No internet in fedora-32-minimal

I had internet access in my VM based on fedora-32-minimal for a long time. Now, I can’t access the internet in the VM. I think this may have been caused by an update, but I’m not sure. I don’t know what else would cause this issue. I still have internet access in a debian-10-minimal VM that uses the same proxy-vm. Switching the VM to sys-net instead of the proxy-vm allows internet access, but other VMs can access the internet through the proxy-vm.

edit: It seems like I’m having DNS issues with the VM. I’m just not sure how to troubleshoot.

This sounds like a firewall problem to me. Does qvm-firewall [VM name] list show anything out of the ordinary?

Usual disclaimer: I’m not a technical person –yadda yadda yadda– take what I say with a grain of salt

It doesn’t show anything. I don’t think it’s the firewall-vm. I haven’t made any changes to it, and DNS/internet access was working fine before yesterday. I’m assuming it’s a problem with the proxy-vm since I am having issues with other VMs.

I’m testing networking across a bunch of different VMs, and none of them are resolving DNS names other than one of my VMs. I have tried switching their network-vm from proxy-vm to sys-net, and I am still having DNS issues. sys-whonix can still connect and update VMs, though.

Do you have the required packages installed? In particular, you need qubes-core-agent-networking, as explained in the documentation.

I have qubes-core-agent-networking and iproute installed. Reading the documentation about Minimal TemplateVMs, I’m not sure if there are other required packages mentioned (for a proxy-vm). But it was working before for weeks/months so I don’t think it’s because of a missing package.

If you have no problems with the full (non-minimal) template, then a missing package is usually the culprit, but since it was working for you before, I have no idea.

If full (non-minimal) templates also don’t have internet access, then the problem is probably with sys-net or sys-firewall or outside of Qubes (e.g., your router or modem). You can follow standard troubleshooting steps to diagnose (e.g., do a ping test to see if it’s a DNS problem).

You can also try downloading and installing a fresh minimal template, installing the required packages, and seeing if it has internet access. If so, then you must have somehow broken the old template.

After re-reading the thread, I also suspect it’s a firewall problem. I think you misunderstood this suggestion earlier. “Firewall problem” does not necessarily mean “problem in sys-firewall.” Each VM has its own set of firewall rules, which are simply enforced by sys-firewall. If you have bad firewall rules set for a VM, then there may be nothing wrong with sys-firewall. You’re simply telling it to enforce bad rules, and it’s faithfully obeying your commands.

So, check the firewall tab for the problematic VM(s), or use qvm-firewall in dom0.

I don’t have any rules in the firewall tab of any of my VMs. I think I have narrowed it down to DNS issues which may be caused by my VPN in the proxy-vm.

I think I’ve encountered the same issue as arkfox on a fresh installation of 4.0.3. After updating dom0 and installing kernel-latest, my update VM fails to connect to the internet after having previously worked.

What’s surprising is even pings fail (packet filtered) despite not having been blocked.


Edit: I have a feeling that something in the dom0 update caused this. Things were working fine after I updated the templates and restarted all VMs. On another fresh installation, the exact same problem occured on the first boot.

Edit 2: The problem was fixed after I deleted my old update VM and created a new VM instead of cloning it from my firewall VM (using the same template). Cloning from firewall VM consistenly led to the same issue.

I’m having the same trouble in any new VM that I create cloned from debian-10-minimal, fedora-32-minimal, and debian-10. The weird thing is that I can still update VMs that are connected through sys-whonix (I think because sys-whonix may bypass the DNS issue). I can still connect to raw IP addresses, though.

Clone from templates? Don’t mean to nitpick but surely you mean AppVMs based on those templates?

Anyways, my experience in R4.1 is similar to what you described for (I presume) 4.0.3 in some ways–but also very different. One thing in common is that sys-whonix allows updates, but a major difference is that the VMs can connect to the internet reliably and the issue seems to be limited to non-minimal Debian.


This was never an issue in 4.0.3 until yesterday/today. Now it seems to pop up a lot, especially after I update the templates in fresh OS installations. (There was one time when it popped up and prevented me from doing my first update). A consistent solution is to delete the offending VM and recreate it manually.

Thanks for the information. I actually have the same problem in both TemplateVMs (qvm-clone) and AppVMs. I posted earlier that my UpdateVM was working via sys-whonix, but I’m having issues with that as well (at least when updating fedora-32-minimal based VMs).

Deleting/re-creating VMs isn’t solving the problem for me.

this is exactly the problem i have with fedora-34-minimal now. no problems with fedora-33-minimal so far. any thoughts?

Thanks! That helped!

I probably could have just chmod -x /rw/config/qubes-firewall-user-script and rebooted the VM