Hello,
Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
sys-whonix not bringing up the virtual interfaces for downstream VMs
correctly. I could find nothing conclusive in the bug tracker but am
hesitant to raise it on qubes-issue in case it only affects me.
The symptoms are as follows:
* AppVMs connected to sys-whonix do not get networking
* There is an incorrect nameserver specified in the AppVM
/etc/resolv.conf (the IP does not match the IP of sys-whonix)
* There are no vif* interfaces in sys-whonix, or they are down and have
no IP address
* There are errors in the logs of sys-whonix like:
Mar 18 14:56:20 host root[20716]: /etc/xen/scripts/vif-route-qubes:
Writing backend/vif/17/0/hotplug-error /etc/xen/scripts/vif-route-qubes
failed; error detected. backend/vif/17/0/hotplug-status error to xenstore.
Mar 18 14:56:20 host root[20718]: /etc/xen/scripts/vif-route-qubes:
/etc/xen/scripts/vif-route-qubes failed; error detected.
Workaround is to add the routing information back in sys-whonix (the
vif* interface was there already, just not properly setup):
``
ip link set vif<NUM> up
ip addr add <IP-OF-SYS-WHONIX>/32 dev vif<NUM>
ip route add <IP-OF-APPVM> dev vif<NUM> metric 32744
``
This will fix the routing table so the prerouting nat rules work.
I am not entirely sure how to proceed with diagnosing the issue further.
Versions are posted below.
Kind regards,
Vladimir
Version of qubes* packages in whonix-gw-15:
libqubes-rpc-filecopy2 4.1.13+deb10u1
libqubesdb 4.1.10-1+deb10u1
libvchan-xen 4.1.7-1+deb10u1
python3-qubesdb 4.1.10-1+deb10u1
qubes-core-agent 4.1.24-1+deb10u1
qubes-core-agent-dom0-updates 4.1.24-1+deb10u1
qubes-core-agent-nautilus 4.1.24-1+deb10u1
qubes-core-agent-networking 4.1.24-1+deb10u1
qubes-core-agent-passwordless-root 4.1.24-1+deb10u1
qubes-core-agent-thunar 4.1.24-1+deb10u1
qubes-core-qrexec 4.1.13-1+deb10u1
qubes-gui-agent 4.1.16-1+deb10u1
qubes-input-proxy-sender 1.0.23-1+deb10u1
qubes-kernel-vm-support 4.1.13+deb10u1
qubes-mgmt-salt-vm-connector 4.1.9-1+deb10u1
qubes-usb-proxy 1.0.29+deb10u1
qubes-utils 4.1.13+deb10u1
qubes-vm-dependencies 4.1.11-1+deb10u1
qubes-whonix 1:15.2-1
qubes-whonix-gateway 3:20.2-1
qubes-whonix-gateway-packages-recommended 1:15.2-1
qubes-whonix-shared-packages-recommended 1:15.2-1
qubesdb 4.1.10-1+deb10u1
qubesdb-vm 4.1.10-1+deb10u1
In the AppVM which is fedora-based:
python3-dnf-plugins-qubes-hooks-4.1.24-1.fc32.x86_64
python3-qubesdb-4.1.10-1.fc32.x86_64
python3-qubesimgconverter-4.1.13-1.fc32.x86_64
qubes-core-agent-4.1.24-1.fc32.x86_64
qubes-core-agent-dom0-updates-4.1.24-1.fc32.x86_64
qubes-core-agent-nautilus-4.1.24-1.fc32.x86_64
qubes-core-agent-network-manager-4.1.24-1.fc32.x86_64
qubes-core-agent-networking-4.1.24-1.fc32.x86_64
qubes-core-agent-passwordless-root-4.1.24-1.fc32.x86_64
qubes-core-agent-systemd-4.1.24-1.fc32.x86_64
qubes-core-qrexec-4.1.13-1.fc32.x86_64
qubes-core-qrexec-libs-4.1.13-1.fc32.x86_64
qubes-core-qrexec-vm-4.1.13-1.fc32.x86_64
qubes-db-4.1.10-1.fc32.x86_64
qubes-db-libs-4.1.10-1.fc32.x86_64
qubes-db-vm-4.1.10-1.fc32.x86_64
qubes-gpg-split-2.0.50-1.fc32.x86_64
qubes-gui-agent-4.1.16-1.fc32.x86_64
qubes-img-converter-1.2.9-1.fc32.x86_64
qubes-input-proxy-sender-1.0.23-1.fc32.x86_64
qubes-kernel-vm-support-4.1.13-1.fc32.x86_64
qubes-libvchan-xen-4.1.7-1.fc32.x86_64
qubes-menus-4.1.6-1.fc32.noarch
qubes-mgmt-salt-vm-connector-4.1.9-1.fc32.noarch
qubes-pdf-converter-2.1.11-1.fc32.x86_64
qubes-usb-proxy-1.0.29-1.fc32.noarch
qubes-utils-4.1.13-1.fc32.x86_64
qubes-utils-libs-4.1.13-1.fc32.x86_64
qubes-vm-dependencies-4.1.11-1.fc32.noarch
qubes-vm-recommended-4.1.11-1.fc32.noarch