That’s it! Somehow I’ve missed your comment, but also now it happened to me and I’ve found out the same.vif* interfaces is responsibility of /etc/xen/scripts/vif-route-qubes script called by xendriverdomain service, not udev. It fails, with logs in /var/log/xen/xen-hotplug.log. I see a single error there:
RTNETLINK answers: Permission denied
After adding set -x at the beginning of the script, I see it’s on a try to set IPv6 address. Probably because IPv6 is disabled in Whonix.Networking | Qubes OS ). The same page explains how to disable it for particular VM (and others connected to it). So, I’ve executed qvm-features sys-whonix ipv6 '', restarted sys-whonix and now it works.
1 Like
awokd
June 19, 2019, 6:15pm
#22
So, I’ve executed qvm-features sys-whonix ipv6 '', restarted sys-whonix and now it works.
That explains it. I had disabled ipv6 for Whonix with the above
1 Like
marmarek:
Configuring vif* interfaces is responsibility of /etc/xen/scripts/vif-route-qubes script called by xendriverdomain service, not udev. It fails, with logs in /var/log/xen/xen-hotplug.log . I see a single error there:
RTNETLINK answers: Permission denied
After adding set -x at the beginning of the script, I see it’s on a try to set IPv6 address. Probably because IPv6 is disabled in Whonix.Networking | Qubes OS ). The same page explains how to disable it for particular VM (and others connected to it).
Is it possible (preferably) to fix this in /etc/xen/scripts/vif-route-qube? Created
opened 05:51AM - 20 Jun 19 UTC
closed 05:10AM - 06 Oct 19 UTC
T: bug
C: Xen
C: Whonix
r4.0-jessie-stable
r4.0-stretch-stable
r4.0-centos7-stable
r4.0-buster-stable
r4.0-fc29-stable
r4.1-buster-cur-test
r4.1-stretch-cur-test
r4.1-fc29-cur-test
P: default
r4.0-fc30-stable
r4.1-centos7-cur-test
r4.1-fc30-cur-test
r4.1-bullseye-cur-test
r4.0-fc31-cur-test
r4.1-fc31-cur-test
r4.0-bullseye-stable
This issue affects Qubes-Whonix and was triaged by @marmarek, see:
http://forum… s.whonix.org/t/whonix-gateway-not-reachable/7484/21
@marmarek
> Configuring `vif*` interfaces is responsibility of `/etc/xen/scripts/vif-route-qubes` script called by `xendriverdomain` service, not udev. It fails, with logs in `/var/log/xen/xen-hotplug.log` . I see a single error there:
>
> ```
> RTNETLINK answers: Permission denied
> ```
>
> After adding `set -x` at the beginning of the script, I see it’s on a try to set IPv6 address. Probably because IPv6 is disabled in Whonix.
> Indeed I have enabled IPv6 in my system globally (https://www.qubes-os.org/doc/networking/#ipv6). The same page explains how to disable it for particular VM (and others connected to it). So, I’ve executed `qvm-features sys-whonix ipv6 ''` , restarted sys-whonix and now it works.
>
>
Sounds related:
https://github.com/QubesOS/qubes-issues/issues/3961
for it.
That would also be an alternative solution for that could be added to Whonix salt but which than later could backfire if/when we implement IPv6 Whonix side. (although not on the horizon mid term ⚓ T509 Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables )
(related: qubes-mgmt-salt-dom0-virtual-machines/qvm at master · QubesOS/qubes-mgmt-salt-dom0-virtual-machines · GitHub )