On Monday, 26 February 2018 23:17:41 UTC, Thorsten Schierer wrote:
> Ok, I set up 2 new VMs (sys-net and
> sys-firewall) in case something went wrong during the setup, but the
> result was the same as before.
>
> Not sure how to enable the
> clocksync service in sys-net (fedora-26 template) but the date/time
> settings are correct, so I assume it already is syncing correctly.
Yes probably. For reference, to check (or enable):
- go to start menu/System Tools/Qube Manager
- right click sys-net/Qube Settings/Services tab
- clocksync should be in the list and ticked if not type clocksync and click on
+
- I think a full reboot is required. There are probably ways to avoid it...
>
> But I did some more research and this is what I found out so far is:
>
> sys-net itself has a working internet connection (I can do "ping
> www.google.com"
> in a terminal and everything is fine).
> Also other VMs that use sys-net directly as netVM can access the internet
> (i.e. ping a server etc.).
> The only exception is sys-firewall, in which a ping just fails due to no
> connection.
>
> When sys-firewall starts up, a new vif is created inside sys-net (which was
> expected), but there is no route created.
> When
> I tried to create a new route it said "Network is down". So it did
> "ifconfig vif8.0 up" and afterwards added a new route with:
>
> "sudo ip route add 10.137.0.15 dev vif8.0 metric 32752"
>
>
> "route -v" displays:
> 10.137.0.15 0.0.0.0 255.255.255.255 UH 32752 0 0 vif8.0
>
I am confused, did you do this in sys-net or sys-firewall. Because sys-net
would have a default route and a route for your Lan. You may have tripped the
info which is fine.
my routing on sys-net looks like this:
-bash-4.4# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 ens5
10.137.0.15 0.0.0.0 255.255.255.255 UH 0 0 0 vif8.0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens5
You should not have needed to ifconfig vifX up. This is something that will
need to be looked at later.
on sys-firewall, you are probably going to need to ifconfig eth0 up and you
should have something like this:
-bash-4.4# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.137.0.14 0.0.0.0 UG 0 0 0 eth0
10.137.0.14 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
if .14 is the ip of sys-net (ifconfig | grep -i ast)
from sys-firewall, try ping 8.8.8.8 (Google dns) or something else to remove
dns resolution from the picture
also arp -an
to check you have connectivity to sys-net and arp resolution
>
>
>
>
>
>
>
> So at this point the ifconfig and route entries look exactly like on my other
> machine which is working fine out of the box.
>
> Unfortunately sys-firewall still does not have a working internet connection
> ("ping www.google.com" results in "Name or service not known" due to no DNS
> connectivity).
>
>
> So it seems like
> as soon as I create a new VM with "provides network" checked, it can
> not use the network connection of sys-net. Any other VM that does not
> provide network ifself can use sys-net directly and works fine.
>
> I think there is a problem with some kind of proxy setup in sys-firewall or
> something.
>
> Is
> there some documentation which steps are done regarding networking
> during the startup of sys-firewall, so I can try to do those steps manually
> one
> by one to see where the problem appears?
>
>
>
>
> 2018-02-26 22:38 GMT+01:00 Alex Dubois <bow...@gmail.com>:
> On Monday, 26 February 2018 03:48:29 UTC, thorsten...@gmail.com wrote:
>
> > I installed Qubes 4.0-rc4 and have a problem with my internet connection.
>
> > sys-net itself has a working internet connection but sys-firewall does not.
> > No need to mention that every other VM that uses sys-firewall as netVM does
> > also have no working internet connection.
>
> >
>
> > If I switch the default netVM from sys-firewall to sys-net (for testing),
> > dom0 can use it to update etc. Also any other VM gets internet connection
> > with sys-net as Networking VM.
>
> >
>
> > An update of dom0 from testing-repository did not fix the problem.
>
> > Also switching the sys-firewall template from fedora-26 to debian-9 does
> > not help.
>
> >
>
> > I found a similar problem here:
>
> > https://github.com/QubesOS/qubes-issues/issues/2141
>
> >
>
> > So I checked the network interfaces and they are like this:
>
> >
>
> > sys-net:
>
> > lo
>
> > enp0s0
>
> > vif2.0
>
> >
>
> > sys-firewall:
>
> > eth0
>
> > lo
>
> >
>
> > Not sure, but I guess the vif interface is missing in sys-firewall?
>
> > How do I fix this problem?
>
>
>
> vif interface will appear when a VM connects to it.
>
>
>
> Could you clarify the term no internet.
>
>
>
> I had a lot of problems solved once sys-net had the service clocksync enabled
> (as it should).
>
>
>
> --
>
> You received this message because you are subscribed to a topic in the Google
> Groups "qubes-users" group.
>
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/oN204nGh63I/unsubscribe.
>
> To unsubscribe from this group and all its topics, send an email to
> qubes-users...@googlegroups.com.
>
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/46a6952f-6fd5-4aec-93ca-994937a24c5e%40googlegroups.com.
>
>
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2da09ea2-c28a-4c75-bdd1-d800d815d40d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
