contain shot instructions how 
to undo "attach-network-to".




I'm updating the readme in the next few minutes.  More info there.

On 15/03/2021 12.40, 'Nyx' via qubes-users wrote:

Hello,

I am trying to implement an internal Qubes LAN with HVMs that receive 
dhcp from a netvm using dhcpd. A classical network layout sort of 
speak. Reading Xen Networking makes it look possible but Qubes auto 
configuring the VM networking is being a bit troublesome for what I am 
trying to setup. Note that the entire network will be on Qubes only 
with no internet access.


The reason I am trying to set this up is I have some HVMs that are not 
getting an ip through dhcp and I cannot access them to set ip manually 
(they are vulnhub vms). I was thinking of just running an hvm with 
virtualbox but the limits of emulation only wont work. I read that 
qubes can be recompiled to enable nested virtualization to get that 
working but if there is a way to create a custom network that would be 
preferred.


Is there a way to allow a set of HVMs to get ip from a netvm running 
dhcp and communicate like a classic network?

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/IUbiSSRQZ-eNLCIZh5y-81UZrPRnit3Onx2J81ZIoyhYIs0tFpNLfCPuarHsrZ2WYDKBPYpQlKCXm_-xZ5-rXJfC36oAzaMUB3Sa24YLkyk%3D%40protonmail.com 
.



--
 Rudd-O
 https://rudd-o.com/

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1b435e4-c2ac-17e6-f5e4-42d2d8ab64bd%40rudd-o.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34e40c5f-2dc4-770e-6d81-edc31544c12e%40rz.uni-regensburg.de.

Re: [qubes-users] Custom LAN Network with dhcpd

[Manuel Amador (Rudd-O)]

I have the treat for you!

https://github.com/Rudd-O/qubes-arbitrary-network-topology

I'm updating the readme in the next few minutes.  More info there.

On 15/03/2021 12.40, 'Nyx' via qubes-users wrote:

Hello,

I am trying to implement an internal Qubes LAN with HVMs that receive 
dhcp from a netvm using dhcpd. A classical network layout sort of 
speak. Reading Xen Networking makes it look possible but Qubes auto 
configuring the VM networking is being a bit troublesome for what I am 
trying to setup. Note that the entire network will be on Qubes only 
with no internet access.


The reason I am trying to set this up is I have some HVMs that are not 
getting an ip through dhcp and I cannot access them to set ip manually 
(they are vulnhub vms). I was thinking of just running an hvm with 
virtualbox but the limits of emulation only wont work. I read that 
qubes can be recompiled to enable nested virtualization to get that 
working but if there is a way to create a custom network that would be 
preferred.


Is there a way to allow a set of HVMs to get ip from a netvm running 
dhcp and communicate like a classic network?

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/IUbiSSRQZ-eNLCIZh5y-81UZrPRnit3Onx2J81ZIoyhYIs0tFpNLfCPuarHsrZ2WYDKBPYpQlKCXm_-xZ5-rXJfC36oAzaMUB3Sa24YLkyk%3D%40protonmail.com 
.



--
Rudd-O
https://rudd-o.com/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1b435e4-c2ac-17e6-f5e4-42d2d8ab64bd%40rudd-o.com.


OpenPGP_signature
Description: OpenPGP digital signature

[qubes-users] Custom LAN Network with dhcpd

['Nyx' via qubes-users]

Hello,

I am trying to implement an internal Qubes LAN with HVMs that receive dhcp from 
a netvm using dhcpd. A classical network layout sort of speak. Reading Xen 
Networking makes it look possible but Qubes auto configuring the VM networking 
is being a bit troublesome for what I am trying to setup. Note that the entire 
network will be on Qubes only with no internet access.

The reason I am trying to set this up is I have some HVMs that are not getting 
an ip through dhcp and I cannot access them to set ip manually (they are 
vulnhub vms). I was thinking of just running an hvm with virtualbox but the 
limits of emulation only wont work. I read that qubes can be recompiled to 
enable nested virtualization to get that working but if there is a way to 
create a custom network that would be preferred.

Is there a way to allow a set of HVMs to get ip from a netvm running dhcp and 
communicate like a classic network?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/IUbiSSRQZ-eNLCIZh5y-81UZrPRnit3Onx2J81ZIoyhYIs0tFpNLfCPuarHsrZ2WYDKBPYpQlKCXm_-xZ5-rXJfC36oAzaMUB3Sa24YLkyk%3D%40protonmail.com.