Go back to topic: Wi-Fi hotspot from Qubes OS
| I tried with an old atheros device, I need to disconnect / reconnect it after attaching to a qube. | I tried with an old atheros device, I need to disconnect / reconnect it after attaching to a qube. ## Graphene OS does not see the SSID @solene had issues with a qube running debian 12 that was advertising a SSID working with everything but Graphene which was not seeing the network. Switching to Fedora 42 magically fixes the problem. |
| nft add rule ip qubes custom-input iifname "$WIFI_INTERFACE" meta l4proto udp udp dport 67 accept | nft add rule ip qubes custom-input iifname "$WIFI_INTERFACE" meta l4proto udp udp dport 67 accept nft add rule ip qubes custom-input iifname "$WIFI_INTERFACE" meta l4proto tcp tcp dport 53 accept nft add rule ip qubes custom-input iifname "$WIFI_INTERFACE" meta l4proto udp udp dport 53 accept |
| You can easily modify the script to have a random SSID and/or random password every time the Wi-Fi starts. I recommend the program `pwgen` but some shell | You can easily modify the script to have a random SSID and/or random password every time the Wi-Fi starts. I recommend the program `pwgen` but some pure shell snippet like `$(tr -dc 'a-zA-Z0-9_@' </dev/urandom | head -c 16)` could be used too. |
| You need a Wi-Fi device, either USB or integrated. | You need a Wi-Fi device, either USB or integrated. If you connect to the Internet / Network with Wi-Fi, you need a second Wi-Fi device. |
| ## Use PFSense or OPNsense It is possible to use PFSense or OPNsense as the system in the qube providing Wi-Fi, this allows you to administrate it using the Web user interface through a client of the Wi-Fi with some fancy features. This might require some work to bootstrap the configuration from the command line version. |
| Edit `/rw/config/rc.local` to the following script to it: | Edit `/rw/config/rc.local` to add the following script to it: |
| # the device may require a few seconds to initialize after being attached sleep 4 # configure the access point # pick the SSID you want # define the password you want nmcli dev wifi hotspot ifname "$WIFI_INTERFACE" ssid "your_ssid_name_here" password "the_PSK_password" # allow incoming DHCP traffic so clients can have an IP nft add rule ip qubes custom-input iifname "$WIFI_INTERFACE" meta l4proto udp udp dport 67 accept # handle DNS requests to Qubes OS DNS, you can still catch them later from a VPN qube anyway nft flush chain ip qubes dnat-dns nft add rule ip qubes dnat-dns iifname "$WIFI_INTERFACE" ip daddr 10.42.0.1 udp dport 53 dnat to 10.139.1.1 nft add rule ip qubes dnat-dns iifname "$WIFI_INTERFACE" ip daddr 10.42.0.1 tcp dport 53 dnat to 10.139.1.1 | |
| fi | fi |
| You need | You need a Wi-Fi device, either USB or integrated. |
| ## USB Wi-Fi If your Wi-Fi device is USB, follow this: | |
| ## Integrated Wi-Fi > :warning: This is more for advanced users, as you will need to modify sys-net and to juggle between two "sys-net" depending if you connect to Ethernet or Wi-Fi If your Wi-Fi device is integrated into the computer, it is slightly complicated and you will not be able to connect to Wi-Fi and create a hotspot at the same time. You will need to remove the Wi-Fi device from sys-net devices: - Open sys-net settings - In "Devices" tab, remove the Wi-Fi device You need a new qube to connect to Wi-Fi when you need to: - Create a new qube `sys-net-wifi`: - An AppVM if you want changes to be persistent, or a Named disposable based on `default-dvm` if you do not want to store information about Wi-Fi access points - Make it "Provides network" - When you want to switch between ethernet and Wi-Fi, toggle sys-firewall netvm between `sys-net` and `sys-net-wifi` Now, you need to create the qube that will do the hotspot: - Create a named disposable qube `sys-hotspot-dvm`, with the template `sys-hotspot` - Open its settings - Make it a "HVM" type qube (remove memory ballooning if any) - Add the Wi-Fi device - Start the qube |