On Wed, Nov 21, 2018 at 04:47:33PM +0000, 'qubesusermarco' via qubes-users wrote: > I have a Windows-7-VM assigned as some LinuxVM's netVM. And I get the error > below after some timeout when I try to start the appvm: > > ERROR: Start failed: internal error: libxenlight failed to create new domain > 'appVM_name'. See /var/log/libvirt/libxl/libxl-driver.log for details. > > Here's the error message in the log: > > 2018-11-21 14:31:13.157+0000: libxl: > libxl_device.c:1093:device_backend_callback: unable to add device with path > /local/domain/38/backend/vif/40/0 > 2018-11-21 14:31:13.157+0000: libxl: > libxl_create.c:1512:domcreate_attach_devices: unable to add nic devices > 2018-11-21 14:31:23.181+0000: libxl: > libxl_device.c:1093:device_backend_callback: unable to remove device with > path /local/domain/38/backend/vif/40/0 > 2018-11-21 14:31:23.181+0000: libxl: libxl.c:1669:devices_destroy_cb: > libxl_devices_destroy_failed_for_40 > > Is it just plain impossible for a WindowsVM to be a NetVM or I'm missing > something?
You need to think laterally to make this work. Create new qube, make it provide network, but dont attach it to an upstream netvm. Attach Windows Vm to the new qube. Attach your NIC to the Windows VM. Now the WindowsVM has two network devices. Attach your clients to the new qube as netvm. On the new qube, change firewall rules to allow traffic between the vif+ interfaces, and remove the restrictions in iptables raw table. With some jiggerypokery on the intermediate (new) qube, to handle routing and DNS you dont need to change anything on the client qubes. I've posted in more detail on this before - if you need more help just ask, but this should point you where to go. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181123003534.qienbb6yku76p4sq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
