A simple way to start (without reinstalling) is to clone the existing sys-net. Be sure to open settings for the clone and turn off the “Start qube automatically on boot” - this is wise for any experiments like this.
Then I can make the clone into a disposable template, and make a disposable sys-net2 based on it. You will probably need to add any pci devices to it again - now it is really useful to verify that “Start qube automatically on boot” is turned off. If the wrong devices are added, it can make you lose access to the desktop or even crash the computer. It is very annoying if that happens every time the computer starts.
Then it is just to find a way to switch firewall/whonix to some other “dummy-net” net qube, shutdown the original sys-net and make sure the new one can start, and switch firewall/whonix over to the new one. If the new disposable sys-net2 doesn’t start, then firewall can be put back to the original sys-net, while you work out what went wrong.
It’s a bit more than 15 seconds - for me - but not much more. The “dummy-net” qube avoids shutdown of firewall and everything using firewall, because it isn’t possible to have two qubes running that use the same hardware.
Making a pristine new sys-net-clean will require any passwords and wifi configuration to be put into a new disposable template, but it doesn’t have to be very disruptive once the “dummy-net” switch is working…
[Edit 20250228 to add warnings about avoiding autostart when experimenting]
You have to make sure you use an appropriate template, with correct
qubes packages, and relevant services enabled. You can do that, (as
Solene’s guide shows) - salting does it for you
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I’ll update the guide to explain how to use Salt for both setup, but I think I’ll keep the click-by-click guide aside for users who may want to understand the process.
Running a command in a terminal may make some users anxious because they just don’t understand the terminal while some other users may just fear what the salt command will do to the system, not because it’s malicious but because it will do things with qubes. Maybe running salt in testing mode before hand could be a suggestion in that guide to review what will be done.
There is the Debian and Fedora and Whonix-GW.
They are all appropriate templates if you are using the templates from Qubes.
I have the standard Debian 11 and 12xfce templates. They work just fine and they don’t try to do weird things like the salt does. (from what I have read in the code)
I literally just create a disposable vm that uses a template, attach the NIC to it, set it as providing network, and I’m done.
After that it’s just a matter of assigning the guests to talk through it.
When it starts, I just have a script that configures the network in it.