Qubes Inplace upgrade from 4.1-4.2 issues

User Support
1

Hey all,

Im having issues with this in place upgrade. I ran the preboot upgrade command and got this error when it tried to upgrade my android-x86 standalone vm. See below.

IMG_20240112_012334_379
IMG_20240112_012334_3791920×2560 385 KB

So i deleted the vm and tried again. Restarted the pc as instructed and started the post boot upgrade command

All went well until i got an error on stage 6. See blow.

IMG_20240112_014012_773
IMG_20240112_014012_7731920×2560 569 KB

I restarted the pc and it still shows 4.1 in global settings. My network vms do not work at all. Only sys whonix does. I tried the post restart upgrade command again and i still get the same error. Any suggestions?

2

Try to repeat stage 2 and 3:

sudo qubes-dist-upgrade --release-upgrade --dist-upgrade

Do you get an error with this command?

1 Like
3

It worked! The post boost upgrades worked as expected. I installed any additional dom0 and template upgrades after and restarted it too.

However my network vms still dont work. Only sys-whonix does

4

Maybe there is a problem with domain resolution.
Try to ping from the sys-net and qubes connected to sys-net:

ping quad9.com
ping 9.9.9.9
5

I will try this in a bit. Not at my desk atm. I did read that 4.2 dropped support for iptables which causes openvpn proxy vms to not connect. Some sources recommeneded nftables and debain -11 minimal.

Does my issue have anything to do with this? Im not an expert and have not setup nftables or iptables before

6

Do you have the network issue only with VPN VMs?
Does network in sys-net / sys-firewall without VPN works?

7

IMG_20240113_090444_189
IMG_20240113_090444_1891920×2560 517 KB

IMG_20240113_090531_410
IMG_20240113_090531_4101920×2560 467 KB

I got the same results for sys-firewall, the proxyvm im having issues with and sys-net.

Changing my dvm to sys-firewall, im able to connect to websites fine. However my proxy vms are not able to connect

8

I can confirm the issue is only with vpn vms

9

How did you configure your VPN qube?

10

Most are configured like this: Using network manager, i added the .ovpn config files with user name and password. Then i went into firewall settings for that qube and added the IPs.

The one odd ball is riseup vpn. They dont give out ovpn config files for it so i defaulted to using the app which never gave me issues on 4.1.

I also have mac address randomization set to every start via a script.

11

Do you have any firewall rules add/remove (using iptables of nft) in the config file?

12

I havent touched iptables/nftables at all

13

Not by yourself, there could be iptables commands in .ovpn config.

14

https://forum.qubes-os.org/t/which-vpn-do-you-use/3406/143

15

Ohh. How can i check this?

16

Check the content of .ovpn file and see if there are any iptables there.
Or any up/down scripts.

17

‘Doesnt exist or is private’

18

.

1 Like
19

I dont see any. Checked 2 vpn providers .ovpn files

20

Can you ping from your VPN qube?

ping quad9.com
ping 9.9.9.9