[Q4-rc5] Custom VPN/ProxyVM problem. Please, help
45 views
Skip to first unread message
eva...@protonmail.com
Mar 21, 2018, 11:50:39 AM3/21/18
to qubes...@googlegroups.com
I have trouble with my ProxyVM setup. It's the same VPN Qube (ProxyVM, now AppVM) from Qubes 3.2. At the previous Q3.2 version it works like a charm for all day long. With Q4 I noticed that my workground loss connection at all AppVMs connected to this ProxyVM.
Connection lost after 30/60 minutes of use. I do not actually check the time, but something around this. It always lost connection after some amount of time.
I do some investigation and found that ProxyVM still have access to network. It can connect and disconnect to my server, but AppVM-client that connected to this ProxyVM do not have any network access. I tried to change "network"-vm at settings for this AppVM and this do not help. The same befaviour to sys-whonix.
I found that
> ip route list
at ProxyVM show me "linkdown"
IP dev vif8.0 scope link metric 32744 (when network works fine)
IP dev vif8.0 scope link metric 32744 linkdown (this)
If I reboot App-Client then it can connect to network.
Any ideas how to fix this? Please.
I have branch of ProxyVMs and it's not possible to reboot only one VM to restore access. Now, it's not possible to use Q4 all day long, because it loss access time to time.
Thanks.
eva...@protonmail.com
Mar 21, 2018, 11:56:26 AM3/21/18
to qubes...@googlegroups.com
I do another research. After clean reboot I tried to change "networking"-vm to another one for my AppVM-client from Qube Manager. Without success. After I do this I loss my network at App-client and I do not know how to fix it, because if I manually change "networking"-vm again to the first one I still not have network. Only reboot of AppVM-client helps.
Zrubi
Mar 21, 2018, 3:13:39 PM3/21/18
to eva...@protonmail.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Seems you are hit by this bug:
https://github.com/QubesOS/qubes-issues/issues/3657
please check your kernels, and report back.
Thanks.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqyrtoACgkQGjNaC1SP
N2SwQA/+ML/cbUQM8LxwbPaNvUgo2wotTBmK90aKe7oBnCH3HXpYk5odi8Sr9VZ4
h/96rHwg1SAfki0tuau2kwl3Qsmy1CZtLcaeAqwXOI55ASGPZSi3nTBK8yx7a76q
SUBasuUf65t/VthTzOyWTjlQsmtOog4/27n9L0z5reN6LULqDt635pM+IDzCWe2W
Mcc6p+4tfx3tCjDfso4KWJ/g6HMKb/QgxkSElX1/wgrs1myAJOiBibbKfnUzI6/7
4L1LjXyFNJYNZ+cumhxjSG9/EWHS0Zkta/oS0H1zktiuQpIRIwbPsONjbHNSlDc7
pGP2fFuzaFOyjmYjck0F+prfgDQzWKVAh+sUVGWqJcWSh8sZK5vmemm5T4Sm6fk+
a+IysIItEfTGyaGxdZVXN6bEj69kvQi50PU4vtYS7jwcFmOZxoWVmF9n9BrPF78y
SYN5+ZfqNsc6EKIOakZLq36fqGW3tk7bD6PuVeLgiV58C9YGFoZc6QdwBZm+XvnH
VAN6+s1JY1nQRWEEzc7Q7F0NDB96HpbzNMd4FAtJlBuzyZQLE0UFvgpvB57DY5kr
3piSBo75I+2nemF8By3KkSdfUp/QFOUb7ZhfD3aXPg0vL9PYm6itXz4l+UZGA7sM
JIeu5n/dcw8uf4jjSSVtH+i2JMU2TujpvoiLp9IsT5haqeFlaiQ=
=GI08
-----END PGP SIGNATURE-----
Hash: SHA256
https://github.com/QubesOS/qubes-issues/issues/3657
please check your kernels, and report back.
Thanks.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqyrtoACgkQGjNaC1SP
N2SwQA/+ML/cbUQM8LxwbPaNvUgo2wotTBmK90aKe7oBnCH3HXpYk5odi8Sr9VZ4
h/96rHwg1SAfki0tuau2kwl3Qsmy1CZtLcaeAqwXOI55ASGPZSi3nTBK8yx7a76q
SUBasuUf65t/VthTzOyWTjlQsmtOog4/27n9L0z5reN6LULqDt635pM+IDzCWe2W
Mcc6p+4tfx3tCjDfso4KWJ/g6HMKb/QgxkSElX1/wgrs1myAJOiBibbKfnUzI6/7
4L1LjXyFNJYNZ+cumhxjSG9/EWHS0Zkta/oS0H1zktiuQpIRIwbPsONjbHNSlDc7
pGP2fFuzaFOyjmYjck0F+prfgDQzWKVAh+sUVGWqJcWSh8sZK5vmemm5T4Sm6fk+
a+IysIItEfTGyaGxdZVXN6bEj69kvQi50PU4vtYS7jwcFmOZxoWVmF9n9BrPF78y
SYN5+ZfqNsc6EKIOakZLq36fqGW3tk7bD6PuVeLgiV58C9YGFoZc6QdwBZm+XvnH
VAN6+s1JY1nQRWEEzc7Q7F0NDB96HpbzNMd4FAtJlBuzyZQLE0UFvgpvB57DY5kr
3piSBo75I+2nemF8By3KkSdfUp/QFOUb7ZhfD3aXPg0vL9PYm6itXz4l+UZGA7sM
JIeu5n/dcw8uf4jjSSVtH+i2JMU2TujpvoiLp9IsT5haqeFlaiQ=
=GI08
-----END PGP SIGNATURE-----
Chris Laprise
Mar 21, 2018, 4:56:11 PM3/21/18
to Zrubi, eva...@protonmail.com, qubes...@googlegroups.com
On 03/21/2018 03:13 PM, Zrubi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 03/21/2018 04:56 PM, evastar via qubes-users wrote:
>> I do another research. After clean reboot I tried to change
>> "networking"-vm to another one for my AppVM-client from Qube
>> Manager. Without success. After I do this I loss my network at
>> App-client and I do not know how to fix it, because if I manually
>> change "networking"-vm again to the first one I still not have
>> network. Only reboot of AppVM-client helps.
>
> Seems you are hit by this bug:
> https://github.com/QubesOS/qubes-issues/issues/3657
>
> please check your kernels, and report back.
> Thanks.
I'm using R4.0rc5 and kernel 4.14.18. What I experience is that my VPN
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 03/21/2018 04:56 PM, evastar via qubes-users wrote:
>> I do another research. After clean reboot I tried to change
>> "networking"-vm to another one for my AppVM-client from Qube
>> Manager. Without success. After I do this I loss my network at
>> App-client and I do not know how to fix it, because if I manually
>> change "networking"-vm again to the first one I still not have
>> network. Only reboot of AppVM-client helps.
>
> Seems you are hit by this bug:
> https://github.com/QubesOS/qubes-issues/issues/3657
>
> please check your kernels, and report back.
> Thanks.
or other proxyVMs will stay running all day, but I can't live switch the
netvm setting for any VMs or else networking for them will be blocked.
On the outside chance evastar's problem is triggered by a VPN
disconnection issue, you could try adding a ping timeout directive like
"keepalive 10 41" (for openvpn) to see if that helps.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Evastar
Mar 23, 2018, 6:23:51 PM3/23/18
to qubes...@googlegroups.com
Laszlo Zrubecz, yes, 4.14.18-1 kernel. Seems it's effect me not only one way (switching networking on the fly), but also affect me in other way...
Or is there some planed networking tasks at proxyvm or AppVM by time?
Laszlo Zrubecz, Thanks, but I do not think that it's keep alive, because I use my networking very intensive and at some point I loose all access. As I'm already wrote I see "linkdown" from "ip route list"
I guess that after some time I will lose access again. Now, I start timer.
Or is there some planed networking tasks at proxyvm or AppVM by time?
Laszlo Zrubecz, Thanks, but I do not think that it's keep alive, because I use my networking very intensive and at some point I loose all access. As I'm already wrote I see "linkdown" from "ip route list"
I guess that after some time I will lose access again. Now, I start timer.
Reply all
Reply to author
Forward
0 new messages