LocalSend

User Support General
1

Hello! Has anyone used LocalSend with Qubes? I installed it via Flatpak but it doesnt see, and cant be seen, by any other devices. It’s on the same local network. There is probably something I missed, does anyone have any pointers please? Ques 4.2, Fedora 38 xfce.

Cheers…

2

It’s only in the same network if you’re running it directly in sys-net.
Otherwise it’ll be behind multiple routers e.g. sys-net, sys-firewall, etc.
So you need to forward the ports needed by LocalSend from sys-net to the qube where you run LocalSend:

3

Thank you for your reply. I will look at this tomorrow. It looks way above my head though…

4

Hi @mmmm,
you need to forward LocalSend’s application port 53317 to your target qube. I am using below script named localsend_forward.sh from within sys-net:

#!/bin/sh
if_lan=<your LAN network interface> # see ip -a
ip=$(ip -f inet addr show $if_lan | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
port=53317

case $1 in
  start)
    qvm-connect-tcp ::$port
    iptables -w -I INPUT 5 -d $ip -p tcp --dport $port -m conntrack --ctstate NEW -j ACCEPT
    ;;
  stop)
    pkill -f "socat TCP-LISTEN:$port"
    iptables -w -D INPUT -d $ip -p tcp --dport $port -m conntrack --ctstate NEW -j ACCEPT
    ;;
  *)
    >&2 echo "usage: $0 start|stop"
    exit 1
    ;;
esac

Execute this script on startup of sys-net, e.g. /usr/local/bin/localsend_forward.sh start. Then, add a policy for the target qube:

qubes.ConnectTCP +53317 sys-net @default allow target=<your-localsend-qube>

Btw: Has anyone figured out, how performance of LocalSend can be optimized when running in Qubes? It goes heavy on CPU for a minute or so after startup in the “Receive” tab. My guess would be unneeded networking polling requests due to special Qubes environment. Or is it similar in non-Qubes systems?

5

@etaz, thank you so much for taking the time to help me! I appreciate it.

I wonder if you could just clarify how and where I put this? I’m very sorry… although I have been running Qubes for a while, I really have difficulty understanding anything outside of the basic gui!

Could I please trouble you for a very ‘laymans’ explanation? I’m sure it will also help future ‘newbies’ looking at info on the subject.

Thank you again.

6

Basically, there are three things to do:

  1. Save the script in sys-net.
  2. Configure qubes policy to allow LocalSend port forwarding.
  3. Execute script either manually or automatically at startup .

Re 1:
Just put this script somewhere in the qube where your LAN controller is in - most probably sys-net, if using default names. Preferred location is /usr/local/bin/localsend_forward.sh, as the script needs root permission and needs to have a persistent location in the AppVM. Adjust the LAN interface name by looking up via ip a in sys-net. If you don’t know what an interface is, just put your device IP after ip=...:

# leave this alone
#if_lan=<your LAN network interface> # see ip -a
ip=x.x.x.x

Re 2:
Add above policy line in /etc/qubes/policy.d/30-user.policy and pay attention to replace <your-localsend-qube> by the qube name, where you have installed LocalSend app. Same as above, sys-net needs to be the name of your NetVM with LAN controller (sys-net in example). You can use the policy editor with Qubes 4.2.

Re 3:
Having met point 1,2 you can either start script manually to get LocalSend going temporarily (you need root, as iptables requires superuser permission):

/usr/local/bin/localsend_forward.sh start
# ... when done with LocalSend, stop forwarding
/usr/local/bin/localsend_forward.sh stop

Or enable port forwarding permanently for LocalSend, by adding first line in /rw/config/rc.local of your sys-net (again, adjust name) qube.

7

@etaz, Thanks again!

Ok, I have done this in terminal. I made the new directory and I have used nano to put the script in

I dont really understand this. I used ip a in sys-net terminal, but i dont understand the results. is it the same ip that I will find in the qubes manager next to the sys net qube?

Once i find the IP, I’m not sure where you mean me to put it.

if_lan= # see ip -a
ip=$(ip -f inet addr show $if_lan | sed -En -e ‘s/.inet ([0-9.]+)./\1/p’)
port=53317

Is it in the above code

IP=#here?# $(ip…

Sorry once again!! I’m not great at this type of thing and I’m worried about breaking things. I never know how to reverse mistakes!!

8

Ok, I muddled through, and I got it working! Thank you so much!

Unfortunately it only works one way (qubes to devices). I had to manually add the IP as a favourite. It didn’t self detect it. Unfortunately that doesn’t work the other way round, I’m not sure why.

1 Like
9

Are you using VPN on other devices?
Concept of Localsend is files sharing on same local network devices.
Probably your Qubes os PC is connecting to router through wired, so Qubes os can self detect other devices.
But your other devices are using VPN, and they connect to router through wi-fi, Localsend on them can not recognize on same local network devices.
If they are on same local network, Localsend on wired connecting device is recognize other devices, but if they use VPN, Localsend on wi-fi connecting devices can not recognize other devices.
Because router can know wired network (If it use VPN), but router can not know VPN over wi-fi network as same local network.

Problem of your issues is most likely it.
If you stop to VPN on other devices, Localsend on them are able to self detect your Qubes os PC, but using you Localsend is known from ISP in this way (ISP can know using you Localsend, but ISP don’t know your sent files).
Concept of Localsend is guarding privacy, you hope to continue to guard your privacy, you should be manually add IP of other devices.

This is not only Qubes os issues, Localsend is working as designed.

10

Glad you figured it out :slightly_smiling_face:

Yes, IIRC I also encountered problems in discovering other devices the first time. But I am not sure, if this is Qubes-specific or a general LocalSend issue.

What helps in every way:

  • Add the static IP manually in the favorites (needs to be done only once).
  • Restart LocalSend of all devices after you enabled port forwarding, so polling starts again.
  • It does not matter, if the device is connected via wired or wireless network, but network should be the same (note @scales comment about VPN)

With this setup, I am able to receive and send between all devices.

11

Even without a vpn on the other devices, I cannot see the qubes instance.

I’m testing on an iPhone, an iPad, and a Qube. The iDevices see each other fine but cannot see the qubes device. If I type in the IP displayed on the qube into either iDevice, I get an error. Same with the hashtag. If I use the qubes device, I cannot see any other device, but I can type in the IP address and it works for sending.
The received hashtag is different than the actual hashtag, but that’s not recognised either.

12

Are you sure to use the IP for the LAN interface of Qubes device? This IP should like

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Qubes also manages its own virtual network, whose IPs look like 10.138.x.x. Don’t use these, that is a Qubes-internal address only. If using ip a, also don’t look at vif, these are internal as well.

13

For localsend, I used the IP that was indicated within the app…

**EDIT- oh yes, I see the IP indicated on LocalSend for the qube is in fact the local qubes generated IP 10.137.x.x. So how can I find the IP I need to use for LocalSend?

14

Most simple probably is to right click on NetworkManager applet in status bar (icon with two computers) → Connection information. Or look up device in your router. Or more technical, ip a in sys-net and search for the entry not being lo / vif (likely ethx / ensx).

1 Like
15

Thanks again for your help. However, I must have done something wrong with setting something up. None of these ip addresses seem to work, no matter which I try.

Right clicking on the network icon gives me loads. I’m connected by wifi, and although I have a VPN runnung, the qube with LocalSend in it is connected via default sys-firewall.

This is frustrating! I also tried with KDEconnect which I cannot get to work either, so its def not the particular app, rather my setup.

16

@mmmm Two last tipps I can think of given your provided information:

1.) Above script was written for Qubes OS 4.1. With installation of v4.2 I just noticed, that iptables has been dropped in favor of nftables (sorry). iptables apparently stills exists in the Fedora 38 Xfce template, but not in Debian 12 Xfce template. So I guess, it depends on what template sys-net has on your system.

Below script works for me in 4.2 using nft:

#!/bin/sh
if_lan=<your LAN network interface> # see ip -a
ip=$(ip -f inet addr show $if_lan | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
port=53317

case $1 in
  start)
    qvm-connect-tcp ::$port
    nft add rule ip qubes custom-input ip daddr $ip tcp dport $port ct state new accept
    ;;
  stop)
    pkill -f "socat TCP-LISTEN:$port"
    nft flush chain ip qubes custom-input
    ;;
  *)
    >&2 echo "usage: $0 start|stop"
    exit 1
    ;;
esac

Note: You should adjust the line nft flush chain ip qubes custom-input if you have other port forwarding rules you want to keep, when stopping this script.

2.) As you mentioned VPN usage: pay attention to not use localsend with VPN. This should look similar to:

localsend --netvm--> sys-firewall --netvm--> sys-net --> LAN
17

Well thank you so so much for the help. I still can’t get it working unfortunately - sorry to waste your time like this!

I don’t think I am putting the correct ip address in, but I can’t seem to find it. Plus, every time I restart sys-net, the ip changes anyway. I have found this ip by right clicking on the wifi icon.

I have clearly got something wrong or misunderstood something. The qube containing Localsend is attached to sys-firewall for its net qube, perhaps that’s incorrect?

I have checked with ipleak and the localsend qube definitely isnt going through my vpn. I set that up in a standalone qube for the protonvpn app, and every qube want going through that I attach to that ‘sys-vpn’. That seems to all be fine.

I just dont fully understand, and especially as I can send my devices things from qubes, just not the other way round…

Anyway, thank you again. Don’t worry anymore, I’m think I’m going to give up because its really annoying and clearly above my head!

18

I still wrote this.

You may use VPN on Qubes os, LocalSend can self detect your other devices.
But if you use VPN on mobile device, LocalSend on it is can not self detect your Qubes os.

If it is not danger for you, you stop VPN on mobile device, so LocalSend on them is self detect IP of your Qubes os.
And you check IP of Qubes os displaying on LocalSend of your mobile device, after restart VPN on mobile device, you add IP yourself of your checked Qubes os, you can use LocalSend.
LocalSend works following as designed.
But this is if you use LocalSend on AppVM, if you hope to use on disp-VM, you must check and add IP of Qubes os every time you use LocalSend.
Because IP of disp-VM is change every time it runs.

19

@scales thanks for the advice, as I wrote below, Vpn on or off makes no difference to my issue.

And in fact it’s just my devices that cannot see qubes. The qubes instance can see my devices. I think it’s a simple matter of my not being able to identify the correct IP for qubes, as ridiculous as that sounds.

20

One: LocalSend on Qubes os can see iPhone and iPad, but LocalSend on iPhone and iPad can not see Qubes os.
Two: LocalSend on Qubes os can not see iPhone and iPad, but Localsend on iPhone and iPad can see Qubes os.

Is your issue one or two?
Case of one, LocalSend works same to on Windows and Android, this is not issue.
If case of two, this is possible issue of on only Qubes os.