To what kind of issues can mixed up dom0 and VM Qubes versions lead?

[Patrick Schleizer]

As I noticed, when the VM is upgraded to R3.2 but dom0 stays at R3.1,
this breaks qubes-gui-agent in the VM.

[1] What about the other way around...? I upgraded dom0 R3.2 but left
whonix-gw / anon-whonix at R3.1. This broke networking inside Whonix and
I have not been able yet to fix that or determine the cause. Is this to
be expected?

Or asking a bit similar... Would dom0 R3.2 and Debian VM R3.1 work? Or
have broken networking?

Or are any other issues derived from Qubes release version mixing to be
expected?

(I deliberately set up a test system this way [1] for Whonix
development/testing purposes. I guess some users might run into this. So
it would be worth knowing about symptoms [for support] and issues one
would run into then.)

Cheers,
Patrick

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Jun 30, 2016 at 08:31:00PM +0000, Patrick Schleizer wrote:
> As I noticed, when the VM is upgraded to R3.2 but dom0 stays at R3.1,
> this breaks qubes-gui-agent in the VM.
>
> [1] What about the other way around...? I upgraded dom0 R3.2 but left
> whonix-gw / anon-whonix at R3.1. This broke networking inside Whonix and
> I have not been able yet to fix that or determine the cause. Is this to
> be expected?

Can you elaborate? I don't recall any change introducing incompatibility
in this direction. There may be some non-working new features, but that
should be all, at least in theory...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXdZWDAAoJENuP0xzK19cstGAH/3TYtPYrkwwUaFOuOjMDfW7H
/cLWP7PElbmIvOXcKam5lUTVMdazM2PwfpxEgsu00rzJlICvc1aU2YnLSYpRG7nz
mYbzQyNngRx+3r8QiCqYbn4yFnp3q76CuuQ/J9mAF93bVbN4UeSwI/wj0jnk23ji
r9IbXYLINF38Fh0+/XQHT7hxdRQkT0NgQw+qdUd5sjfO8pmP3RdQbTwTskc+BHoQ
MGRyPdZ0GVelNpPGl1hWszaG+GPyKXkeUuKeJi59EJaFstanY3oxNd4/kaKGmZ23
COxd/rbKH92OXKyOVfvFgCbjEoRjdJb1yOimqadp6DL1GsNsgfj3UPi0TJ3fLwo=
=GqMU
-----END PGP SIGNATURE-----

[Patrick Schleizer]

Marek Marczykowski-Górecki:

> On Thu, Jun 30, 2016 at 08:31:00PM +0000, Patrick Schleizer wrote:
>> As I noticed, when the VM is upgraded to R3.2 but dom0 stays at R3.1,
>> this breaks qubes-gui-agent in the VM.
>
>> [1] What about the other way around...? I upgraded dom0 R3.2 but left
>> whonix-gw / anon-whonix at R3.1. This broke networking inside Whonix and
>> I have not been able yet to fix that or determine the cause. Is this to
>> be expected?
>
> Can you elaborate? I don't recall any change introducing incompatibility
> in this direction. There may be some non-working new features, but that
> should be all, at least in theory...
>
>

Not much to elaborate at this time unfortunately.

- Tor does not connect anymore. Stops at 80% bootstrapping.
- After unloading Whonix firewall [1] for debugging purposes and logging
in as user "clearnet", it was not possible to "ping 8.8.8.8". (icmp
filtered by sys-firewall IP.)

Did you test if Whonix works with/in R3.2 yet?

Cheers,
Patrick

[1] https://www.whonix.org/wiki/Dev/Firewall_Unload

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Yes, it works fine on my system.

Even though I haven't upgraded qubes-specific packages there to R3.2
yet. So exactly the case you described as not working...

And finally it survive system suspend! Yes, I have upgraded to Whonix
13.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXdZ8sAAoJENuP0xzK19cswckH/0Q4peno3BDLfaNfjAqJkkt0
b3jWjr8YtE3zmXrnRaq8KxLgJoJa/6QLJsoNVxcX6so3AMUJvGqMq2QhK6Q/0hfx
fLPXW6FFgA3udJ598MvBdRo3QoADX7tFTRgWgZ5N4DnETRdFb9OQLCSN1X0byvf6
Js4WLmrSHG8uQntELhlBRvjRWdSgNN8Tn+oCWqIkyTaSG9f/Wk9uHhkT6SUQC5gH
Vz2NEOcSME6aPPcJ/nRiKdxnAU0A72AVhOwH7b/PrHEfw775fjdPBn1itaHHkjF7
mafHM31xclmBoRgpfNxJCrE5BYaL4pOHLnDpu58YKj2YBhTW1KvfuEZSIc+DBFg=
=NBC1
-----END PGP SIGNATURE-----

[Patrick Schleizer]

Marek Marczykowski-Górecki:
> On Thu, Jun 30, 2016 at 10:27:00PM +0000, Patrick Schleizer wrote:
>> Marek Marczykowski-Górecki:
>>> On Thu, Jun 30, 2016 at 08:31:00PM +0000, Patrick Schleizer wrote:
>>>> As I noticed, when the VM is upgraded to R3.2 but dom0 stays at R3.1,
>>>> this breaks qubes-gui-agent in the VM.
>>>
>>>> [1] What about the other way around...? I upgraded dom0 R3.2 but left
>>>> whonix-gw / anon-whonix at R3.1. This broke networking inside Whonix and
>>>> I have not been able yet to fix that or determine the cause. Is this to
>>>> be expected?
>>>
>>> Can you elaborate? I don't recall any change introducing incompatibility
>>> in this direction. There may be some non-working new features, but that
>>> should be all, at least in theory...
>>>
>>>
>
>> Not much to elaborate at this time unfortunately.
>
>> - Tor does not connect anymore. Stops at 80% bootstrapping.
>> - After unloading Whonix firewall [1] for debugging purposes and logging
>> in as user "clearnet", it was not possible to "ping 8.8.8.8". (icmp
>> filtered by sys-firewall IP.)
>
>> Did you test if Whonix works with/in R3.2 yet?
>
> Yes, it works fine on my system.
>
> Even though I haven't upgraded qubes-specific packages there to R3.2
> yet. So exactly the case you described as not working...
>
> And finally it survive system suspend! Yes, I have upgraded to Whonix
> 13.
>
>

It is not related to R3.1 vs R3.2 at all indeed.

Reported a bug.

sys-firewall broken, does not function as ProxyVM in R3.2
https://github.com/QubesOS/qubes-issues/issues/2141

Cheers,
Patrick