Purpose and usage of visible_ip?

qubist · December 27, 2025, 8:35am

Hi,

The man page of qvm-prefs says:

       This   list   is   non-exhaustive.   For   authoritative  listing,  see
       --help-properties and documentation of the source code.

Neither --help-properties, nor the dev doc explain the purpose and possible usage of visible_* network properties.

Where can I find info about that?

barto · December 27, 2025, 8:43am

Strange coincidence… I was wondering the same last week… and found this on the same doc page that you linked:

set_mapped_ip_info_for_vm(*vm* )

Set configuration to possibly hide real IP from the VM. This needs to be done before executing ‘script’ (/etc/xen/scripts/vif-route-qubes) in network providing VM

[source]

qubist · December 27, 2025, 7:12pm

@barto

Thanks for the feedback.
I wonder what is the assumed goal of hiding real IP address from the VM.

marmarek · December 27, 2025, 10:05pm

This way you can have several VMs that think they have the same IP (for example generic 192.168.1.1), but networking still works without conflicts.

qubist · December 28, 2025, 12:15pm

@marmarek

Is it just for conflict prevention? Any other supposed usage?

Just trying to figure possibilities.

unman · December 28, 2025, 12:44pm

Also allows you to hide true internal IP in case of compromise.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

qubist · December 28, 2025, 1:09pm

@unman

Also allows you to hide true internal IP in case of compromise.

Yeah, I thought about it already, but in that case wouldn’t it make sense that all VMs hide it by default?

unman · December 30, 2025, 2:36pm

By default, to what?
All qubes? To what benefit?
As a security measure, the only benefit I see is hiding the 10.137 and
10.138 giveaway but this is very minor - so many other Qubes tells.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

qubist · December 31, 2025, 9:36am

@unman

By default, to what?

10.0.0.1, or 192.168.0.1, or whatever safe value in regards to a case of potential compromise.

All qubes? To what benefit?

Not “all” as in “all” but as in “all by default”.
Benefit - the same one you mentioned.

Atrate · January 2, 2026, 8:43pm

Also seems… difficult to even use it:

user@dom0 ~ % qvm-prefs test visible_ip 192.168.1.1
qvm-prefs: error: property 'visible_ip' on AppVM instance cannot be set

test is a ProxyVM here. Also did not work when it was NOT a ProxyVM.

qubist · January 3, 2026, 10:53am

@Atrate

Have you opened an issue?

Atrate · January 3, 2026, 10:55am

No, as I assume I’m just using it incorrectly. The complete lack of documentation does not help in using it the way it’s intended, though

DVM · January 3, 2026, 11:16am

The right way to change this value is with qvm-features like so:

# Example with 192.168.0.100
qvm-features <qube> net.fake-ip 192.168.0.100

Which returns:

qvm-prefs <qube> visible_ip 
192.168.0.100

Doc: qvm-features – manage domain’s features — Qubes Admin client mm_9c733d84-2-ga5ea121 documentation

Atrate · January 3, 2026, 11:23am

Nice, this seems to work, thank you!