This guide is for users who would like to create a Wi-Fi hotspot from their Qubes OS qube. This can be useful if you want to provide a Wi-Fi network tunnelling the traffic through a VPN or sys-whonix.
Basically, the hotspot runs in a qube, and the traffic will pass through the qube's netvm.
You need an USB Wi-Fi device, or a HVM qube with an internal Wi-Fi device attached. I will only cover the USB case, but the other is only different for the qube setup.
The guide uses non-minimal templates.
sys-hotspot, choose Fedora or Debian, it is up to you:network-managerProvides networkDisposable templateEdit /rw/config/rc.local to the following script to it:
if [ "$(qubesdb-read /qubes-vm-persistence)" = "none" ]
then
while true
do
WIFI_INTERFACE=$(iw dev | awk '/Interface/ { print $2 }')
if [ -n "$WIFI_INTERFACE" ]
then
nmcli dev wifi hotspot ifname "$WIFI_INTERFACE" ssid kiQu6Quoh1 password "solene1234"
nft add rule ip qubes input iif "$WIFI_INTERFACE" accept
break
fi
sleep 5
done
fi
> ℹ️ This piece of shell waits indefinitely for a wifi interface to be connected, when it happens, it allows all incoming traffic on this interface and starts a Wi-Fi hotspot named "your_ssid_name_here" with the password "the_PSK_password". Adapt to your needs.
> ℹ️ For better security, this guide configures a named disposable qube to be the hotspot. You will never need to start sys-hotspot again except if you want to change the SSID or PSK.
sys-hotspot-dvm, with the template sys-hotspotYou can easily modify the script to have a random SSID and/or random password every time the Wi-Fi starts. I recommend the program pwgen but some shell tricks using /dev/urandom could be used too.
In the network manager applet, you can display the Wi-Fi information that will display both the SSID and the password in cleartext.
I tried with an old atheros device, I need to disconnect / reconnect it after attaching to a qube.