Run apps in qubes-vm through the remote graphical interface

Hi, I’m new to qubes and I’m not able to open applications within vm-qubes through remote access.
I installed the xrdp package as a service in dom0, created a qube-vm called remote-proxy with internet access and redirected the tcp flow with socat. Together, I created a policy in /etc/qubes/policy.d, allowing qube-vm remote-proxy access to dom0.
I released the ports in the sys-firewall, everything was fine.
I can connect and access xfce remotely. I can easily operate dom0 through the terminal, open qubes-qube-manager, configure everything in any qube-vm.
However, I can’t open any app from this qube-vm or any other.
The command qvm-run remote-proxy xterm does not open xterm in the graphical environment.
I notice that qubes opens several processes by calling /etc/qubes-rpc/qubes.WaitForSession and so I believe it is something related to access authorization for the xrdp service to run applications on qubes-vms, but as I don’t know the qubes architecture, I don’t know how to solve it.
Can anyone help?

Qubes 4.2

Hi

I think I see the issue, if I remember well xrdp creates a virtual graphical session? Maybe this is incompatible with the qubes display drivers which uses a custom X driver to copy the qube framebuffer directly into the windows drawn in dom0 Xorg.

There is a sys-gui-vnc setup that creates a new sys-gui-vnc qube with privileges to access Qubes OS management tools and use qubes (given their guivm qvm-prefs setting is set to sys-gui-vnc and not dom0). I’m using this setup daily, using a VPN server on qubes OS where a socat is running to expose the VNC server of sys-gui-vnc to that VPN qube, so only me can connect to the VNC server from my network (it’s quite similar to your setup). It works well but you can not do everything you would do on dom0, almost all tasks except modifying dom0 and updating qubes :confused: (they are aware we can not update qubes from a non dom0 guivm, it will be possible in 4.3 maybe)

1 Like

Thanks for the answer. I believe xrdp creates a virtual graphical session. I previously tried to do remote access using the link you provided, but I was unsuccessful.
Following the link’s step-by-step instructions, I ran into a salt error, and I couldn’t resolve it, so I ended up going for a solution with XRDP. I will return to the GUI domain solution.
Another thing, your nat.sh script is fantastic, it helped me a lot. Wonderful work. Congratulations.

1 Like

You can use x0vncserver or X11vnc to connect to your real display:
https://wiki.archlinux.org/title/TigerVNC#Running_x0vncserver_to_directly_control_the_local_display
https://wiki.archlinux.org/title/X11vnc

1 Like

sys-gui-vnc was not working until 2 months ago, I reported a few blocking issues that got fixed :slight_smile:

1 Like

It´s work for me…

x0vncserver -rfbauth /home/$USER/.vnc/passwd -rfbport 5910 -display :0

I will now encrypt access to vncserver
Thank you very much, the information was essential for the solution.