Okay, so long story short I’m configuring some stuff in a custom VPN Qube.
90% of stuff works but I need dnscrypt to be listening on localhost and eth0
Normally I’d do something like
listen_addresses = [‘127.0.0.1:53’, ‘eth0IP:4444’]
in the dnscrypt config (that’s how I did the tricks back in Qubes 3.x days
Now porting my setup to 4.1 (it’s been a while since I needed that particular VPN setup) I notice that Vif and eth0 now seem to have same IP
sudo ifconfig in the Qube gives stuff like
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.0.30 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::2ee:eeff:fe5d:6c10 prefixlen 64 scopeid 0x20
ether 00:ee:ee:5d:6c:10 txqueuelen 1000 (Ethernet)
RX packets 189 bytes 61227 (59.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 197 bytes 23684 (23.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 34 bytes 3415 (3.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 3415 (3.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif59.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.0.30 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 16 bytes 1020 (1020.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 576 (576.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I presume this is made possible by namespaces
However, dnscrypt doesn’t quite “roll easily” with network namespaces (well, not without some dire messing with the systemd unit that starts it up, which is a PITA)
Qubes’s own networking documentation is fairly frugal Networking | Qubes OS
Where can I find out more about new “IP assignment situation” in qubes, the way network namespaces are set up, etc so I can try and sort out how to adjust my dnscrypt shenanigans to the “new normal” ?