Cannot start Whonix External Virtual Network

glass · January 23, 2025, 2:00pm

Upgraded to Debian 12.9 a couple weeks ago. I noticed some upgrades to qemu and libvirt in the upgrade. Since then, I am receiving an error when attempting to start the external virtual network:

Error starting network ‘Whonix-External’: internal error: Child process (VIR_BRIDGE>
dnsmasq: failed to create listening socket for 10.0.2.2: Address already in use.

Traceback (most recent call last):
File “/usr/share/virt-manager/virtManager/asyncjob.py”, line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File “/usr/share/virt-manager/virtManager/asyncjob.py”, line 108, in tmpcb
callback(*args, **kwargs)
File “/usr/share/virt-manager/virtManager/object/libvirtobject.py”, line 57, in n>
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/share/virt-manager/virtManager/object/network.py”, line 69, in start
self._backend.create()
File “/usr/lib/python3/dist-packages/libvirt.py”, line 3547, in create
raise libvirtError(‘virNetworkCreate() failed’)
libvirt.libvirtError: internal error: Child process (VIR_BRIDGE_NAME=virbr1 /usr/sb>
dnsmasq: failed to create listening socket for 10.0.2.2: Address already in use

Never had this problem prior to the most recent debian upgrade. Any suggestions?

Patrick · January 23, 2025, 2:14pm

oxymoron · January 28, 2025, 5:35pm

I have the same problem after upgrading. Did you find any solution?

birdsonawire · February 28, 2025, 3:35pm

I had the exact same problem after the 12.9 update. It seems the issue is that the system-wide dnsmasq instance is already listening on the socket libvirt’s instance is trying to create. I was able to confirm this, seeing how stopping the system-wide dnsmasq service through systemctl stop dnsmasq was a temporary fix. I found a solution on the libvirt wiki.

You need to add/uncomment the following lines in your /etc/dnsmasq.conf:

bind-interfaces
interface=[some physical interface name, e.g. eth0]

You can get the name of your active network interface with ip addr. This should resolve the issue upon restarting the service with systemctl restart dnsmasq.

However, you may encounter another problem on reboot where dnsmasq fails to activate because its service starts before NetworkManager. In that case, you need to edit the [Unit] section in /lib/systemd/system/dnsmasq.service as follows:

[Unit]
After=NetworkManager-wait-online.service

This will ensure that dnsmasq runs after network interfaces have been defined.