I’ve just started playing around with 4.1 and have run into some issues.
The first is that the default sys-firewall cannot connect to the internet via sys-net.
ping tests show
Destination Host Unreachable for sys-firewall, while sys-net has no issues. After confirming that sys-firewall configurations have nothing out of the ordinary, I started tinkering with sys-net–I modified kernelopts to
nopat iommu=soft swiotlb=8192 apparmor=1 security=apparmor, manually disabling service
meminfo-writer, etc. but nothing works. Sys-firewall remains unable to reach the internet (and yes, it has sys-net as its netvm).
One suspicion I haven’t tested out is that it might be because it’s Debian-based, but this wasn’t an issue in 4.0.3 and an issue this serious should’ve either never made it out the gate or be reported a lot.
The second issue is that I don’t know where TemplateVMs proxy their updates from as
/etc/qubes-rpc/policy/qubes.UpdatesProxy no longer includes an entry for
$Type: TemplateVMs. There’s nothing indicating where TemplateVMs should get their updates from, so I presume it’s from whichever VM has service qubes-updates-proxy enabled.