[quote=“WhonixQubes, post:65, topic:512”][quote author=nrgaway link=topic=537.msg4710#msg4710 date=1412938717]
Seems like I have got the networking working now
[/quote]
This is awesome news!
I literally was just in the process of building your old code again a few hours ago before seeing this news. So great timing!
Looking forward to learning exactly how you achieved the networking and overall solution.
And after you get things smoothed out, and we test, then we will likely want to talk about packaging and distribution (involving Qubes devs too).
Great job, nrgaway! :D[/quote]
It ended up being a simple fix for the vif+ interface. The issue I was having was that I need to be able to run Whonix firewall before when eth0 came up initially, but if there were no guest VM connected to the Whonix Gateway at the time of boot, the tor scripts would fail to be able to bind to any interface.
So based on something @mammamek said about using a dummy interface, I got the idea to just use a dummy interface ‘eth1’ that uses the ‘/usr/lib/qubes/setup-ip’ ip address (same ip address the vif+ interfaces use, for example 10.137.3.1) and then tor configurations load properly. The dummy interface is used for no other purpose and is not routing any packets.
# Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment
INTERFACE="eth1"
/sbin/ip link add $INTERFACE type dummy
# Now, assign it the netvm-gateway IP address
ip=$($XENSTORE_READ qubes-netvm-gateway 2> /dev/null)
if [ x$ip != x ]; then
netmask=$($XENSTORE_READ qubes-netvm-netmask)
gateway=$($XENSTORE_READ qubes-netvm-gateway)
/sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
/sbin/ifconfig $INTERFACE up
/sbin/ethtool -K $INTERFACE sg off
/sbin/ethtool -K $INTERFACE tx off
fi
I am still trying to find the proper spot to hook this code into. I was just replacing the ‘setup-ip’ script qubes uses since ‘/etc/init.d/qubes-core’ called it very early in the ‘init’ sequence and was looking for a better spot to implement it from when the upstream changes broke my build; which I am currently working on fixing.
I was hoping to actually just create a udev rule to execute the script but I was having an issue where the udev code was not executing for some reason unless I restarted udev after booting. I am not that familiar with udev, so I may have missed a configuration step.
But once I can get the VM to boot again, and find the proper spot to execute the dummy interface creation it won’t take long to finish things off. I am trying to emulate the behaviour of the original whonix implementation and start the firewall right when eth0 becomes active so the VM is protect with the firewall rules when the eth0 goes online.