Qvm-template hangs forever when using sys-whonix as dom0 update VM

When using sys-whonix as dom0 update ProxyVM (Qubes Tools > Qubes Global Config > Updates > Dom0 update proxy) I cannot install the new fedora 41 templates (sudo qubes-dom0-update qubes-template-fedora-41-minimal).

This issue is not limited to installation, it seems general update-related networking is affected as I also cannot execute qvm-template list --available.

As for exact behavior there is not much to say, both commands just hang “forever”:

sudo qubes-dom0-update qubes-template-fedora-41-minimal
Using sys-whonix as UpdateVM for Dom0
Downloading packages. This may take a while...
Redirecting to 'qvm-template install  fedora-41-minimal'

When switching the ProxyVM to sys-firewall both commands continue / complete rather quickly.

Is this a known issue?
Has anybody else noticed this?

2 Likes

Does sys-whonix connect to tor successfully or fails? Have you tried it on different networks? For instance, mobile vs cable from different ISP

1 Like

My sys-whonix works in general, only using it as dom0 update proxy seems to be problematic.

I did some testing, connecting my machine using the following methods.

  1. “normal” home Wifi (home ISP)
  2. mobile hotspot with Android connected to home Wifi
  3. Ethernet (home ISP)
  4. mobile hotspot with Android connected to cellular

For each method I executed time qvm-template list --available in dom0.

Results:

  1. home Wifi: real 2m0.862s, real 1m18.768s
  2. mobile hotspot on Wifi: real 2m1.027s, real 2m0.252s
  3. ethernet: 0m0.695s, real 2m0.552s
  4. mobile hotspot on cellular: real 1m7.073s, real 0m1.110s

I guess I did not wait long enough to get any output before creating this thread, however, this behavior still seems fishy and non-deterministic.

Those results are not representative of the respective connection speed and can vary a lot from each test to the next (as can be seen).

Could this be some issue related to the qubes update servers (or some reverse proxies) rate-limiting tor users?
It seems odd to me that the times always tend towards 0s, 1min and 2min.

Also when switching network configurations (changing from Wifi to Ethernet etc.) my sys-whonix might have needed to reconnect, further making the above data unrepresentative.
I suspect this because whilst testing I sometimes couldn’t open any websites until I restarted my tor client (using Tor Control panel).

2 Likes

If so, than it also changes depending on the environment. This time it took like 4.5 minutes for me with already established connection. It might be just dependent on tor connection speed.

But yes, it is always slow to sync the template list. I suspect that in case of it taking 0m0.695s it wasn’t syncing at all and just listed the information. Subsequent interactions with qvm-temlate use already present data if possible.

You can get a quick peep on the time synchronization monitor icon to check. In its menu you find an actual tor status and control panel. And you can monitor connection in detail using nyx.

1 Like