Qubes Inplace upgrade from 4.1-4.2 issues

Hey all,

Im having issues with this in place upgrade. I ran the preboot upgrade command and got this error when it tried to upgrade my android-x86 standalone vm. See below.

So i deleted the vm and tried again. Restarted the pc as instructed and started the post boot upgrade command

All went well until i got an error on stage 6. See blow.

I restarted the pc and it still shows 4.1 in global settings. My network vms do not work at all. Only sys whonix does. I tried the post restart upgrade command again and i still get the same error. Any suggestions?

Try to repeat stage 2 and 3:

sudo qubes-dist-upgrade --release-upgrade --dist-upgrade

Do you get an error with this command?

1 Like

It worked! The post boost upgrades worked as expected. I installed any additional dom0 and template upgrades after and restarted it too.

However my network vms still dont work. Only sys-whonix does

Maybe there is a problem with domain resolution.
Try to ping from the sys-net and qubes connected to sys-net:

ping quad9.com

I will try this in a bit. Not at my desk atm. I did read that 4.2 dropped support for iptables which causes openvpn proxy vms to not connect. Some sources recommeneded nftables and debain -11 minimal.

Does my issue have anything to do with this? Im not an expert and have not setup nftables or iptables before

Do you have the network issue only with VPN VMs?
Does network in sys-net / sys-firewall without VPN works?

I got the same results for sys-firewall, the proxyvm im having issues with and sys-net.

Changing my dvm to sys-firewall, im able to connect to websites fine. However my proxy vms are not able to connect

I can confirm the issue is only with vpn vms

How did you configure your VPN qube?

Most are configured like this: Using network manager, i added the .ovpn config files with user name and password. Then i went into firewall settings for that qube and added the IPs.

The one odd ball is riseup vpn. They dont give out ovpn config files for it so i defaulted to using the app which never gave me issues on 4.1.

I also have mac address randomization set to every start via a script.

Do you have any firewall rules add/remove (using iptables of nft) in the config file?

I havent touched iptables/nftables at all

Not by yourself, there could be iptables commands in .ovpn config.


Ohh. How can i check this?

Check the content of .ovpn file and see if there are any iptables there.
Or any up/down scripts.

‘Doesnt exist or is private’


1 Like

I dont see any. Checked 2 vpn providers .ovpn files

Can you ping from your VPN qube?

ping quad9.com