I had @helge’s problem as well:
I followed the Qubes documentation for opening a single TCP port to another qube, which ended up working.
Steps:
- Follow all the steps linked in the above github guide
- Do not add the
socat TCP-LISTENcommand to/rw/config/rc.localin the wallet VM. Instead, addqvm-connect-tcp ::18081torc.local(you can’t have bothqvm-connect-tcpandsocatbind to the same port, so I choose to forgosocat) - Create a TCP connect policy in dom0:
/etc/qubes-rpc/policy/qubes.ConnectTCP:
monero-wallet-ws @default allow,target=monerod-ws
- Run
qvm-connect-tcp ::18081inmonero-wallet-wsor restart the wallet VM and letrc.localhandle it
My monero wallet VM then connected to the monero daemon VM.
Please test this method to see if it works. I’m also not entirely sure why this worked, and what parts of the github guide are strictly necessary to make the qvm-connect-tcp method work. I imagine this would preserve the split-* security model because of the policy because the TCP port is only available to be used from monero-wallet-ws to monerod-ws?