Question about secure internet access

draylath · November 1, 2023, 6:01pm

Hi Guys,

Another possibly daft question here but I’m getting myself in a bit of a worry over it.

I remember reading something about how dom0 just runs the system and doesnt need access to the internet or somesuch so I tuned off the wifi in it (I think it was off by default). It managed to do an update with it off iirc but then when I turned on the work qube to try and get some things going I was unable to access the internet at all.

I looked around at possible solutions to this but I just got myself more confused.

As soon as I turn on the wifi option in dom0 the internet works, both in “work” and “anon”.

I’m using the debian template for all the sys qubes and I did read that they can be a problem networking data downstream but that was from a few years ago.

I think that the red reception bars on the dom0 wifi is freaking me out a bit as I do value security etc.

I’d appreciate any help in either getting this working as it should or letting me know I’ve just mis understood of this works (quite possible lol)

apparatus · November 1, 2023, 6:40pm

There is no network in dom0 so the network icon you see in dom0 system tray is actually the network icon passed from your sys-net.

draylath · November 1, 2023, 6:56pm

Ah! So I am supposed to have the thing on then and I’ve just completely missed point lol. That pretty much tracks with me lol.

Thanks again apperatus. Thanks to you I’m now completely up and running

gonzalo-bulnes · November 1, 2023, 8:44pm

And you may observe that the icon is tainted with a color that matches the color assigned to your sys-net qube. (The color is also referred to as label in some places, and is typically red by default for sys-net.)

Housekeeping note: @draylath since you seen satusfied with @apparatus’s answer, I invite you to mark it as the solution to your question! That will make it easier for everyone to see that this question got answered and to find the relevant answer if they’ve got similar questions!

You can mark a post as the solution by pressing the little checkbox icon on it

adw · November 1, 2023, 11:33pm

Yeah, there is never any networking in dom0. There’s no way you can enable it accidentally. You were just interacting with sys-net via seamless integration into the dom0 desktop.

That uses a different mechanism, which is explained here:

aronowski · November 5, 2023, 5:34pm

While we already have an intro, that explains things briefly, I understand, that there still may be some confusions.

So I created an overview of how I interpret the compartmentalization in a more high-level user-friendly manner.

If you think this idea is a good way of presenting, how things work from a non-technical perspective, I’d appreciate if you could help me improve it even more and help me form an issue at qubes-issues so it could be added to the intro in the future.

hypercube · November 5, 2023, 5:56pm

This is a great graphic! It makes makes it really accessible for anyone to understand how networking is set up in Qubes. I really like its simplicity because some of the other graphics on the Qubes website are packed with information and I need to stare at them for a while to trace where all the arrows are going and what they mean.