Allowing an outgoing connection from Dom0

AWhite · November 15, 2023, 2:44am

Hi folks,

Trying to get a tunnel or connection into a VM from Dom0.

I know you can do a connection from a Qube into Dom0, but I want to be able to get a connction out to one of the guests.

What is the best way to achieve this please?

So I have to get the guest to establish the connection to Dom0 and set up a tunnel? Or is there a way that is already set up in Qubes to allow this?

Hope you can help.

Sincerely,
A.

apparatus · November 15, 2023, 4:48am

What exactly do you want to do with this connection?
Maybe qvm-run will be enough?

AWhite · November 15, 2023, 5:36am

No, needs to give Dom0 a connection on a port to the guest itself. Just a pipe between the two essentially.

AWhite · November 15, 2023, 5:47am

I am currently trying to get the Dom0 Remote Session working to trial that to see if that methodology will function the way I’m hoping.

AWhite · November 15, 2023, 5:52am

But that isn’t seeming to work either… Can’t get it to work properly at least…

AWhite · November 15, 2023, 6:13am

And yes, it would be easier if I could connect Dom0 to a networking VM. Then I could at least have it working easily along with as much protection as I want. So it would only be 1 port open for 1 IP address…

I don’t see much of an issue there.

apparatus · November 15, 2023, 6:18am

You can connect to your qube with qvm-run, e.g.:
In your testqube run:

nc -l 12345

In dom0 run:

socat TCP-LISTEN:54321 EXEC:"qvm-run --pass-io testqube 'socat STDIO TCP:localhost:12345'"

In dom0 run:

nc localhost 54321

And you can see that the connection works.

AWhite · November 15, 2023, 6:34am

SOCAT says "exactly 2 addresses required (there are 3) "

apparatus · November 15, 2023, 6:39am

Did you copy/type the command correctly? Double check it.
It works for me in Qubes OS 4.2.

AWhite · November 15, 2023, 6:41am

I even created a new guest called “testqube” for it… so yes.

AWhite · November 15, 2023, 6:43am

I’m running 4.1.1 (R4.1)

apparatus · November 15, 2023, 6:45am

What’s your socat version in dom0?
socat -V

AWhite · November 15, 2023, 6:46am

1.7.4.1

apparatus · November 15, 2023, 6:47am

I still think that you have typo somewhere in the command. Maybe you have a space somewhere or missing quotes?

apparatus · November 15, 2023, 6:48am

I have socat version 1.7.4.2 so it shouldn’t differ.

AWhite · November 15, 2023, 7:14am

I have tried it EXACTLY the same and with the quotation marks and talks marks the opposite way around.

socat TCP-LISTEN:54321 EXEC:"qvm-run --pass-io testqube ‘socat STDIO TCP:localhost:12345’ "

and

socat TCP-LISTEN:54321 EXEC:'qvm-run --pass-io testqube “socat STDIO TCP:localhost:12345” ’

AWhite · November 15, 2023, 7:17am

I ran a full update, and it still on Qubes 4.1

apparatus · November 15, 2023, 7:27am

What if you try to run this command in dom0?

socat TCP-LISTEN:54321 EXEC:"nc -l 12345"

AWhite · November 15, 2023, 7:33am

works fine

I can’t upgrade to Qubes 4.2, it won’t install.

Installer says “Error setting up base repository” …

AWhite · November 15, 2023, 7:49am

What would be the easist way to just set up a network pipe or attach Dom0 to a virtual network?