Hi!
I’ve search the Qubes Community but I found nothing in this regard.
Is there anybody here who is able to successfully configure RetroShare on Qubes?
I’ve tried everything mentioned in Whonix Community and on Retroshare Website to configure Retroshare. But nothing works
It seems Retroshare cannot work on Qubes.
Can anybody please help?
Regards!
Hi,
What’s your issue with RetroShare, are you able to start it or is it connection issues?
Thanks for replying.
Its the connection issue.
According to whonix community guideline I pasted follwoing in the sys-whonix tor user config:
HiddenServiceDir /var/lib/tor/retroshare/
HiddenServicePort 7812 10.152.152.11:30665
HiddenServiceVersion 3
Then I created the Retroshare profile and gave the onion service address created in sys-whonix.
In the Preferences > Nework > Hidden Service Configuration default tor socks proxy 127.0.0.1 was not working then I gave the IP address of sys-whonix (10.137.0.8) and it said Proxy seems to work.
In Incoming configuration Local address is locked at 127.0.0.1 there I gave port 30665 as mentioned in torrc.
In Onion Address I gave the onion address present in /var/lib/tor/retroshare/hostname and port 7812 as mentioned in torrc.
But tor incoming sign remain black.
Any Idea why?
I think the issue is your network setup.
You create a hidden service for 10.152.152.11:30665 (I assume it’s retroshare qube private IP address and its port?) but it’s done in sys-whonix, this implies:
I checked in Whonix community and they said I should not use the ip address given in the example but the actual Ip address of the AppVM where I am using Retroshare.
So I gave that Ip address. It is : 10.135.0.10
then in another post on whonix community they said that i should forward localhost to remote host with iptables. So I forwarded it to 10.135.0.10 with following commands:
sysctl -w net.ipv4.conf.all.route_localnet=1
iptables -t nat -A OUTPUT -m addrtype --src-type LOCAL --dst-type LOCAL -p tcp --dport 30665 -j DNAT --to-destination 10.135.3.10
iptables -t nat -A POSTROUTING -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE
Still nothing changed…
if incoming connections are all blocked by default how to unblock it???
this is not required on netvm because forwarding is already allowed (because it’s already forward packets to provide network)
are you using qubes os 4.2 or 4.1? Iptables commands should work for 4.1 but 4.2 moved to a new firewall interface named nftables.
I am using 4.2 but in terminal the command didn’t return anything that means it worked??
how to do it in nftables?
Now I’m thinking about this, I have no idea if whonix is using nftables or iptables. I guess it’s still using iptables so take a look at this guide to allow the port in retroshare qube
see Qubes OS 4.2 nftables / nft firewall guide
The forwarding part you did using iptables in sys-whonix should work I guess, otherwise iptables would have complained.
In your retroshare qube, try sudo nft add rule qubes custom-input tcp dport "30665" accept
It return this:
Error: Could not process rule: No such file or directory
add rule qubes custom-input tcp dport 30665 accept
^^^^^^^^^^^^
zsh: exit 1 sudo nft add rule qubes custom-input tcp dport “30665” accept
what’s the template used for the retroshare qube?
whonix-workstation-17
I am using it on anon-whonix
I checked it on a debian based App Vm
the command you provided worked there.
iptables doesn’t work there.
i changed the ipaddress in sys-whonix torrc to the ip of debian AppVM
but same issue is there.
in Retroshare the Local address of Incoming hidden service configuration is locked at 127.0.0.1.
I feel like it should be the address of the Retroshare AppVM instead of 127.0.0.1 but it can’t be changed in Retroshare.
whonix workstation allowed to forward packets from 127.0.0.1 to another ip
but on debian AppVM iptables don’t work. So how to do it there?
in retroshare qube, you need to NAT the port to 127.0.0.1 (instead of routing it to another qube). This is in addition to allowing the port.
I am sorry, how should I do that?
try
iptables -t nat -A OUTPUT -m addrtype --src-type LOCAL --dst-type LOCAL -p tcp --dport 30665 -j DNAT --to-destination 127.0.0.1
done it.
still same issue 
Now Outgoing connection is working on 127.0.0.1 on port 30665 but incoming is still not working
btw how to do it in debian AppVM where iptables doesn’t work?