{{Header}} {{title|title= {{q_project_name_long}} Tor Connectivity and sdwdate Troubleshooting }} {{#seo: |description=Troubleshooting Tor, Network and sdwdate Issues with {{project_name_long}} |image=Torconnectivitytroubleshoot.png }} {{qubes_troubleshooting_mininav}} [[File:Torconnectivitytroubleshoot.png|thumb]] {{intro| Troubleshooting Tor, Network and sdwdate Issues with {{project_name_short}} }} = Introduction = Occasionally, mostly since the release of Qubes R4.1, {{q_project_name_short}} user are reporting connectivity issues as well as sdwdate issues. However, a lot issues {{q_project_name_short}} connectivity issues are [[unspecific|unspecific to {{project_name_short}}]]. These issues are often misattributed to {{project_name_short}}. Even though the issue is happening inside {{project_name_short}}, the cause is most often unrelated to {{project_name_short}} source code. Qubes is developed by [https://www.qubes-os.org Qubes OS Project], which is an independent entity. The is the norm in Linux distributions. To learn more about such relationships see {{kicksecure_wiki |wikipage=Linux User Experience versus Commercial Operating Systems |text=Linux User Experience versus Commercial Operating Systems }}. A different issue could be a [[Network Obstacle]]. {{project_name_short}} does integration work {{project_name_short}} integrated into the Qubes platform. To use a simple analogy, {{project_name_short}} stays "on the outside". Very few modifications are made to Qubes through Qubes dom0 package [https://github.com/QubesOS/qubes-core-admin-addon-whonix qubes-core-admin-addon-whonix] as described for developers in the [[Dev/Qubes#qvm-tags|{{q_project_name_short}} qvm-tags]] chapter. Qubes R4.1 was released with some "strange" connectivity bugs such as [https://github.com/QubesOS/qubes-issues/issues/7123 this]. A Qubes user might think the user has updated Qubes which should include bug fixes but actually the update might not have happened due to Qubes Updater issues. [[Qubes/Update|Quote]]:
The situation is however [https://github.com/QubesOS/qubes-posts/pull/79#issuecomment-1042934326 complicated] due to [https://github.com/QubesOS/qubes-issues/labels/C:%20updates Qubes Updater Issues], most notably such as: * [https://github.com/QubesOS/qubes-issues/issues/7254 qubes-dom0-update shows No updates available in case of network is down / qubes-dom0-update fails to notice if repositories are unreachable / network is down], * [https://github.com/QubesOS/qubes-issues/issues/6585 Updating via Salt falsely claims to succeed when it actually fails] and * [https://github.com/QubesOS/qubes-issues/issues/6635 Replace built-in Qube Manager update functionality with the Qubes Update tool].
To remedy this kind of issue, [[#Connectivity Troubleshooting Approaches|there are a few approaches]]. = Qubes sdwdate specific = It is often suspected that sdwdate might be the cause. This is unlikely. No issues are reported for {{project_name_short}} on other platforms such as {{project_name_short}} for VirtualBox which has a magnitude of more users but no (or very rare) similar connectivity bug reports. [[sdwdate-gui]] makes Tor issues in {{q_project_name_short}} more visible due to its graphical indication and easily accessible logs. However, at time of writing [[sdwdate-gui]] is mostly a [[Troubleshooting#Unsuitable Connectivity Troubleshooting Tools|unsuitable connectivity troubleshooting tool]]. To exclude the possibly that sdwdate is the cause, the user could attempt to disable the autostart of sdwdate. * info: [[sdwdate]] * try: [https://www.kicksecure.com/wiki/Sdwdate#Disable_Autostart Disable Autostart of sdwdate] = Connectivity Troubleshooting Approaches = == Generally == '''1.''' The user is encouraged to learn about general ([[unspecific|unspecific to {{project_name_short}}]]) Qubes Updater issues and make sure updates are really installed. See also [[Qubes/Update]]. '''2.''' [[Troubleshooting#Connectivity Troubleshooting|Connectivity Troubleshooting]] '''3.''' [[Tor#Connectivity_Troubleshooting|Tor Connectivity Troubleshooting]] == Qubes sys-net workaround == Complete the following steps: # Shut down {{project_name_gateway_vm}}. # Change the {{project_name_gateway_vm}} NetVM setting from sys-firewall to sys-net. # Restart {{project_name_gateway_vm}}. This procedure might help, but should not be considered a final solution. This procedure was useful for [[Qubes|{{q_project_name_short}}]] R3.2 users, although the Qubes bug report is now resolved: https://github.com/QubesOS/qubes-issues/issues/2141 Please report if this workaround helped. = systemd-socket-proxyd = * systemd-socket-proxyd using 100% CPU was reported [https://forum.qubes-os.org/t/suspend-swap-and-whonix-gateway-performance-issues/11310 here] * systemd-socket-proxyd Failed to get remote socket: Too many open files potentially caused by [https://github.com/QubesOS/qubes-issues/issues/7539 VM logs filled with "host kernel: xen:grant_table: g.e x still pending" messages #7539] = xen:grant_table = * Both, ** kernel: xen:grant_table: g.e. redacted still pending ** kernel: deferring g.e. redacted (pfn redacted) * potentially caused by [https://github.com/QubesOS/qubes-issues/issues/7539 VM logs filled with "host kernel: xen:grant_table: g.e x still pending" messages #7539] = suspend resume related = * [https://github.com/QubesOS/qubes-issues/issues/7554 VM using kernel 5.10.112 unable to resume after suspension #7554] * [https://github.com/QubesOS/qubes-issues/issues/7548 Windows become unresponsive for VMs that were paused before suspend #7548] Potential fix: [https://github.com/QubesOS/qubes-core-admin/pull/473 Properly suspend all VMs, not only those with PCI devices #473] = clocksource tsc vs xen = * https://github.com/QubesOS/qubes-issues/issues/7404#issuecomment-1113299850 = Future = The community is encouraged not to wait for {{project_name_short}} to fix these connectivity issues since this unfortunately is unlikely to happen. This is because {{project_name_short}} developers are not affected by these connectivity issues, these are non-reproducible issues and sometimes these are caused by already fixed Qubes bugs which are not yet fixed on Qubes due to Qubes Updater issues. = Related Qubes Bugs = * [https://github.com/QubesOS/qubes-issues/issues/7013 Denied: whonix.SdwdateStatus error message after DispVM has halted] ** https://github.com/QubesOS/updates-status/issues/2824 will fix most if not all Denied: whonix. alike issues * [https://github.com/QubesOS/qubes-issues/issues/4167 Qubes doesn’t backup and restore qvm-tags.] Therefore, sdwdate Denied messages can happen. * [https://github.com/QubesOS/qubes-issues/issues/7287 Switching qube to Whonix template fails to add anon-vm qvm-tag, resulting in sys-whonix: denied: denied by policy] = Unexpected autostart of sys-whonix = If using multiple {{q_project_name_short}} VMs, the user should make sure to have followed the relevant documentation. {{multiple-vms-mininav}} 3 components are related here. * '''A)''' [https://www.qubes-os.org/doc/how-to-install-software-in-dom0/ Qubes dom0 UpdateVM setting] * '''B)''' Qubes dom0 [[Multiple_Qubes-Whonix_Templates#UpdatesProxy_Settings|UpdatesProxy]] * '''C)''' Qubes dom0 [[#sdwdate-gui_qrexec_settings|sdwdate-gui qrexec settings]]. On the [[Multiple Qubes-Whonix Templates]] wiki page take special note of the warning box in the [[Multiple_Qubes-Whonix_Templates#UpdatesProxy|UpdatesProxy]] chapter. Related: * [[Dev/Qubes#qvm-tags|Developer documentation about qvm-tags]] * [[Dev/Qubes#qvm_tags_issues|qvm-tags issues]] == sdwdate-gui qrexec settings == === sdwdate-gui qrexec settings fix === * A) New installation of Qubes R4.2: These steps are very most likely not required. * B) A fully updated Qubes should not require any of the following steps. '''1.''' [https://github.com/QubesOS/qubes-core-admin-addon-whonix/blob/master/qubes-rpc-policy/80-whonix.policy 80-whonix.policy on github] ([https://raw.githubusercontent.com/QubesOS/qubes-core-admin-addon-whonix/master/qubes-rpc-policy/80-whonix.policy raw]) should look same as /etc/qubes/policy.d/80-whonix.policy in dom0. '''2.''' The following files are legacy and could optionally be safely removed if step 1 was confirmed. {{CodeSelect|code= sudo rm /etc/qubes-rpc/policy/whonix.GatewayCommand }} {{CodeSelect|code= sudo rm /etc/qubes-rpc/policy/whonix.NewStatus }} {{CodeSelect|code= sudo rm /etc/qubes-rpc/policy/whonix.SdwdateStatus }} === sdwdate-gui qrexec debugging === ==== dom0 journal log file reading ==== Check, follow dom0 journal log file while reproducing sdwdate-gui qrexec messages. Look for denied: messages. In dom0. {{CodeSelect|code= sudo journalctl | grep denied: }} Or. {{CodeSelect|code= sudo journalctl -f }} ==== sdwdate-watcher debugging ==== '''1.''' Inside the Whonix-Workstation App Qube. '''2.''' Kill sdwdate-watcher. sdwdate-watcher is the part of sdwdate-gui which watches sdwdate events from /var/run/sdwdate folder and notifies the gateway configured in /usr/local/etc/sdwdate-gui.d/50_user.conf. {{CodeSelect|code= killall sdwdate-watcher }} '''3.''' Start sdwdate-watcher. {{CodeSelect|code= /usr/libexec/sdwdate-gui/start-maybe }} '''4.''' Restart sdwdate. This is to produce new sdwdate activity that sdwdate-watcher can observe. {{CodeSelect|code= sudo systemctl restart sdwdate }} '''5.''' See if there are any error messages. ==== qvm-tags verification ==== Debugging Qubes qrexec is largely [[unspecific|unspecific to {{q_project_name_short}}]]. Qubes qrexec debugging instructions from other resources such as perhaps the Qubes website should equally apply. Note: Any commands that follow must be run inside Qubes dom0. '''1.''' Background information on qvm-tags. See if you can make head or tail of [[Dev/Qubes#qvm-tags|qvm-tags developer notes]]. If not, skip this step. '''2.''' Check qvm-tags of {{project_name_gateway_long}} net qube. Note: Replace sys-whonix with the actual name of the Whonix-Gateway you are using. {{CodeSelect|code= qvm-tags sys-whonix }} Expected printout should include:
anon-gateway
'''3.''' Check qvm-tags of {{project_name_workstation_long}} App Qube. Note: Replace sys-whonix with the actual name of the Whonix-Workstation you are using. {{CodeSelect|code= qvm-tags anon-whonix }} Expected printout should include:
anon-vm
'''4.''' Check qvm-tags of {{project_name_gateway_short}} Template. Note: Replace {{project_name_gateway_template}} with the actual name of the Whonix-Gateway Template you are using. {{CodeSelect|code= qvm-tags {{project_name_gateway_template}} }} Expected printout should include:
whonix-updatevm
'''5.''' Check qvm-tags of {{project_name_workstation_short}} Template. Note: Replace {{project_name_gateway_template}} with the actual name of the Whonix-Workstation Template you are using. {{CodeSelect|code= qvm-tags {{project_name_workstation_template}} }} Expected printout should include:
whonix-updatevm
= See Also = * [[Troubleshooting#Connectivity Troubleshooting|Connectivity Troubleshooting]] * [[Troubleshooting#General Troubleshooting|General Troubleshooting]] * [[Network Obstacle]] * [[Tor]] * [[vanguards]] * [https://forums.whonix.org/t/qubes-whonix-development/13323 {{q_project_name_short}} Development] = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]