Hello, folks! I’m here to share this:
https://github.com/Rudd-O/qubes-arbitrary-network-topology
This software lets you turn your Qubes OS 4.0 machine into an arbitrary network topology host. It is ideal to create networks of interconnected VMs with arbitrary pathways between them, and minimal effort compared to manually setting everything up using xl attach in your dom0 as root.
How to use
Suppose you have two VMs, which you want to be interconnected via (virtualized) Ethernet. VM F (for frontend) will be attached to VM B (for backend).
With this software, all you have to do is attach a feature attach-network-to onto B, like so:
# Run me on dom0 as your regular Qubes login user.
qvm-features B attach-network-to F
# You can add multiple VMs to attach to, by separating them with newlines like so:
# [user@dom0]$ qvm-features B attach-network-to 'F
# G
# H'
And that’s it. As soon as both B and F are running, network interfaces will appear on each one; if you set the feature while the VMs were running, the interfaces will appear instantly. The network interface in F will generally be named eth0 (or eth1 or other name increasing in value). The network interface in B will be named after F. IP networking on none of the network interfaces will be configured by the system.
From this point on, all you have to do is configure the network interfaces — e.g. using NetworkManager — on those two VMs, then adjust the firewall rules on both VMs to permit input from one VM to the other, or even forwarding through them. You could build a bridge, or set IP configuration to your liking.
Here is a sample IP configuration file for NetworkManager (to follow our example, stored in B under /rw/config/NM-system-connections/F.nmconnection):
[connection]
id=B
uuid=bb88cc30-1bcd-40bf-97f2-013626692bd1
type=ethernet
autoconnect-priority=-999
interface-name=F
permissions=
[ethernet]
mac-address-blacklist=
[ipv4]
address1=10.250.9.26/30
dns=10.250.7.2
dns-search=
method=manual
route1=10.250.0.0/20,127.0.0.1,1000
route2=10.250.8.0/24,10.250.9.25,1
route3=0.0.0.0/0,10.250.9.25,101
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=disabled
[proxy]
Judicious use of the qvm-features command will allow you to have arbitrarily connected VMs on your system, directly testing a panoply of network topologies.
How it works
A small Qubes extension running under qubesd in dom0 monitors VMs as they start and stop. If a VM starts and it has the attach-network-to feature, all VMs named in the feature will get Xen Ethernet frontends attached, with the backends attached to the VM that just started. The converse is also true — if a VM starts, and it is mentioned in the attach-network-to feature of another VM, the frontend is attached to the VM that just started, and the backend is attached to the VM with the feature.
It’s very simple, no magic involved.
How to install
Build the two necessary RPM packages and then install them to the respective VMs:
- The qubes-arbitrary-network-topology RPM: use the command make rpm on a VM with the same Fedora version as your TemplateVM. Then install the RPM in the TemplateVM, and power off the Template VM, as well as any other VMs you plan to attach networking to.
- The qubes-core-admin-addon-arbitrary-network-topology RPM: use the command make rpm on a VM or a chroot with the same Fedora version as your dom0 (that’s Fedora 25 for Qubes 4.0). Then copy the RPM into your dom0, and install the RPM.
You should now be good to go.
Licensing
This software is shared under the GNU GPL v2. You can find the text of the GNU GPL in the COPYING file distributed with the source.
– You received this message because you are subscribed to the Google Groups “qubes-users” group. To unsubscribe from this group and stop receiving emails from it, send an email to . To view this discussion on the web visit .