From nobody Thu Jun 29 21:56:05 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsXMh73hDz4khtk; Thu, 29 Jun 2023 21:56:16 +0000 (UTC) (envelope-from dmarquess@gmail.com) Received: from mail-oo1-xc35.google.com (mail-oo1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QsXMg2b9Fz4BCM; Thu, 29 Jun 2023 21:56:15 +0000 (UTC) (envelope-from dmarquess@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-oo1-xc35.google.com with SMTP id 006d021491bc7-55b8f1c930eso761957eaf.3; Thu, 29 Jun 2023 14:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688075774; x=1690667774; h=mime-version:subject:references:in-reply-to:message-id:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=vInfgMrC6dtY9jejdVxe6ibRLbUayusdtrPhNQWtRag=; b=dIGEEev6OaBZUb45lWXOvGQ5CqjaP+lBbW8MblntJOidp7zVI6jxR/JvlQlSJIn+4j HESOXn6moRv2/8nlfrrthTpFNwYBb2caOezEbsywIpYOrKl274FKGzkkJnS/knQvDLFo nyeZ9TV+SYUOIcXaEQEhvzfHn9JHK29QlxJ26QCNXMJ6FlUUOtJ8oWfFrKmI5vBOEW+g CLXOfluBMWM6kI+BEZ3wzS7P/EQrHxL/CE8CP0lZpR24TP5zXppPWU+6a5Qzzx8YEAxF dy3djZ+BPOUClaQlgq2Ne7yv6zwGA8sEEU1dEcaZ0K50aillJOZBj7X/FajALybJmOCe xYyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688075774; x=1690667774; h=mime-version:subject:references:in-reply-to:message-id:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vInfgMrC6dtY9jejdVxe6ibRLbUayusdtrPhNQWtRag=; b=HhtpcMBZ4i9SrBB+5HE5g/08tpsACi82W4VZ9lJ0tbgQ14k+Z8vVPoPqrpOw/GP9Be bR6R+f1XAZ0QlkWep5MtkHMfXvMDelktAsHeapGKs8q2QYbo8QRyPP/L1RyCnFMcM92H CR+MROiNXwwLWKgLuIe7hr0N6qJdTg5wCaCeE5bqrefRnUt3pUclN3817weYDXCGXyCi HkdveA9a6J62q9B2HRAJH4ZVcVifsbVFlarzJVCXbkHPoS9SYySYvqvhXblWWD/s17C9 2UeFpoc9NllTAGgTppknUc+J3OrCEuBRjSqA6eKaFU6AH4rESzqDz5mYuwGUxwcp2u3K MYmQ== X-Gm-Message-State: AC+VfDwkAD4YSPK+fgymf2WfFUR0gpY+fm2YV4Ca5lGbqZjN7NHxyj3P o3Qg08QxlhvMAbwtBCxeiebeDY5XHwnPJg== X-Google-Smtp-Source: ACHHUZ5Sy2jRZyc1YmVHcEX9vX2sUPWSIUkbZyJOJr1Fl0Quex4FcM7X+vkjhtHRIS+OtM1bDZpijQ== X-Received: by 2002:a4a:4511:0:b0:565:a620:4efa with SMTP id y17-20020a4a4511000000b00565a6204efamr741420ooa.6.1688075772737; Thu, 29 Jun 2023 14:56:12 -0700 (PDT) Received: from [2001:470:bc52:2:40ea:4a06:70:0] ([2001:470:bc52:2:860:15c0:3694:e826]) by smtp.gmail.com with ESMTPSA id s7-20020a4adb87000000b005658ce931edsm2436610oou.4.2023.06.29.14.56.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jun 2023 14:56:12 -0700 (PDT) Date: Thu, 29 Jun 2023 16:56:05 -0500 From: Dustin Marquess To: Guido Falsi , FreeBSD User Cc: freebsd-virtualization@freebsd.org, FreeBSD CURRENT Message-ID: In-Reply-To: <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> References: <20230629163533.4d430fed@thor.intern.walstatt.dynvpn.de> <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> Subject: Re: CURRENT: bhyve: xfreerdp doesn't support OpenSSL 3 yet. Alternatives? X-Readdle-Message-ID: be6cc036-958a-4940-88eb-8907fb33ae29@Spark List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="649dfdfb_59d8ab0b_387" X-Rspamd-Queue-Id: 4QsXMg2b9Fz4BCM X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --649dfdfb_59d8ab0b_387 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Jun 29, 2023 at 11:36=E2=80=AFAM -0500, =46reeBSD User , wrote: > Am Thu, 29 Jun 2023 16:41:51 +0200 > Guido =46alsi schrieb: > > > On 29/06/23 16:35, =46reeBSD User wrote: > > > Hello, > > > > > > running a recent CURRENT, 14.0-CURRENT =2310 main-n263871-fd774e065= c5d: Thu Jun 29 05:26:55 > > > CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working anymore on = Windows 10 guest in > > > bhyve. It seems OpenSSL 3 is the culprit (see the error message fro= m xfreerdp below). I > > > opened already a PR (see: https://bugs.freebsd.org/bugzilla/show=5F= bug.cgi=3Fid=3D272281). In a > > > very quick response I was informed that recent =46reeRDP doesn't su= pport OpenSSL 3 yes > > > (https://github.com/=46reeRDP/=46reeRDP/pull/8920). > > > > > > Checking for HowTo's setting up bhyve guests, I dodn't realise any = setting for > > > alternatives to RDP. As I do not fully understand how bhyve passes = through its guest's > > > framebuffer device/ or native GUI, I'm a bit helpless in searching = for another solution to > > > contact the Windows10 guest from the X11 desktop of the hosts. > > > > > > Trying remmina turns out to be a fail, because in our installation = libsoup2 and libsoup3 > > > are installed both and remmina complains about having both symbols,= also I realised > > > remmina seems to utilize net/freerdb as the RDP backend. > > > > > > Since I have no clue how to install =22blindly=22 a VNCserver withi= n the Windows10 guest, I > > > presume VNC is not an option in any way. > > > > > > Is there any way to access the bhyve guest's native graphical inter= face=3F As in the PR shown > > > above already documented (setup taken from the =46reeBSD Wiki/bhyve= ), a framebuffer is > > > already configured. > > > > > > It would be nice if someone could give a hint. > > > > > > > I had the same issue, with Windows 10 pro hosts, but the fault is in > > windows, which, by default, tries to negotiate an ancient protocol (N= TLM > > using RC4 if I understand correctly). > > > > With modern windows RDP servers there are better protocols available,= > > you can get them in remmina by forcing =22TLS protocolo security=22 i= n the > > advanced tab, security protocol negotiation (second row). > > > > Doing this (after some experimentation with various options) solved t= he > > issue for me. > > > > Thank you very much for the quick response. > > net/remmina is not an option on most of my workstations, since some req= uired ports install > libsoup3, and remmina complains about having found libsoup2 symbols as = well as libsoup3 > symbols when starting up - and quits. > > Since remmina utilises net/freerdp, I was wondering if I could enforce = TLS security by any > kind of a switch, and trying the following > > xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls > > resulting in > > =5B...=5D > =5B17:58:18:972=5D =5B1702:bb812700=5D =5BWARN=5D=5Bcom.winpr.utils.ssl= =5D - OpenSSL LEGACY provider failed to > load, no md4 support available=21 > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:12800067:DSO support routines::could not load the shared l= ibrary > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:12800067:DSO support routines::could not load the shared l= ibrary > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:07880025:common libcrypto routines::reason(524325) =5B17:5= 8:18:973=5D > =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D - transport=5Frea= d=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex > ERRCONNECT=5FCONNECT=5FTRANSPORT=5F=46AILED =5B0x0002000D=5D > =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned a > system error 35: Resource temporarily unavailable > =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D= - > transport=5Fread=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex ERRCONNECT=5F= CONNECT=5FTRANSPORT=5F=46AILED > =5B0x0002000D=5D =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bc= om.freerdp.core=5D - freerdp=5Fpost=5Fconnect > failed > > > My setup is > > bhyve -c 4 -m 4G -w -H =5C > -s 0,hostbridge =5C > -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk=5Fwin10.img =5C > -s 5,virtio-net,tap0 =5C > -s 29,fbuf,tcp=3D0.0.0.0:5900,w=3D1920,h=3D1200,vga=3Dio =5C > -s 30,xhci,tablet =5C > -s 31,lpc =5C > -l com1,stdio =5C > -l bootrom,/usr/local/share/uefi-firmware/BHYVE=5FUE=46I.fd =5C > win10 > > and this is a working image setup a couple of weeks ago when VBox has b= een defective on > CURRENT - should say: it worked once. > > I can not interpret the error above. > > bhyve is novel to me and I have to admit that I make some capital mista= kes here - but can't > find satisfying doucumentation ... > > Kind reagrds, > > Oliver RDP would be on the guest's IP using port 3389.=C2=A0=C2=A0Port 5900 on t= he host's IP is bhyve's VNC port, which speaks VNC, not RDP. If you want to use VNC, try TigerVNC. -Dustin --649dfdfb_59d8ab0b_387 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
On Jun 29, 2023 at 11:36=E2=80=AFAM -0500, =46reeBS= D User <freebsd=40walstatt-de.de>, wrote:
Am Thu, 29 Jun 2023 16:41:51 +0200
Guido =46alsi <mad=40madpilot.net> schrieb:

On 29/06/23 16:35, =46reeBSD User wrote:
Hello,

running a recent CURRENT, 14.0-CURRENT =2310 main-n263871-fd774e065c5d: T= hu Jun 29 05:26:55
CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working anymore on Window= s 10 guest in
bhyve. It seems OpenSSL 3 is the culprit (see the error message from xfre= erdp below). I
opened already a PR (see: https://bugs.freebsd.org/bugzilla/show=5Fbug.cg= i=3Fid=3D272281). In a
very quick response I was informed that recent =46reeRDP doesn't support = OpenSSL 3 yes
(https://github.com/=46reeRDP/=46reeRDP/pull/8920).

Checking for HowTo's setting up bhyve guests, I dodn't realise any settin= g for
alternatives to RDP. As I do not fully understand how bhyve passes throug= h its guest's
framebuffer device/ or native GUI, I'm a bit helpless in searching for an= other solution to
contact the Windows10 guest from the X11 desktop of the hosts.

Trying remmina turns out to be a fail, because in our installation libsou= p2 and libsoup3
are installed both and remmina complains about having both symbols, also = I realised
remmina seems to utilize net/freerdb as the RDP backend.

Since I have no clue how to install =22blindly=22 a VNCserver within the = Windows10 guest, I
presume VNC is not an option in any way.

Is there any way to access the bhyve guest's native graphical interface=3F= As in the PR shown
above already documented (setup taken from the =46reeBSD Wiki/bhyve), a f= ramebuffer is
already configured.

It would be nice if someone could give a hint.


I had the same issue, with Windows 10 pro hosts, but the fault is in
windows, which, by default, tries to negotiate an ancient protocol (NTLM<= br /> using RC4 if I understand correctly).

With modern windows RDP servers there are better protocols available,
you can get them in remmina by forcing =22TLS protocolo security=22 in th= e
advanced tab, security protocol negotiation (second row).

Doing this (after some experimentation with various options) solved the issue for me.


Thank you very much for the quick response.

net/remmina is not an option on most of my workstations, since some requi= red ports install
libsoup3, and remmina complains about having found libsoup2 symbols as we= ll as libsoup3
symbols when starting up - and quits.

Since remmina utilises net/freerdp, I was wondering if I could enforce TL= S security by any
kind of a switch, and trying the following

xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls

resulting in

=5B...=5D
=5B17:58:18:972=5D =5B1702:bb812700=5D =5BWARN=5D=5Bcom.winpr.utils.ssl=5D= - OpenSSL LEGACY provider failed to
load, no md4 support available=21
=5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an
error: error:12800067:DSO support routines::could not load the shared lib= rary
=5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an
error: error:12800067:DSO support routines::could not load the shared lib= rary
=5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an
error: error:07880025:common libcrypto routines::reason(524325) =5B17:58:= 18:973=5D
=5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D - transport=5Fread=5F= layer:freerdp=5Fset=5Flast=5Ferror=5Fex
ERRCONNECT=5FCONNECT=5FTRANSPORT=5F=46AILED =5B0x0002000D=5D
=5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned a
system error 35: Resource temporarily unavailable
=5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D = -
transport=5Fread=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex ERRCONNECT=5FC= ONNECT=5FTRANSPORT=5F=46AILED
=5B0x0002000D=5D =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom= .freerdp.core=5D - freerdp=5Fpost=5Fconnect
failed


My setup is

bhyve -c 4 -m 4G -w -H =5C
-s 0,hostbridge =5C
-s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk=5Fwin10.img =5C
-s 5,virtio-net,tap0 =5C
-s 29,fbuf,tcp=3D0.0.0.0:5900,w=3D1920,h=3D1200,vga=3Dio =5C
-s 30,xhci,tablet =5C
-s 31,lpc =5C
-l com1,stdio =5C
-l bootrom,/usr/local/share/uefi-firmware/BHYVE=5FUE=46I.fd =5C
win10

and this is a working image setup a couple of weeks ago when VBox has bee= n defective on
CURRENT - should say: it worked once.

I can not interpret the error above.

bhyve is novel to me and I have to admit that I make some capital mistake= s here - but can't
find satisfying doucumentation ...

Kind reagrds,

Oliver

RDP would be on the guest's IP using port 3389.&=23160;&=23160;Port 5900 = on the host's IP is bhyve's VNC port, which speaks VNC, not RDP.

If you want to use VNC, try TigerVNC.

-Dustin
--649dfdfb_59d8ab0b_387--