Using android as a net qube

webmazter · December 15, 2023, 8:49pm

I’d like to use android as a net qube to take advantage of a free vpn only available on android.

Is this possible? If so, does it require any special steps? Is there any way I can do a backup killswitch setup in qubes in case the one in the vpn android app doesn’t work?

seven

unman · December 16, 2023, 5:14am

It is possible, but it requires you to manipulate routing and firewall on
the android qube, and associated firewall.

What you want is this:
NIC ← Android ↔ Firewall ↔ Client qubes.

On the Android qube you will need to configure forwarding and NAT.
On the firewall qube you change the rules to allow for inter qube
traffic.

A similar set up for openBSD is detailed here

webmazter · December 16, 2023, 2:19pm

Do you know where I can find the exact configuration I need to use?

unman · December 16, 2023, 4:14pm

No.
How familiar are you with android networking and iptables?
How familiar are you with nftables and Qubes networking?

The usual configuration is this - Pray this comes out OK -:

        NIC
         >
        sys-net
         >
        sys-firewall
         >    >
        qube qube .......

What you want is this:

        firewall
        >      >
      android qube......
        >
       NIC

On the Android qube you will need to configure forwarding and NAT.
On the firewall qube you change the rules to allow for inter qube traffic.

Many problems that people have in Qubes are actually not Qubes specific.
This is one of those.
You can find guides online to configuring NAT in android that should help you.

The only Qubes specific part is configuring the firewall qube to pass
through traffic. It is documented in the Qubes docs.
(I’m assuming that you understand how to attach the NIC to the android
qube. Configuring networking using that NIC is an android issue, not
Qubes.)

webmazter · December 20, 2023, 7:51am

My familiarity with iptables is next to zero. My familiarity with android networking is zero.
I appreciate the diagram and the instructions, but I have no idea where to begin with either 1. or 2.

webmazter · December 23, 2023, 3:21pm

Does anyone know how to do this? I really don’t understand why I have to go to great lengths in configuration to use android as proxy. This is qubes, after all isn’t it? If I need to do all kinds of special configuration, couldn’t I accomplish the same thing in ANY other operating system the way whonix does?

webmazter · December 23, 2023, 3:35pm

By the way, why in this case is it firewall > proxy (android) vm > NIC instead of proxy vm > firewall > NIC like it is everywhere else?