Skip to content
/ qubes-proxy Public
forked from hexstore/qubes-proxy

Integration of universal proxy tool (sing-box) in Qubes OS | based of https://git.sr.ht/~qubes/proxy

License

GPL-3.0 license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

glockmane/qubes-proxy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
50_sing-box.conf
50_sing-box.conf
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.json
config.json
 
 
install.sh
install.sh
 
 
sing-box.service
sing-box.service
 
 

Repository files navigation

Qubes Proxy

This is a program to install a proxy network tool (sing-box) in Qubes OS, designed to help Qubes OS users break through the blockade in a heavily censored network environment and give Qubes OS the ability to connect to the Tor network.

The project's main repository is on on GitHub.

How it works

It provides a web service box based on the isolation mechanism of Qubes OS. It cleverly utilizes the global DNS IPs (10.139.1.1 and 10.139.1.2) of Qubes OS as the IPs of the tun devices and lets the traffic pass through it to provide a proxy network for other applications or service boxes.

Usage scenarios

It can work in these scenarios and perhaps you have your own!

  • sys-net <- sys-firewall <- sys-proxy <- AppVM(s)
  • sys-net <- sys-proxy <- sys-firewall <- AppVM(s)

Prerequisite

  • Qubes OS
  • Proxy Service Account

Installation

Here create a proxy box, which is named sys-proxy, and then download the sing-box binary from GitHub.

[user@dom0 ~]$ qvm-create sys-proxy --class AppVM --label blue
[user@dom0 ~]$ qvm-prefs sys-proxy provides_network true
[user@dom0 ~]$ qvm-prefs sys-proxy autostart true
[user@dom0 ~]$ qvm-prefs sys-proxy memory 500
[user@dom0 ~]$ qvm-prefs sys-proxy maxmem 500

Next sing-box will be installed into the /rw/usrlocal/bin directory, and the configuration file config.json is installed into the /rw/bind-dirs/etc/sing-box directory. The daemon runtime configuration file sing-box.service is installed into the /rw/bind-dirs/etc/systemd/system directory.

After completing the installation, you need to change outbounds in /rw/bind-dirs/etc/sing-box/config.json to your own proxy service. Refer to Sing-box Configuration for more configuration information.

[user@dom0 ~]$ qvm-start sys-proxy
[user@dom0 ~]$ qrexec-client -W -d sys-proxy user:'sh <(curl --proto "=https" -tlsv1.2 -SfL https://raw.githubusercontent.com/glockmane/qubes-proxy/refs/heads/main/install.sh)'

When you come to this step, you will have to restart the sys-proxy box.

[user@dom0 ~]$ qvm-shutdown --wait sys-proxy
[user@dom0 ~]$ qvm-start sys-proxy

Verify that the sys-proxy box confirms the operational status of the proxy service.

[user@dom0 ~]$ qrexec-client -W -d sys-proxy root:'journalctl -ft sing-box'

Finally, configure the application or service box's netvm to sys-proxy, and the following example configures sys-whonix's network to sys-proxy, i.e., sys-proxy acts as the sys-whonix front proxy.

[user@dom0 ~]$ qvm-prefs sys-whonix netvm sys-proxy

Related

About

Integration of universal proxy tool (sing-box) in Qubes OS | based of https://git.sr.ht/~qubes/proxy

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%