Hi,
on the newest kali-core + stuff + docker.io + docker-compose networking breaks.
I am not 100% certain at this point docker is to blame, but docker does a lot of network stuffs and i can’t think of other tools i use breaking it. I installed it via apt.
I updated the day before yesterday and yesterday the AppVMs:
- awake with eth0 offline and after enabling it
- only get an ipv6
… breaking connection to the NetVM.
So i rebuild my template, thank god i have documentation. Everything works fine. Updated today → Same shit.
Does anybody know why or how to troubleshoot or mitigate? I have not looked into the networking magic of qubes much.
In the meantime i will rebuild my system without docker and test again tomorrow.
1 Like
You should check the journalctl of your kali vm, you will probably find that the kali process to configure the network failed due to something “hush login”. Create a file touch ~/.hushlogin, check that /sbin/ip exist.
And should work ?
If it work, if someone have time it could be a new github issue + pull request
1 Like
Thank you for your help!
- It is not docker. It happens to AppVMs with the unmodified community kali-core template too.
- I cannot really spot anything in the journal, explicitly nothing with hush login, besides the little banner from the kali devs.
- Adding the ~/.hushlogin didn’t work
- /sbin/ip does not exist (on debian and fedora they do)
On my system:
$ type -a ip
ip is aliased to `ip --color=auto'
ip is /usr/bin/ip
ip is /bin/ip
default kali has different results
Official kali image in virtualbox:
ip is /usr/sbin/ip
ip is /usr/bin/ip
ip is /sbin/ip
ip is /bin/ip
This kinda is a bit of a problem as this is my actual work system. I can work around it, with tremendous amount of pain, or get an old unpatched kali version 
.
(This is kinda funny as i am scheduled to pitch QubesOS to my company in a few weeks lol and now i nearly can’t work)
Does anybody have other ideas, i would greatly appreciate it. Or if anybody else could reproduce this issue.
That little hush banner is breaking the way qubesos communicate with it’s guest VM. Be sure you created .hushlogin for your user and root account.
For the missing /sbin/ip as a workaround you could copy the other “ip” binary that you have. Having a working /sbin/ip is a hard requirement to have network automatically configured by qubesos ( qubes-core-agent-linux/network/setup-ip at main · QubesOS/qubes-core-agent-linux · GitHub ), kali decided to modify that some days ago.
2 Likes
Thank you so much! This worked!
So to summarize:
- Go to your kali template and:
sudo cp /user/sbin/ip /sbin/ip
- In your AppVM
touch ~/.hushlogin && sudo touch /root/.hushlogin
( if you have time, create a github issue about this, and maybe do a pull request if you known how to do that )
Sorry, unfortunately i don’t have a github account 