That could abolish need for https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-whonix/replace-ips and related dpkg triggers hack.
Test this in dom0:
qvm-prefs sys-whonix ip 10.152.152.10
Related:
Description
Description
Details
Details
- Impact
- Normal
Event Timeline
Comment Actions
qvm-prefs sys-whonix ip 10.152.152.10 works great so far. Will test more. And call for testers.
But we couldn't just set that IP inside sys-whonix without touching dom0?
I am asking, because I am wondering how would we port existing and new users to be using this? Changing something for everyone in dom0 might be harder than if just a Whonix package upgrade could make the change.
Comment Actions
No, qubes specifically enforce anti-spoofing firewall rules and VM is constrained to IP set in this property. Allowing VM to freely modify it would defeat the purpose.
I am asking, because I am wondering how would we port existing and new users to be using this? Changing something for everyone in dom0 might be harder than if just a Whonix package upgrade could make the change.
There is https://github.com/QubesOS/qubes-core-admin-addon-whonix that can be used to set the IP.
Have you checked how it behaves with multiple Whonix Gateways? Isn't same IP a problem there?
Comment Actions
marmarek (Marek Marczykowski-Górecki):
Have you checked how it behaves with multiple Whonix Gateways?
Aren't these separated at the virtualizer level? Separate internal networks?
Isn't same IP a problem there?
That would for sure be a problem. At worst non-functional or traffic
processed by the wrong gateway.