libvirt QEMU/KVM guest cannot connect to network (NAT)

Question

An Ubuntu QEMU/KVM guest created in virt-manager with all default settings and network type NAT can't activate its network. My host is Fedora 35. A screenshot of the guest's NetworkManager log is below.

Here is the XML config from virt-manager's NIC tab in device settings:

<interface type="network">
  <mac address="redacted but present"/>
  <source network="default" portid="redacted but present" bridge="virbr0"/>
  <target dev="vnet2"/>
  <model type="virtio"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

And virt-manager's virtual networks XML:

<network connections="2">
  <name>default</name>
  <uuid>redacted but present</uuid>
  <forward mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
  </forward>
  <bridge name="virbr0" stp="on" delay="0"/>
  <mac address="redacted but present"/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254"/>
    </dhcp>
  </ip>
</network>

virsh net-list --all

 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes

brctl show

bridge name bridge id       STP enabled interfaces
virbr0      redacted    yes

ip -br link show

lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
enp34s0          UP             redacted <BROADCAST,MULTICAST,UP,LOWER_UP>
virbr0           DOWN           redacted <NO-CARRIER,BROADCAST,MULTICAST,UP>
wg-mullvad       UNKNOWN        <POINTOPOINT,UP,LOWER_UP>

nmcli connection show --active

NAME                UUID                                  TYPE       DEVICE
Wired connection 1  redacted  ethernet   enp34s0
virbr0              redacted  bridge     virbr0
wg-mullvad          redacted  wireguard  wg-mullvad

systemctl status libvirtd

○ libvirtd.service - Virtualization daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; disabled; vendor preset: disabled)
     Active: inactive (dead) since Mon 2022-04-04 05:13:01; 1min 40s ago
TriggeredBy: ○ libvirtd-tls.socket
             ● libvirtd-admin.socket
             ○ libvirtd-tcp.socket
             ● libvirtd.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
    Process: 36276 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
   Main PID: 36276 (code=exited, status=0/SUCCESS)
        CPU: 439ms

Apr 04 05:12:49 host systemd[1]: Starting Virtualization daemon...
Apr 04 05:12:49 host systemd[1]: Started Virtualization daemon.
Apr 04 05:13:01 host systemd[1]: Stopping Virtualization daemon...
Apr 04 05:13:01 host systemd[1]: libvirtd.service: Deactivated successfully.
Apr 04 05:13:01 host systemd[1]: Stopped Virtualization daemon.
[user@host ~]$ sudo systemctl status libvirtd
○ libvirtd.service - Virtualization daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; disabled; vendor preset: disabled)
     Active: inactive (dead) since Mon 2022-04-04 05:13:01; 2min 1s ago
TriggeredBy: ○ libvirtd-tls.socket
             ● libvirtd-admin.socket
             ○ libvirtd-tcp.socket
             ● libvirtd.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
    Process: 36276 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
   Main PID: 36276 (code=exited, status=0/SUCCESS)
        CPU: 439ms

Apr 04 05:12:49 host systemd[1]: Starting Virtualization daemon...
Apr 04 05:12:49 host systemd[1]: Started Virtualization daemon.
Apr 04 05:13:01 host systemd[1]: Stopping Virtualization daemon...
Apr 04 05:13:01 host systemd[1]: libvirtd.service: Deactivated successfully.
Apr 04 05:13:01 host systemd[1]: Stopped Virtualization daemon

systemctl --failed

  UNIT                  LOAD   ACTIVE SUB    DESCRIPTION
● nvidia-powerd.service loaded failed failed nvidia-powerd service

Things I've tried so far:

Checked that I have the following packages installed: qemu dhclient netcat virt-viewer libvirt dnsmasq dmidecode ebtables virt-install virt-manager bridge-utils
Checked that the network "default" is started in virsh
Made sure that firewalld is installed and running
Checked that virbr0 is in zone libvirt with firewall-cmd get-active-zones

CRUCIAL UPDATE:

Further troubleshooting showed that the VPN I am using is causing this issue. Launching VM's with the VPN disabled lets them connect to the network and internet. My VPN app is called Mullvad, and uses the Wireguard protocol. How can I make this work so that VM's connect to the internet through the VPN?

You should make sure in the debug phase that the firewall is not running. Also that there's no Docker enabled and running on the same host. — A.B, Mar 26 '22 at 17:09
@A.B what is the way to disable firewall on Fedora? The machine does not have Docker installed. — Stahls, Mar 26 '22 at 17:12
You could just run `systemctl stop firewalld` to stop it (and leave it enabled at next boot). Might not solve the problem, but that's one less thing to worry about until it's working. Once it's working, make sure it works with the firewall running too. — A.B, Mar 26 '22 at 17:14
@A.B I stopped firewalld, then restarted libvirtd, the issue persists — Stahls, Mar 26 '22 at 17:31
Is the problem just with this specific guest, or do no guests work? Do these commands provide any hints? `virsh net-list --all`, `brctl show`, `ip -br link show`, `nmcli connection show --active`, `systemctl status libvirtd` — rickhg12hs, Mar 28 '22 at 20:41
@rickhg12hs `$ virsh net-list --all Name State Autostart Persistent -------------------------------------------- default active yes yes` `$ brctl show bridge name bridge id STP enabled interfaces virbr0 8000.525400323f0f yes` `$ ip -br link show lo UNKNOWN 00:00:00:00:00:00 enp34s0 UP redacted virbr0 DOWN redacted wg-mullvad UNKNOWN ` — Stahls, Apr 04 '22 at 02:09
`$ nmcli connection show --active NAME UUID TYPE DEVICE Wired connection 1redacted ethernet enp34s0 virbr0 redacted bridge virbr0 wg-mullvad redacted wireguard wg-mullvad` — Stahls, Apr 04 '22 at 02:15
https://pastebin.com/1q9rCXvL libvirtd shows as inactive (dead) @user7138814 systemctl --failed only shows an nvidia-powerd error — Stahls, Apr 04 '22 at 02:19
Please update/edit your question with the additional information. — rickhg12hs, Apr 04 '22 at 02:31
Had the exact same issue, went into a huge tcpdump rathole for hours on this one. I'm using QEMU/KVM same as you, just on Pop!_OS. Enabling Local Network Sharing fixed it for me as well. — cortexlock, Jul 22 '22 at 23:16

score 3 · Answer 1 · answered Apr 04 '22 at 21:23

3

The problem was using a VPN without enabling an "allow local network sharing" setting. Enabling that made it work.

answered Apr 04 '22 at 21:23

Stahls

71
1
5

Just a thought - might be worth changing the post title if possible to include "Mullvad" as this is a rather specific problem and your solution doesn't come up in first page of results :) – cortexlock Aug 02 '22 at 07:01

score 0 · Answer 2 · answered Nov 03 '22 at 09:48

0

Enabling forwarding with

sysctl net.ipv4.ip_forward=1

might help.

answered Nov 03 '22 at 09:48

user582175

101
1

2

Welcome to the site, and thank you for your contribution. Please consider adding an explanation on _why_ you think this will solve the connectivity problem described in the OP. – AdminBee Nov 03 '22 at 10:34

libvirt QEMU/KVM guest cannot connect to network (NAT)

CRUCIAL UPDATE:

2 Answers2