Whonix-Gateway broken after last upgrade on Qubes R4.1 (deprecated Qubes release)

aptcache · May 16, 2025, 5:28pm

Context: Qubes 4.1 with whonix 17 templates. Issue is whonix specific.

Trigger: after upgrading whonix templates (yesterday), prior upgrade was 5th of May.

Symptom: VMs connected to sys-whonix have NO internet access. (debian, hvm, anon-whonix, all). Happened right after the whonix template upgrades. sys-whonix is connected to Tor, circuits are fine, templates can apt-get update without issues…

What I tried:

created a new sys-whonix. same problem: tor is connected but vms connected to this new gateway have no internet access:

[workstation user ~]% curl 1.1.1.1
curl: (7) Failed to connect to 1.1.1.1 port 80 after 0 ms: Couldn't connect to server
zsh: exit 7     curl 1.1.1.1

revert packages? no versions besides latest available in repostory! checked with sudo apt-cache policy <package> . There are no cached packages in the system I could revert to.
I have no backups to go back to… lesson learned.

I’M LEFT WITH NO INTERNET ACCESS!!! HELP

Patrick · May 16, 2025, 5:31pm

Not possible.

aptcache · May 17, 2025, 8:48am

I have proof the upgrade is breaking the gateway template.

I’ve downloaded again whonix gateway 17 template in dom0, and set it as template for sys-whonix. Sys-whonix works with this outdated template.
I clone this outdated template, upgraded it, and set it as template for sys-whonix. BROKEN. Nothing connected to it has internet connection.

It is proven to be an issue caused by the upgrade.
I don’t know why other people are not reporting this issue… if for some mysterious reason it’s only affecting me , I imagine the whonix team will have to ignore it…

extraextra · May 17, 2025, 9:19am

OMG

Patrick · May 17, 2025, 12:26pm

github.com/QubesOS/qubes-issues

add conspicuous EOL indicator widget for dom0 (and Templates)

opened 12:26PM - 17 May 25 UTC

adrelanos

P: default

### The problem you're addressing (if any) Users fail to notice dom0 EOL (end-o…f-life). ([example](https://forums.whonix.org/t/whonix-gateway-broken-after-last-upgrade/21605)) Some users are not reading release announcements or are missing key information. ### The solution you'd like Add to task bar a red text: `end-of-life` Or a big conspicuous warning symbol. Upon clicking on it, briefly explain what that means. ### The value to a user and who that user might be No longer missing release announcements and wasting time attempting to debug, fix issues (re-installation, bug reporting). ([example](https://forums.whonix.org/t/whonix-gateway-broken-after-last-upgrade/21605)) ### Implementation Optional considerations. The widget could be developed for Qubes R4.3 and above. Development could be started any time. The widget, systray, popup, all code could already be prepared. But, the widget would not start yet. The widget would only be started once a status file (such as `/usr/share/qubes/eol` (TBD)) exists. This is to allow a final upgrade to be easily uploaded to the to-be-EOL'd release. The EOL widget could be tested by developers earlier. But the actual activation status file could be easily created once needed. (This is to avoid having to invent a bigger GUI application shortly before EOL.) Alternatively, such code might also be integrated with Qubes Updater. Yet another alternative: [Do not show this message again. - Generic One Time Popup](https://forums.whonix.org/t/do-not-show-this-message-again-generic-one-time-popup/8066) ### Completion criteria checklist