I’m trying to test some networking-related code in a new pair of Whonix VMs, but I’ve either hit a bug or I don’t know what I’m doing. Currently running Qubes OS R4.3, with dom0 and all Qubes fully updated from the testing repositories (to the best of my awareness).
In order to create a new Whonix-Gateway and Whonix-Workstation pair, I first cloned the existing whonix-gateway-17 and whonix-workstation-17 templates to a new pair of templates named “whonix-gateway-17-testvm” and “whonix-workstation-17-testvm” respectively. This seemed to work just fine. I then booted both template clones, installed the packages I needed to test, and then shut the templates down. Next, I made an AppVM for the new Whonix-Gateway by using “New qube” in Qube Manager, selecting “whonix-gateway-17-testvm” as the template, and making sure to check the “Provides network access to other qubes” box under the Advanced tab. I called this new VM “whonix-gateway-17-testvm-aq”. After that, I created a new AppVM for Whonix-Workstation, using “whonix-workstation-17-testvm” as the base and setting “whonix-gateway-17-testvm-aq” as the networking qube. This VM I called “whonix-workstation-17-testvm-aq”.
With all that set up, I then launched “whonix-gateway-17-testvm-aq”. After a short while, the systemcheck app appeared and showed this warning:
[ERROR] [systemcheck] check network interfaces Result: network interface eth1 not up!
This might happen because you did not check mark the 'provides network' box for this VM?
If you know what you are doing, feel free to disable this check.
Create a file /etc/systemcheck.d/50_user.conf and add:
systemcheck_skip_functions+=" check_network_interfaces "
Debugging information:
Command
sudo --non-interactive cat /sys/class/net/eth1/carrier
failed.
A quick ip a showed that indeed, eth1 did not exist:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 1 qlen 1000
link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff
inet 10.137.0.22/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe5e:6c00/64 scope link
valid_lft forever preferred_lft forever
However, looking in the qube settings for “whonix-gateway-17-testvm-aq”, I can see that “Advanced → Other → Provides Network” is indeed checked, so that isn’t the problem. Furthermore, qvm-prefs shows that provides_network is set to True:
aaron@dom0:~$ qvm-prefs whonix-gateway-17-testvm-aq
audiovm D dom0
autostart D False
backup_timestamp U
debug D False
default_dispvm D default-dvm
default_user D user
dns D 10.139.1.1 10.139.1.2
gateway D 10.137.0.22
gateway6 D
guivm D dom0
icon D servicevm-black
include_in_backups D True
installed_by_rpm D False
ip D 10.137.0.22
ip6 D
kernel D 6.6.65-1.fc41
kernelopts D swiotlb=2048
keyboard_layout D us++
klass D AppVM
label - black
mac D 00:16:3e:5e:6c:00
management_dispvm D default-mgmt-dvm
maxmem D 4000
memory D 400
name - whonix-gateway-17-testvm-aq
netvm D sys-firewall
provides_network - True
qid - 22
qrexec_timeout D 60
shutdown_timeout D 60
start_time D 1734724759.96
stubdom_mem U
stubdom_uuid D
stubdom_xid D -1
template - whonix-gateway-17-testvm
template_for_dispvms D False
updateable D False
uuid - fbe9eb67-3f9b-4091-8850-9604dccbc815
vcpus D 2
virt_mode D pvh
visible_gateway D 10.138.15.117
visible_gateway6 D
visible_ip D 10.137.0.22
visible_ip6 D
visible_netmask D 255.255.255.255
xid D 12
Just in case “turning it off and back on again” would help, I unchecked “Provides network” in the qube settings for whonix-gateway-17-testvm-aq, clicked “Apply”, rechecked it, and then clicked “Apply” again. Nothing changed, eth1 still doesn’t exist.
I’m not sure how to debug this further. Does this look like a bug in Qubes OS, or am I doing something wrong here?