I’ve just started playing around with 4.1 and have run into some issues.
The first is that the default sys-firewall cannot connect to the internet via sys-net. ping
tests show Destination Host Unreachable
for sys-firewall, while sys-net has no issues. After confirming that sys-firewall configurations have nothing out of the ordinary, I started tinkering with sys-net–I modified kernelopts to nopat iommu=soft swiotlb=8192 apparmor=1 security=apparmor
, manually disabling service meminfo-writer
, etc. but nothing works. Sys-firewall remains unable to reach the internet (and yes, it has sys-net as its netvm).
One suspicion I haven’t tested out is that it might be because it’s Debian-based, but this wasn’t an issue in 4.0.3 and an issue this serious should’ve either never made it out the gate or be reported a lot.
The second issue is that I don’t know where TemplateVMs proxy their updates from as /etc/qubes-rpc/policy/qubes.UpdatesProxy
no longer includes an entry for $Type: TemplateVMs
. There’s nothing indicating where TemplateVMs should get their updates from, so I presume it’s from whichever VM has service qubes-updates-proxy enabled.