As it turns out the culprit was a policy I misconfigured for qubes.ConnectTCP.
For those stumbling upon this, if you change a policy from ask to allow, you should remember to remove default_target= if present.
1 Like