Hey folks,
my company installed their own internet and switch in my home. So, I was wondering if is possible:
If so, anyone has a receipt make it possible?
Of course it is possible. Just create 2 sys-net qubes, for example: sys-net-home and sys-net-work, attach respective device to each, and set correspondent netVM to personal and work qube.
This is all what Qubes exactly is for.
Note that you will have to make sure each qube has the correct network qube set, individually.
Watch out, though, for updates. Without the correct settings, if there’s no qube named sys-net or sys-firewall, they will be automatically re-created when you do an update. The new sys-net qube will probably try to take control of all of your network devices, causing a lot of problems.
For several months I did as tempmail suggested, but had to leave my home wifi qubes named sys-net and sys-firewall so that this wouldn’t happen. Then I changed something to fix that. I tried to figure out how I set this not to happen, but couldn’t make sense out of what I saw on my system.
I am not aware of any automatic sys-net or sys-usb recreating. It is true that in Global settings and in 90-default.policy and other correspondent RPC policies, entries should be updated following qubes name change.
As I can see, my personal qube uses sys-firewall as NetVM; sys-firewall uses sys-net as NetVM. If a create a new sys-net do I must create a new sys-firewall?
And what about anon-whonix qube? It uses sys-whonix as NetVM, that uses sys-firewall that uses sys-net.
Do you have a step by step or a doc?
I have cloned sys-firewall, sys-net and called them sys-firewall-usb and sys-net.
I put anon-whonix with sys-net-usb NetVM and ran well, but I have to shutdown sys-net and sys-firewall.
As I tested, sys-net/sys-net-usb and sys-firewall/sys-firewall-usb can’t tun together.
sys-net and sys-net-usb cannot use the same devices. You’ll have to go into the settings for both and make sure they use different devices.
The firewall qubes shouldn’t have an issue with this, they can use different network qubes or the same one.
Yeap! That was clear for me after the test that I did.
But I’m still looking for the right configs to do. A step-by-step would be nice if you know where I can find one.
Found this but it’s from 2011 The Invisible Things Lab's blog: Playing with Qubes Networking for Fun and Profit
How can I delete PCI wifi card from sys-net-usb and replace for usb?
Device tab in Settings is not allowed
I don’t know why your Devices tab is grayed out. Maybe related issue:
Start failed: Requested operation is not valid: PCI device 0000:00:14.3 is in use by driver xenlight, domain sys-net, see /var/log/libvirt/libxl/
libxl-driver.log for details
I interpret that error message as: the qube you’re trying to start (presumably sys-net-usb?) cannot be started because you’ve assigned PCI device 0000:00:14.3 to it, and that PCI device is currently in use by sys-net.
I’d try shutting down sys-net and trying again.
As you figured out and @SteveC said:
That means that you need to make sure the qubes are stopped until you’re done re-assiging PCI devices.
Yes, @gonzalo-bulnes ! You are right about the interpretation of the erro message. Everything proposed by you works, except the fact that sys-net and sys-net-usb can’t Start and keep running at same time.
On sys-net-usb I must remove (dettach) PCI device 0000:00:14.3 (that is my PCI Wifi Card) and add (attach) USB Wifi Dongle.
But I couldn’t run this test yet, because of errors below:
Then i tries:
[root@dom0 lstavares84]# qvm-pci d sys-net-usb dom0:00:14.3
Traceback (most recent call last):
File "/usr/bin/qvm-pci", line 5, in <module>
sys.exit(main())
File "/usr/lib/python3.8/site-packages/qubesadmin/tools/qvm_device.py", line 291, in main
args = parser.parse_args(args, app=app)
File "/usr/lib/python3.8/site-packages/qubesadmin/tools/__init__.py", line 411, in parse_args
subaction.parse_qubes_app(self, namespace)
File "/usr/lib/python3.8/site-packages/qubesadmin/tools/qvm_device.py", line 200, in parse_qubes_app
dev = vm.devices[devclass][device_id]
File "/usr/lib/python3.8/site-packages/qubesadmin/devices.py", line 282, in __getitem__
for dev in self.available():
File "/usr/lib/python3.8/site-packages/qubesadmin/devices.py", line 235, in available
self._vm.qubesd_call(None,
File "/usr/lib/python3.8/site-packages/qubesadmin/base.py", line 76, in qubesd_call
return self.app.qubesd_call(dest, method, arg, payload,
File "/usr/lib/python3.8/site-packages/qubesadmin/app.py", line 765, in qubesd_call
return self._parse_qubesd_response(return_data)
File "/usr/lib/python3.8/site-packages/qubesadmin/base.py", line 89, in _parse_qubesd_response
raise qubesadmin.exc.QubesDaemonAccessError(
qubesadmin.exc.QubesDaemonAccessError: Got empty response from qubesd. See journalctl in dom0 for details.
Same issue as the one above:
You can try to disable Intel Volume Management Device (VMD) in BIOS.
qvm-pci d sys-net-usb 00:14.3
qvm-pci: error: no backend vm '00'
qvm-pci d sys-net-usb 0000:00:14.3
qvm-pci: error: no backend vm '0000'
Sadly I have no idea how PCI device are named, and don’t know what the BACKEND is supposed to look like in this case. I would have tried the same things you’ve tried. 
I take note that dom0:00:14.3 seems to progress further! 
@disp6252’s suggestion is a lot more promising than anything I can think of at this point. It seems like the issue linked in their post does indeed match closely the error printed by:
qvm-pci d sys-net-usb dom0:00:14.3
It works, mate!
Now devices is unlock.
Now I will try others commands to split network here.
Once I read “Experimentation is the arduous task of discovering how simple it is!” 
Problem solved! Piece of chocolate cake! Thanks @disp6252 and @gonzalo-bulnes
Here the step-by-step:
