Qubes/Whonix - Reverse Tethering to Wi-Fi access point

I am running Qubes with Whonix. I am wondering if there is a way for external devices to benefit from the Qubes/Whonix’s torified connection, by creating a Wi-Fi access point that would push all of it’s client device connections through my sys-whonix connection as if the external devices were connecting to the internet via my anon-whonix app cube. Essentially this would be a reverse teathering, that anonymizes any device connected to my Qubes Wi-Fi AP. Is it possible to share an App Qubes internet connection with wi-fi connected devices? Can you please list the steps do so or write a complete tutorial?

1 Like

Welcome to the club!

Definitely possible, but it involves configuring devices other than your Qubes OS machine. Basic knowledge of networking, DHCP options, routing tables, etc., will also be helpful in this endeavour.

(I’ll edit this to make it more specific later)

The basic steps are:

  1. Setting up your proxy of choice that is able to pass things to sys-whonix. This proxy needs to be able to accept incoming data packets from your LAN devices.
  2. Make sure that all your LAN devices know how to find your Qubes OS machine, so they can send all their data packets to it, instead of the regular LAN gateway.

There are multiple ways to do these steps. The most hassle-free one is to configure your DHCP server to tell all LAN devices to route their packets via your Qubes OS machine.

1 Like

This seems a lot different than my plan. My qubes network connection comes from ethernet plugged directly into my qubes laptop, so I have a free wifi card on my qubes laptop. I was more or less hoping that I could just create a Qubes/whonix wifi access point (like a router) from my spare wifi card on Qubes, and have any device that connects to that qubes access point automatically utilize the whonix gateway for it’s internet. Would something like that work?

1 Like

Yes, it would, if that’s how you want it set up, provided you make sure that this wifi network you’re going to create has everything the other devices (clients) need to be able to navigate that network (eg. DHCP, DNS, Routing Table, Firewall, etc.).

Either these things would already exist on other devices on the wifi network, or the qube containing your wifi card would have them running inside it.

You would also need to make sure that packet forwarding was turned on inside the qube.