No ethernet connection in appVMs

User Support
1

Hi, I need some help with my internet connection. I’ve googled and read this forum but haven’t found the solution to my problem.

When I boot Qubes OS it gets connected to the internet via ethernet. Only ethernet, no Wi-Fi. The update manager automatically starts and templates are updated just fine. Then I start an appVM (any of my appVMs)… and internet connection problems appear. In a terminal I can ping google BUT the following gives no output:

$ curl -I https://google.com

If I launch Firefox it doesn’t load any page:

image
image1814×482 48.9 KB

Now I connect to my Wi-Fi network. In the terminal I can ping google AND the following works:

$ curl -I https://google.com
HTTP/2 301 
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-LSOCLZBMvBu3Esrgh3ewkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Tue, 12 Mar 2024 18:04:44 GMT
expires: Thu, 11 Apr 2024 18:04:44 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

And Firefox works fine with the same page that previously failed:

image
image1810×481 132 KB

One more thing. Now, if I disconnect from Wi-Fi, everything keeps working: ping, curl, web browser…, no internet connection problems at all.

I’m still new to Qubes. And I’m not a networking master so I would appreciate any help to fix this problem.

2

Is your wifi network on the same network as the ethernet one?

Did you create some firewall rules for sys-firewall?

3

Did you ping google.com domain or ping 8.8.8.8 (or some other IP address)?
Did you configure your ethernet connection manually or is it using DHCP?

4

Yes, both are in the same network. The network manager widget in the system tray gives me this information for both ethernet and wifi:

Broadcast address: 192.168.1.255
Subnet mask: 255.255.255.0
Default route: 192.168.1.1
Primary DNS: 100.100.1.1
Secondary DNS: 100.90.1.1
Tertiary DNS: 192.168.1.1

I’ve not created any rule for sys-firewall.

5

I ping 8.8.8.8. If I ping to google.com I get no output so it seems that there is a DNS problem, right?

My ethernet connection is using DHCP.

6

this looks weird for a DNS server, very unusual, did you set the value yourself?

are you using the same DNS server when connected with wifi?

1 Like
7

@solene I haven’t configured anything manually. As I said before both ethernet and wifi are using the same DNS servers.

8

I’ve just realized that, when I’m not connected via wifi, the command

$ curl -I https://google.com

works in the qube sys-net but fails in sys-firewall.

In sys-net:

user@sys-net ~]$ cat /var/run/qubes/qubes-ns 
NS1=10.139.1.1
NS2=10.139.1.2
[user@sys-net ~]$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 100.100.1.1
nameserver 100.90.1.1
nameserver 192.168.1.1

And in sys-firewall:

user@sys-firewall ~]$ cat /var/run/qubes/qubes-ns 
NS1=10.139.1.1
NS2=10.139.1.2
[user@sys-firewall ~]$ cat /etc/resolv.conf 
nameserver 10.139.1.1
nameserver 10.139.1.2
9

Seems to be the same issue:

10

Unusual yes - weird? I’ve seen it with ISPs and it’s part of a standard reserved
range.
If eth0 is handing out that address I’d go back to whoever is providing
network connection and query it. That range isnt intended for general
use.

My guess is that those DNS servers are not accessible - When the WiFi
connects it hands out a working DNS server, so that afterwards that
server is used even when eth0 is used. (Both eth0 and WiFi are reported
as using the same range and route.)
A little more information about the network, and the source of WiFi would
be helpful.

11

Wow! It works! I’ll read that thread and I’ll try to understand better the problem and the solution.

Thanks to everybody. Definitely this community is one of the best parts of Qubes.

1 Like