/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing netVM while appVM running disables networking #2426

Closed
flamsmark opened this Issue Nov 9, 2016 · 8 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
4 participants
@flamsmark @entr0py @andrewdavidwong @unman
@flamsmark

flamsmark commented Nov 9, 2016

Qubes OS version (e.g., R3.1):

R3.2

Expected behavior:

Changing an appVM's netVM while the appVM is running results in the appVM's traffic passing through the new netVM. If an appVM's netVM cannot be changed while the appVM is running, the options in the Qubes VM Manager are marked with a red asterisk and greyed out.

Actual behavior:

After changing an appVM's netVM, the appVM can no longer access the network.

Steps to reproduce the behavior:

Change an appVM's netVM while the appVM is running, either through the Qubes VM Manager or qvm-prefs.

General notes:

The documentation generally seems to indicate that this should work without the need for any user configuration or tweaking, but both @micahflee experience it.
@entr0py

This comment has been minimized.

Show comment
Hide comment
@entr0py

entr0py Nov 9, 2016

Sounds to me like this might be a template-specific issue. Which template was your appVM based on?

This works as expected for me when using Whonix-Workstation. Oops, I'm on 3.1 so can't speak for 3.2.

entr0py commented Nov 9, 2016
edited
Edited 1 time
  • @entr0py entr0py edited Nov 9, 2016 (most recent)

Sounds to me like this might be a template-specific issue. Which template was your appVM based on?

This works as expected for me when using Whonix-Workstation. Oops, I'm on 3.1 so can't speak for 3.2.
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Nov 9, 2016

Member

Yes, details about the type of TemplateVM and also the kinds of NetVMs would help. (For example, you might encounter problems switching to/from VPN and Tor ProxyVMs that you wouldn't experience when switching to/from ordinary clearnet ProxyVMs.)
Member

andrewdavidwong commented Nov 9, 2016

Yes, details about the type of TemplateVM and also the kinds of NetVMs would help. (For example, you might encounter problems switching to/from VPN and Tor ProxyVMs that you wouldn't experience when switching to/from ordinary clearnet ProxyVMs.)
@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Nov 9, 2016

Member

3.2 vanilla. Various templates - Debian8, Debian-9, fed23 - don't observe this behaviour. Simply works with new netvm without reconfiguration
Member

unman commented Nov 9, 2016

3.2 vanilla. Various templates - Debian8, Debian-9, fed23 - don't observe this behaviour. Simply works with new netvm without reconfiguration
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Nov 9, 2016

Member

I suspect this might be a VPN or Tor ProxyVM. Can you confirm or deny my suspicion, @flamsmark?
Member

andrewdavidwong commented Nov 9, 2016

I suspect this might be a VPN or Tor ProxyVM. Can you confirm or deny my suspicion, @flamsmark?
@flamsmark

This comment has been minimized.

Show comment
Hide comment
@flamsmark

flamsmark Nov 14, 2016

This issue happens for every combination of AppVM (Fedora 23, Debian 8 & 9) and NetVM (directly using the Firewall VM, a VPN VM a Tor proxy VM…). There is no combination which works for me — even if my nextVM crashes and I try to reconnect it, no dice.

flamsmark commented Nov 14, 2016

This issue happens for every combination of AppVM (Fedora 23, Debian 8 & 9) and NetVM (directly using the Firewall VM, a VPN VM a Tor proxy VM…). There is no combination which works for me — even if my nextVM crashes and I try to reconnect it, no dice.
@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Nov 15, 2016

Member

@flamsmark Can you use default netvm sys-firewall and one connected template based qube,(preferably both on 3.2 vanilla templates.)

It would be helpful if you could gather some output on the netvm and qube about iptables, ip information and routing. Then make the change to another standard netvm, and gather the same information on qube and new netvm: don't forget to include nat and raw tables on the netvm.
Then post the results.
Member

unman commented Nov 15, 2016

@flamsmark Can you use default netvm sys-firewall and one connected template based qube,(preferably both on 3.2 vanilla templates.)

It would be helpful if you could gather some output on the netvm and qube about iptables, ip information and routing. Then make the change to another standard netvm, and gather the same information on qube and new netvm: don't forget to include nat and raw tables on the netvm.
Then post the results.

@andrewdavidwong andrewdavidwong added the C: other label Nov 15, 2016

@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Nov 26, 2016

Member

@flamsmark Have you been able to perform those tests? Can you confirm you still see the problem and post the outputs I requested?
Member

unman commented Nov 26, 2016

@flamsmark Have you been able to perform those tests? Can you confirm you still see the problem and post the outputs I requested?
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Dec 27, 2016

Member

Closing due to lack of response.
Member

andrewdavidwong commented Dec 27, 2016

Closing due to lack of response.

@andrewdavidwong andrewdavidwong closed this Dec 27, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment