Is there a way to have a reliable IP (ssh and/or VNC) connection from web to `dom0`?

Is there a way to have a reliable IP (ssh and/or VNC) connection from web to dom0?
Maybe even without additional qubes running, if possible.

I know that it goes against the Qubes OS logic.
But for my case it is a router-pc, that I want to use Qubes OS on, not because it is reasonably secure, but because it provides ability to configure network with netvm chains and ability to run proprietary software in VM without access to the host system.

In my case it is very important to be 99% sure that if the PC is running, I will be able to connect to dom0 via ssh+VNC from outside. What are the solutions? Has somebody used Qubes OS in router-pc?

P.S. I know that something related exists for whonix (connection from TOR), but I have static external IP address and want to keep it simple and reliable, without TOR. And I obviously want to have no need for manual request from the Qubes OS itself as it will be running head-less as a router.

If your system has AMT you should be able to get KVM + VNC access using mesh commander, it would also allow you to power on the device if it’s turned off.

I haven’t tried using AMT with QubesOS, but I think it should work.

1 Like

I never did that, but I often though about it.

I would make a vpn qube on which you connect from your remote system, and connect with VNC over this VPN.

1 Like

Interesting idea, but it seems that the CPU is not supporting AMT/vPro according to specs sheet.

I thought for a long time and I even bought a minipc with passive cooling to make this kind of router. Maybe you should try it, too :slight_smile:

About additional qube: yes, I can connect to it from the outside (e.g. I connected PCI ethernet controller to it), but what then, is there a reliable way to have full access to dom0 from a qube?

You should use sys-gui-vnc GUI domain | Qubes OS

1 Like

I forgot about this approach, thank you, this is a way to go in my case.