Connecting qubes?

InQubesWeTrust · April 30, 2024, 11:50am

Just starting to get my head around using qubes.

Can someone be so kind to advise if the following can be done in qubes with or without whonix.

I want to have 4 HVM’s that the are all different .onion hidden services, with their own private and public keys. (Running on Ubuntu)

All 4 HVMs qubes will need to have access to a 5th HVM running a mysql server. This server should have no external access to the WWW or TOR.

Can this be done and if so should the hvms have their own tor service and own torrc file or should i let whonix take care of that.

Thanks in advance.

apparatus · April 30, 2024, 12:05pm

You can connect them using qrexec without network:

InQubesWeTrust · April 30, 2024, 12:19pm

I am assuming that this would work regardless of whether the qube was using sys-firewall or sys-whonix?

Are the rules applied to the sys-net???

solene · April 30, 2024, 12:19pm

you could add a netvm to that common that is common to the 4 other, but block all network traffic for it using qvm-firewall, this will ease networking between qubes but it won’t be able to do anything over the internet

solene · April 30, 2024, 12:20pm

I don’t understand why tor is involved in the setup exactly?

apparatus · April 30, 2024, 12:21pm

Yes, it’s connecting the qubes without using networking.
So your 5th HVM running a mysql server can be completely network-isolated with netvm set to none.

InQubesWeTrust · April 30, 2024, 12:33pm

Because the HVMs will be hosting a hidden service.

solene · April 30, 2024, 12:36pm

I got it, but is tor involved in the context of the 5th HVM? Is tor relevant in the context of the question?

unman · April 30, 2024, 1:02pm

There are 4 HVMs offering distinct front end onion services.
The 5th HVM can be network isolated and is only offering the backend
mysql server.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

unman · April 30, 2024, 1:13pm

I think existing answers show how this can be done, connecting the 4
servers to the backend mysql.

On the specific Whonix question the Whonix devs have asked that these
questions should go the Whonix Forum.
The docs have an
extensive section on setting up onion services in Whonix, with detailed
instructions for the Qubes case.

You have not said why you want to sue Ubuntu HVMs. You could do this
using normal template based qubes, or Whonix workstations, but perhaps
you have your (unstated) reasons.

If you need specific help with the implementation, ask away.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

InQubesWeTrust · April 30, 2024, 3:51pm

I elaborated on tor becuse i was unsure if all qubes needed to be on the same sys-whonix. Im still fresh and learning