Can each VM connect to individual WiFi Networks and run simultaneously?

Wondering if it’s possible to connect each individual VM to a separate WiFi Network/SSID?

For example, i have 5x WiFi Networks with their own SSIDs:
WiFi-SSID01, WiFi-SSID02, WiFi-SSID03, WiFi-SSID04, WiFi-SSID05

If I create 5x VMs within Qubes-OS, for example AppVM01, AppVM02, etc…

Is it possible to connect AppVM01 to WiFI-SSID01 wifi network, and AppVM02 to WiFi-SSID02, etc etc… ??

Essentially i want to give each VM their own dedicated network on my LAN, over WiFi… does this mean i need a physical WiFI adapter for each VM WiFi Connection?

(alternatively, i’ll just create VLANs over hardwired ethernet that’s presented to sys-net VM, then the firewall can hand out each VLAN to respective VM)…

Thanks

yes you need a physical device for each network

edit: seems I was wrong! Thanks everyone for sharing your knowledge :star_struck:

1 Like

You can try to create virtual interfaces for your WiFi controller in sys-net, connect your AppVMs to sys-net and configure routing in sys-net so each AppVM will go through their own interface.

3 Likes

As Solene mentioned earlier, it is very well possible to do it if you have multiple network interfaces (PCI or USB).

Theoretically implementing it via one interface is still possible as apparatus mentioned. There are some physical and technical challenges to it. WiFi network interface should support spatial streams. You can query it via iw phy phy0 info in NetVM. and adding new virtual interfaces should be possible via iw dev phy0 interface add …. And Finally writing the necessary routes and nftable rules to properly forward packets between gateways and connected qubes. But it will be a headache.

Physical limitations will be network interface hardware. If it is a single band interface, the SSIDs should be all on the same frequency. You might be lucky and have a MIMO card.

1 Like

Having said that, it would be cool if we develop a tool to create virtual interfaces and present them via device manager to individual NetVMs. For the ease of use.

2 Likes

Thanks for your comments.

For hardware, i was looking at the NV41 Series 14 inch coreboot laptop with Intel AX-210/211 NIC…

My concern with the virtual wifi interfaces, would this increase risk of traffic spilling into other VLANs/Networks that’s not intended for particular AppVM or even sys-net itself

basically i want to route everything within AppVM to specific WiFi SSID network…

maybe dedicated wifi NICS for each AppVM would be easier to setup, manage and secure?

Yes. But please take into consideration that similar technique is used by many well established vendors. If you could not trust this technique, you will not be able to trust Mikrotik, UniFi, OpenWrt and many others.

Yes. Sure.

1 Like

in terms of NIC hardware that’ll support connection to multiple SSIDs, is there any particular NICs better for this than others?

i’ll be looking at buying a certified prebuilt Qubes-OS device

I am not very updated on the latest and best NICs. I can not tell you the exact device to buy. But I can tell you what devices to avoid. Refer to this page for example:

If it says Non-free Firmware required, do not buy it. If it does not support a/b/g/n/ac/ax, do not buy it. If it does not support WPA3, do not buy it. If it does not support Monitor mode or AP mode, most probably do not buy it (you might need monitoring mode or access point mode some day).

There is also a similar page on Kernel wiki.

p.s. It appears that I might have ruled out almost everything. So there should be at least one compromise somewhere.

1 Like