-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, Mar 28, 2024 at 10:29:15PM +0000, Stickstoff wrote: > Hello everyone, > > I have a difficult time with my Tails VM in Qubes (which I need for Tails > specific developing and documentation work). > It gets no network connectivity no matter what I try. With "network > connectivity" I mean the Tails VM can't even ping any network VM. > > I set up a Tails VM [1] a while ago on an up-to-date Qubes r4.1 system (so it > should be similar to r4.2?). After assigning the Tails VM a static ip [2], > it was online right away. Now I had to reinstall Qubes on new hardware, and > installed r4.2. I copied the old Tails VM into the r4.2, and it is stuck > offline. > I then created a new Tails VM, exactly the same way I did before with [1] and > [2], it couldn't reach any networking VM neither. > Next, I purged iptable [3], removed all routes [4] except the default route > and shutdown all network devices except eth0 [5]. > Still, there is no ping response even from the networking VM (which does > reply to other VM's pings). > > Finally, I used a regular Debian 12 live image to create another standalone > VM with [1]. It was online right away. > Tails is based on Debian 12 too. > The only meaningful difference between the Tails and the Debian VMs I could > find was that their default routes [6] look a bit different, where I don't > know if this might be related. > > So it does look like a Tails problem after all. But then, why was the same > Tails VM online when hosted by an up-to-date r4.1 Qubes and offline on > a fresh installed r4.2 Qubes? > I found hints online that others experience the same [7] symptoms of non > reachable networking VMs, where r4.1 vs r4.2 was brought up. > > > Does anyone have suggestions what else I might check and try? > I would be very grateful for any help. It would feel archaic and > counterproductive to use another machine for working on Tails.. > > Stickstoff > > > > > > > > > > > [1] Installing a live linux into a standalone Qubes vm: > Create a new standalone qube: HVM, 2GB+ memory. > dom0: sudo sh -c 'qvm-run --pass-io BrowserVM "cat > ~/downloads/tailsimage.img"' > /tmp/tailsimage.img > dom0: sudo dd if=/dev/zero of=root.img bs=1 count=0 seek=8G > # new empty 8GB root.img as sparse file > dom0: sudo dd bs=32M conv=notrunc status=progress if=/tmp/tailsimage.img > of=root.img # copy the image to the start of root.img > Tails: remove "live-media=removable" in grub bootloader (necessary at each > boot of Tails) > > > [2] Setting up networking in Tails: > dom0: qvm-ls -n TailsVM # get the IP that dom0 assigned > to the Tails VM > Tails: set static ip, netmask, gateway and dns > > [3] purge iptable rules, allow everything: > Tails: sudo iptables -F > Tails: sudo iptables -X > Tails: sudo iptables -P INPUT ACCEPT > Tails: sudo iptables -P OUTPUT ACCEPT > Tails: sudo iptables -P FORWARD ACCEPT > > [4] purge routes and add new default route: > Tails: sudo ip route del <rule> > Tails: sudo ip route add default via 10.137.0.9 dev eth0 > > [5] shutdown network devices: > sudo ip link set dev <devicename> down > > [6] > ip route Tails: > default via 10.137.0.9 dev eth0 proto static metric 100 > 10.137.0.0/24 dev eth0 proto kernel scope link src 10.137.0.32 metric 100 > ^^^^^^^^^^^^^ > > ip route Debian: > default via 10.137.0.9 dev enX0 proto static metric 100 > 10.137.0.9 dev enX0 proto kernel scope link src 10.137.0.32 metric 100 > ^^^^^^^^^^ > > > [7] > https://forum.qubes-os.org/t/tailsos-template/23635/6
Does using the static route you have in Debian, and adding static neighbor entries for the peer, fix the problem? If not, can you try this command? $ sudo ip neighbour replace to 10.137.0.9 dev eth0 \ lladdr fe:ff:ff:ff:ff:ff nud permanent That adds a permanent neighbour entry. If it changes stuff it means that ARP is broken. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmYF+2YACgkQsoi1X/+c IsFJ8Q/+NTsgrVCFAqn3IHkWbgni8WJxwFHZ0spRiPxCb/B+iBQnS/tk5phId5Wn B8Sfscoq79vTlVZJrK7GoYfTTvgcd60xDj6HsQRy/ymyqhJ3SQtlw7l+xi//acDY 7A38Un+UXwN4QtGLQQ0mCqm8/YjeugqwHQq7sy7jodehjFDJkx021urlqob49xkc 40CFG6sI+PWZYMxzqphyICu2sMX8SnKzyKpPXJzKD3LSkFzukbVU3524EgGTv3Th Rfliq/tljOhaIzZQSNsTiLAi0aPblPQ9PlO0X5gC8rzPF7YPIwYfEDJIEM+41UH6 l0OuhkE21rXOBbXnijmtesTHHYUzIcOUQWIuTdMGjjBYRlQ1igrRzc8WvFXXr7d6 tWYvaHXfIimpcfcM3CE15aMXmoEfjTkoHfnkpscZECzqxK5fKz0bLyIqqeilr92t HLnKtWaiYnFXYcYtxwpWJ4vo4CdMMoJH1DEL6zM3EA3ajQsiN8Bx1T23qvFgj1wQ OjfepcB2xpbOCjXgqUCR8uCPJKTLFxCbxAYduO1xQN9wYkm5/LUXn1b8ktp7V2Y2 McYGxCTJjYnZe7rn0+hfExkffhSM/WWbSttXsliD7FL0i8VSAQRSEs7IwHHz0lJT 8H1W3aa90Idt4MQQnWAuQfHKPgqHQrqBgsAx1Iqusf9mE5AQ3RY= =t6k7 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZgX7ZveuY3J64ujW%40itl-email.
