I am trying to create a KVM/QEMU/Virt-Manager VM without exposing my IP/internet connection to it. I pay for a VPN subscription, and I typically access it through wireguard configs that integrate with my distro (Fedora 40 Workstation) and DE VPN menus. From my understanding, as I have them set up now, I can enable one of these configurations in my settings, and all of my traffic is routed through the VPN, except for my local network.

I want this VM guest to have all of its traffic sent to the VPN as well, with the exception of some connection between it and the host, so I could still access it from the host for utilities like ssh.

Is it possible to achieve this? When I looked online, it seemed to require some CLI configuration of IP routes, and I didn’t feel confident not understanding the changes I was making, as I want to make sure it is impossible to leak; it just shouldn’t have any access to my normal network. If my VPN is disabled on the host, then it simply shouldn’t be able to access the internet.

  • Adonnen@lemmy.worldOPEnglish
    2·
    25 天前
    1. I’d be fine with any. Trying Fedora, or maybe Debian. But I’d rather set up networking at the qemu level so the vm only has access to what I want it to.
    2. I don’t know how it would work, but I can create a new device id and make a new wireguard conf file. I don’t know why this wouldn’t work with any other conf/interface on my host.
    3. I want this to be physical router agnostic, as the host is a laptop. Only the vpn and host should be exposed to the VM.
    • BaumGeist@lemmy.ml
      2·
      25 天前

      This can be handled pretty much entirely on the host by configuring your qemu settings; it’s got very robust virtual networking options. Basically just expose the host’s VPN interface (e.g. usually called something like tun) for VPN access, and make a separate virtual interface that only the host and guest can access for the stuff like ssh.

      Here’s the qemu wiki about networking, definitely where you should start