/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Networking issues with fedora-25, debian-9 as NetVM template in 4.0rc1 #2964

Closed
0spinboson opened this Issue Aug 4, 2017 · 14 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
4 participants
@0spinboson @marmarek @andrewdavidwong @tlaurion
@0spinboson

0spinboson commented Aug 4, 2017
edited
Edited 1 time
  • @0spinboson 0spinboson edited Aug 4, 2017 (most recent)

Qubes OS version (e.g., R3.2):

4.0rc1

Affected TemplateVMs (e.g., fedora-23, if applicable):

fedora-25, debian-9

Expected behavior:

can use either or both of the templates for sys-net, sys-firewall.

Actual behavior:

(on 2 computers): fedora-25 almost never works as sys-net, but does sometimes (so I don't get it).

Debian-8 as netVM works flawlessly, but when I updated that (fresh) template to debian-9, it also stopped forwarding to sys-firewall.
Connectivity inside sys-net is fine, and/so connecting dom0 updater to the netVM directly does work.

@andrewdavidwong andrewdavidwong added bug C: Debian C: Fedora labels Aug 5, 2017

@andrewdavidwong andrewdavidwong added this to the Release 4.0 milestone Aug 5, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 6, 2017

Member

Can you be more specific than "fedora-25 almost never works as sys-net"? What exactly happen?
Member

marmarek commented Aug 6, 2017

Can you be more specific than "fedora-25 almost never works as sys-net"? What exactly happen?
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Aug 6, 2017

Member

I can confirm this on R3.2. When I try to use fedora-25 or fedora-25-minimal as the TemplateVM for sys-net, I can connect to Wi-Fi networks as normal, but AppVMs have no internet connection. Switching sys-net back to fedora-24* immediately fixes it.
Member

andrewdavidwong commented Aug 6, 2017

I can confirm this on R3.2. When I try to use fedora-25 or fedora-25-minimal as the TemplateVM for sys-net, I can connect to Wi-Fi networks as normal, but AppVMs have no internet connection. Switching sys-net back to fedora-24* immediately fixes it.
@0spinboson

This comment has been minimized.

Show comment
Hide comment
@0spinboson

0spinboson Aug 7, 2017

no packets are forwarded to sys-firewall or beyond (though it randomly did work one time, I have no idea how/why). Compare these three logs of 'iptables -L -vn' run in sys-net, which are hopefully more informative. No rules added or changed by me, this is the out of the box configuration.

iptablesfc25.txt
iptablesd9.txt
iptablesd8.txt

0spinboson commented Aug 7, 2017
edited
Edited 1 time
  • @0spinboson 0spinboson edited Aug 7, 2017 (most recent)

no packets are forwarded to sys-firewall or beyond (though it randomly did work one time, I have no idea how/why). Compare these three logs of 'iptables -L -vn' run in sys-net, which are hopefully more informative. No rules added or changed by me, this is the out of the box configuration.

iptablesfc25.txt
iptablesd9.txt
iptablesd8.txt
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 7, 2017

Member

Can you include the same with -t nat option?
Member

marmarek commented Aug 7, 2017

Can you include the same with -t nat option?
@0spinboson

This comment has been minimized.

Show comment
Hide comment
@0spinboson

0spinboson Aug 7, 2017

Of course:
iptablesf25nat.txt
iptablesd9nat.txt
iptablesd8nat.txt

0spinboson commented Aug 7, 2017

Of course:
iptablesf25nat.txt
iptablesd9nat.txt
iptablesd8nat.txt
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 7, 2017

Member

Looks ok... What is value of /proc/sys/net/ipv4/ip_forward?
Member

marmarek commented Aug 7, 2017

Looks ok... What is value of /proc/sys/net/ipv4/ip_forward?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 7, 2017

Member

(just one of broken cases is enough)
Member

marmarek commented Aug 7, 2017

(just one of broken cases is enough)
@0spinboson

This comment has been minimized.

Show comment
Hide comment
@0spinboson

0spinboson Aug 7, 2017

0spinboson commented Aug 7, 2017

@andrewdavidwong andrewdavidwong referenced this issue Aug 11, 2017

Open

Unknown packages required for sys-net based on fedora-25-minimal #3010

@tlaurion

This comment has been minimized.

Show comment
Hide comment
@tlaurion

tlaurion Sep 7, 2017

Contributor

Also have the bug. Any other troubleshooting paths to suggest? Other output that would help in troubleshooting this issue?
Contributor

tlaurion commented Sep 7, 2017

Also have the bug. Any other troubleshooting paths to suggest? Other output that would help in troubleshooting this issue?
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Sep 8, 2017

Member

@tlaurion: In my case, it turned out that #3008 was the real problem. Blacklisting iwlmvm fixed it. (See the comments on that issue.)
Member

andrewdavidwong commented Sep 8, 2017

@tlaurion: In my case, it turned out that #3008 was the real problem. Blacklisting iwlmvm fixed it. (See the comments on that issue.)
@0spinboson

This comment has been minimized.

Show comment
Hide comment
@0spinboson

0spinboson Sep 8, 2017

Glad your issue was resolved, but I never use sleep/standby, and I also don't use wifi.

0spinboson commented Sep 8, 2017

Glad your issue was resolved, but I never use sleep/standby, and I also don't use wifi.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 11, 2017

Member

Maybe you can track with tcpdump where exactly the packets are lost?
Member

marmarek commented Sep 11, 2017

Maybe you can track with tcpdump where exactly the packets are lost?
@0spinboson

This comment has been minimized.

Show comment
Hide comment
@0spinboson

0spinboson Oct 25, 2017

I have no idea why, but for me the issue with fc25 and fc26 not being usable as the sys-net template has disappeared with rc2.

0spinboson commented Oct 25, 2017

I have no idea why, but for me the issue with fc25 and fc26 not being usable as the sys-net template has disappeared with rc2.
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Oct 26, 2017

Member

Closing this as "resolved" for now. If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.
Member

andrewdavidwong commented Oct 26, 2017

Closing this as "resolved" for now. If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.

@andrewdavidwong andrewdavidwong closed this Oct 26, 2017

@andrewdavidwong andrewdavidwong added the resolved label Oct 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment