Networking issue with sys-whonix, missing vif*

17 views
Skip to first unread message

Vladimir Lushnikov

unread,
Mar 18, 2021, 12:20:28 PM3/18/21
to qubes...@googlegroups.com
Hello,

Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
sys-whonix not bringing up the virtual interfaces for downstream VMs
correctly. I could find nothing conclusive in the bug tracker but am
hesitant to raise it on qubes-issue in case it only affects me.

The symptoms are as follows:

* AppVMs connected to sys-whonix do not get networking
* There is an incorrect nameserver specified in the AppVM
/etc/resolv.conf (the IP does not match the IP of sys-whonix)
* There are no vif* interfaces in sys-whonix, or they are down and have
no IP address
* There are errors in the logs of sys-whonix like:

Mar 18 14:56:20 host root[20716]: /etc/xen/scripts/vif-route-qubes:
Writing backend/vif/17/0/hotplug-error /etc/xen/scripts/vif-route-qubes
failed; error detected. backend/vif/17/0/hotplug-status error to xenstore.
Mar 18 14:56:20 host root[20718]: /etc/xen/scripts/vif-route-qubes:
/etc/xen/scripts/vif-route-qubes failed; error detected.

Workaround is to add the routing information back in sys-whonix (the
vif* interface was there already, just not properly setup):

``
ip link set vif<NUM> up
ip addr add <IP-OF-SYS-WHONIX>/32 dev vif<NUM>
ip route add <IP-OF-APPVM> dev vif<NUM> metric 32744
``

This will fix the routing table so the prerouting nat rules work.

I am not entirely sure how to proceed with diagnosing the issue further.
Versions are posted below.

Kind regards,
Vladimir


Version of qubes* packages in whonix-gw-15:

libqubes-rpc-filecopy2 4.1.13+deb10u1
libqubesdb 4.1.10-1+deb10u1
libvchan-xen 4.1.7-1+deb10u1
python3-qubesdb 4.1.10-1+deb10u1
qubes-core-agent 4.1.24-1+deb10u1
qubes-core-agent-dom0-updates 4.1.24-1+deb10u1
qubes-core-agent-nautilus 4.1.24-1+deb10u1
qubes-core-agent-networking 4.1.24-1+deb10u1
qubes-core-agent-passwordless-root 4.1.24-1+deb10u1
qubes-core-agent-thunar 4.1.24-1+deb10u1
qubes-core-qrexec 4.1.13-1+deb10u1
qubes-gui-agent 4.1.16-1+deb10u1
qubes-input-proxy-sender 1.0.23-1+deb10u1
qubes-kernel-vm-support 4.1.13+deb10u1
qubes-mgmt-salt-vm-connector 4.1.9-1+deb10u1
qubes-usb-proxy 1.0.29+deb10u1
qubes-utils 4.1.13+deb10u1
qubes-vm-dependencies 4.1.11-1+deb10u1
qubes-whonix 1:15.2-1
qubes-whonix-gateway 3:20.2-1
qubes-whonix-gateway-packages-recommended 1:15.2-1
qubes-whonix-shared-packages-recommended 1:15.2-1
qubesdb 4.1.10-1+deb10u1
qubesdb-vm 4.1.10-1+deb10u1

In the AppVM which is fedora-based:

python3-dnf-plugins-qubes-hooks-4.1.24-1.fc32.x86_64
python3-qubesdb-4.1.10-1.fc32.x86_64
python3-qubesimgconverter-4.1.13-1.fc32.x86_64
qubes-core-agent-4.1.24-1.fc32.x86_64
qubes-core-agent-dom0-updates-4.1.24-1.fc32.x86_64
qubes-core-agent-nautilus-4.1.24-1.fc32.x86_64
qubes-core-agent-network-manager-4.1.24-1.fc32.x86_64
qubes-core-agent-networking-4.1.24-1.fc32.x86_64
qubes-core-agent-passwordless-root-4.1.24-1.fc32.x86_64
qubes-core-agent-systemd-4.1.24-1.fc32.x86_64
qubes-core-qrexec-4.1.13-1.fc32.x86_64
qubes-core-qrexec-libs-4.1.13-1.fc32.x86_64
qubes-core-qrexec-vm-4.1.13-1.fc32.x86_64
qubes-db-4.1.10-1.fc32.x86_64
qubes-db-libs-4.1.10-1.fc32.x86_64
qubes-db-vm-4.1.10-1.fc32.x86_64
qubes-gpg-split-2.0.50-1.fc32.x86_64
qubes-gui-agent-4.1.16-1.fc32.x86_64
qubes-img-converter-1.2.9-1.fc32.x86_64
qubes-input-proxy-sender-1.0.23-1.fc32.x86_64
qubes-kernel-vm-support-4.1.13-1.fc32.x86_64
qubes-libvchan-xen-4.1.7-1.fc32.x86_64
qubes-menus-4.1.6-1.fc32.noarch
qubes-mgmt-salt-vm-connector-4.1.9-1.fc32.noarch
qubes-pdf-converter-2.1.11-1.fc32.x86_64
qubes-usb-proxy-1.0.29-1.fc32.noarch
qubes-utils-4.1.13-1.fc32.x86_64
qubes-utils-libs-4.1.13-1.fc32.x86_64
qubes-vm-dependencies-4.1.11-1.fc32.noarch
qubes-vm-recommended-4.1.11-1.fc32.noarch


awokd

unread,
Mar 19, 2021, 3:24:57 PM3/19/21
to qubes...@googlegroups.com
Vladimir Lushnikov:
> Hello,
>
> Since updating to latest Whonix 15/Qubes R4.1, I am having issues with
> sys-whonix not bringing up the virtual interfaces for downstream VMs
> correctly. I could find nothing conclusive in the bug tracker but am
> hesitant to raise it on qubes-issue in case it only affects me.
>
> The symptoms are as follows:
>
> * AppVMs connected to sys-whonix do not get networking
> * There is an incorrect nameserver specified in the AppVM
> /etc/resolv.conf (the IP does not match the IP of sys-whonix)
> * There are no vif* interfaces in sys-whonix, or they are down and have
> no IP address
> * There are errors in the logs of sys-whonix like:

Was this a fresh install of R4.1? If so, an issue would probably be the
best course of action since it's not released yet, so might not have
been widely encountered. If you upgraded by some other means, try
uninstalling the various Whonix templates & VMs and reinstalling via the
Salt commands documented on the Whonix website.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

Josef Johansson

unread,
Apr 1, 2021, 3:54:11 PM4/1/21
to qubes-users
Hi,

As another data point:
This is happening in debian-10 as well. However not in debian-11.
Reply all
Reply to author
Forward
0 new messages