Date: Thu, 29 Jun 2023 16:56:05 -0500 From: Dustin Marquess <dmarquess@gmail.com> To: Guido Falsi <mad@madpilot.net>, FreeBSD User <freebsd@walstatt-de.de> Cc: freebsd-virtualization@freebsd.org, FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: CURRENT: bhyve: xfreerdp doesn't support OpenSSL 3 yet. Alternatives? Message-ID: <be6cc036-958a-4940-88eb-8907fb33ae29@Spark> In-Reply-To: <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> References: <20230629163533.4d430fed@thor.intern.walstatt.dynvpn.de> <ded9c3b0-0a26-24aa-131f-d06632a9922f@madpilot.net> <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--649dfdfb_59d8ab0b_387 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Jun 29, 2023 at 11:36=E2=80=AFAM -0500, =46reeBSD User <freebsd=40wals= tatt-de.de>, wrote: > Am Thu, 29 Jun 2023 16:41:51 +0200 > Guido =46alsi <mad=40madpilot.net> schrieb: > > > On 29/06/23 16:35, =46reeBSD User wrote: > > > Hello, > > > > > > running a recent CURRENT, 14.0-CURRENT =2310 main-n263871-fd774e065= c5d: Thu Jun 29 05:26:55 > > > CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working anymore on = Windows 10 guest in > > > bhyve. It seems OpenSSL 3 is the culprit (see the error message fro= m xfreerdp below). I > > > opened already a PR (see: https://bugs.freebsd.org/bugzilla/show=5F= bug.cgi=3Fid=3D272281). In a > > > very quick response I was informed that recent =46reeRDP doesn't su= pport OpenSSL 3 yes > > > (https://github.com/=46reeRDP/=46reeRDP/pull/8920). > > > > > > Checking for HowTo's setting up bhyve guests, I dodn't realise any = setting for > > > alternatives to RDP. As I do not fully understand how bhyve passes = through its guest's > > > framebuffer device/ or native GUI, I'm a bit helpless in searching = for another solution to > > > contact the Windows10 guest from the X11 desktop of the hosts. > > > > > > Trying remmina turns out to be a fail, because in our installation = libsoup2 and libsoup3 > > > are installed both and remmina complains about having both symbols,= also I realised > > > remmina seems to utilize net/freerdb as the RDP backend. > > > > > > Since I have no clue how to install =22blindly=22 a VNCserver withi= n the Windows10 guest, I > > > presume VNC is not an option in any way. > > > > > > Is there any way to access the bhyve guest's native graphical inter= face=3F As in the PR shown > > > above already documented (setup taken from the =46reeBSD Wiki/bhyve= ), a framebuffer is > > > already configured. > > > > > > It would be nice if someone could give a hint. > > > > > > > I had the same issue, with Windows 10 pro hosts, but the fault is in > > windows, which, by default, tries to negotiate an ancient protocol (N= TLM > > using RC4 if I understand correctly). > > > > With modern windows RDP servers there are better protocols available,= > > you can get them in remmina by forcing =22TLS protocolo security=22 i= n the > > advanced tab, security protocol negotiation (second row). > > > > Doing this (after some experimentation with various options) solved t= he > > issue for me. > > > > Thank you very much for the quick response. > > net/remmina is not an option on most of my workstations, since some req= uired ports install > libsoup3, and remmina complains about having found libsoup2 symbols as = well as libsoup3 > symbols when starting up - and quits. > > Since remmina utilises net/freerdp, I was wondering if I could enforce = TLS security by any > kind of a switch, and trying the following > > xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls > > resulting in > > =5B...=5D > =5B17:58:18:972=5D =5B1702:bb812700=5D =5BWARN=5D=5Bcom.winpr.utils.ssl= =5D - OpenSSL LEGACY provider failed to > load, no md4 support available=21 > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:12800067:DSO support routines::could not load the shared l= ibrary > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:12800067:DSO support routines::could not load the shared l= ibrary > =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned an > error: error:07880025:common libcrypto routines::reason(524325) =5B17:5= 8:18:973=5D > =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D - transport=5Frea= d=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex > ERRCONNECT=5FCONNECT=5FTRANSPORT=5F=46AILED =5B0x0002000D=5D > =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.t= ransport=5D - BIO=5Fread returned a > system error 35: Resource temporarily unavailable > =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D= - > transport=5Fread=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex ERRCONNECT=5F= CONNECT=5FTRANSPORT=5F=46AILED > =5B0x0002000D=5D =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bc= om.freerdp.core=5D - freerdp=5Fpost=5Fconnect > failed > > > My setup is > > bhyve -c 4 -m 4G -w -H =5C > -s 0,hostbridge =5C > -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk=5Fwin10.img =5C > -s 5,virtio-net,tap0 =5C > -s 29,fbuf,tcp=3D0.0.0.0:5900,w=3D1920,h=3D1200,vga=3Dio =5C > -s 30,xhci,tablet =5C > -s 31,lpc =5C > -l com1,stdio =5C > -l bootrom,/usr/local/share/uefi-firmware/BHYVE=5FUE=46I.fd =5C > win10 > > and this is a working image setup a couple of weeks ago when VBox has b= een defective on > CURRENT - should say: it worked once. > > I can not interpret the error above. > > bhyve is novel to me and I have to admit that I make some capital mista= kes here - but can't > find satisfying doucumentation ... > > Kind reagrds, > > Oliver RDP would be on the guest's IP using port 3389.=C2=A0=C2=A0Port 5900 on t= he host's IP is bhyve's VNC port, which speaks VNC, not RDP. If you want to use VNC, try TigerVNC. -Dustin --649dfdfb_59d8ab0b_387 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22>; <head> <title></title> </head> <body> <div name=3D=22messageReplySection=22> <div dir=3D=22auto=22>On Jun 29, 2023 at 11:36=E2=80=AFAM -0500, =46reeBS= D User <freebsd=40walstatt-de.de>, wrote:</div> <blockquote style=3D=22border-left-color: rgb(26, 188, 156); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >Am Thu, 29 Jun 2023 16:41:51 +0200<br /> Guido =46alsi <mad=40madpilot.net> schrieb:<br /> <br /> <blockquote style=3D=22border-left-color: rgb(230, 126, 34); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >On 29/06/23 16:35, =46reeBSD User wrote:<br /> <blockquote style=3D=22border-left-color: rgb(52, 152, 219); margin: 5px;= padding-left: 10px; border-left-width: thin; border-left-style: solid;=22= >Hello,<br /> <br /> running a recent CURRENT, 14.0-CURRENT =2310 main-n263871-fd774e065c5d: T= hu Jun 29 05:26:55<br /> CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working anymore on Window= s 10 guest in<br /> bhyve. It seems OpenSSL 3 is the culprit (see the error message from xfre= erdp below). I<br /> opened already a PR (see: https://bugs.freebsd.org/bugzilla/show=5Fbug.cg= i=3Fid=3D272281). In a<br /> very quick response I was informed that recent =46reeRDP doesn't support = OpenSSL 3 yes<br /> (https://github.com/=46reeRDP/=46reeRDP/pull/8920).<br /> <br /> Checking for HowTo's setting up bhyve guests, I dodn't realise any settin= g for<br /> alternatives to RDP. As I do not fully understand how bhyve passes throug= h its guest's<br /> framebuffer device/ or native GUI, I'm a bit helpless in searching for an= other solution to<br /> contact the Windows10 guest from the X11 desktop of the hosts.<br /> <br /> Trying remmina turns out to be a fail, because in our installation libsou= p2 and libsoup3<br /> are installed both and remmina complains about having both symbols, also = I realised<br /> remmina seems to utilize net/freerdb as the RDP backend.<br /> <br /> Since I have no clue how to install =22blindly=22 a VNCserver within the = Windows10 guest, I<br /> presume VNC is not an option in any way.<br /> <br /> Is there any way to access the bhyve guest's native graphical interface=3F= As in the PR shown<br /> above already documented (setup taken from the =46reeBSD Wiki/bhyve), a f= ramebuffer is<br /> already configured.<br /> <br /> It would be nice if someone could give a hint.<br /> <br /></blockquote> <br /> I had the same issue, with Windows 10 pro hosts, but the fault is in<br /= > windows, which, by default, tries to negotiate an ancient protocol (NTLM<= br /> using RC4 if I understand correctly).<br /> <br /> With modern windows RDP servers there are better protocols available,<br = /> you can get them in remmina by forcing =22TLS protocolo security=22 in th= e<br /> advanced tab, security protocol negotiation (second row).<br /> <br /> Doing this (after some experimentation with various options) solved the<b= r /> issue for me.<br /> <br /></blockquote> <br /> Thank you very much for the quick response.<br /> <br /> net/remmina is not an option on most of my workstations, since some requi= red ports install<br /> libsoup3, and remmina complains about having found libsoup2 symbols as we= ll as libsoup3<br /> symbols when starting up - and quits.<br /> <br /> Since remmina utilises net/freerdp, I was wondering if I could enforce TL= S security by any<br /> kind of a switch, and trying the following<br /> <br /> xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls<br /> <br /> resulting in<br /> <br /> =5B...=5D<br /> =5B17:58:18:972=5D =5B1702:bb812700=5D =5BWARN=5D=5Bcom.winpr.utils.ssl=5D= - OpenSSL LEGACY provider failed to<br /> load, no md4 support available=21<br /> =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an<br /> error: error:12800067:DSO support routines::could not load the shared lib= rary<br /> =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an<br /> error: error:12800067:DSO support routines::could not load the shared lib= rary<br /> =5B17:58:18:973=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned an<br /> error: error:07880025:common libcrypto routines::reason(524325) =5B17:58:= 18:973=5D<br /> =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D - transport=5Fread=5F= layer:freerdp=5Fset=5Flast=5Ferror=5Fex<br /> ERRCONNECT=5FCONNECT=5FTRANSPORT=5F=46AILED =5B0x0002000D=5D<br /> =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core.tra= nsport=5D - BIO=5Fread returned a<br /> system error 35: Resource temporarily unavailable<br /> =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom.freerdp.core=5D = -<br /> transport=5Fread=5Flayer:freerdp=5Fset=5Flast=5Ferror=5Fex ERRCONNECT=5FC= ONNECT=5FTRANSPORT=5F=46AILED<br /> =5B0x0002000D=5D =5B17:58:18:981=5D =5B1702:bb812700=5D =5BERROR=5D=5Bcom= .freerdp.core=5D - freerdp=5Fpost=5Fconnect<br /> failed<br /> <br /> <br /> My setup is<br /> <br /> bhyve -c 4 -m 4G -w -H =5C<br /> -s 0,hostbridge =5C<br /> -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk=5Fwin10.img =5C<br /> -s 5,virtio-net,tap0 =5C<br /> -s 29,fbuf,tcp=3D0.0.0.0:5900,w=3D1920,h=3D1200,vga=3Dio =5C<br /> -s 30,xhci,tablet =5C<br /> -s 31,lpc =5C<br /> -l com1,stdio =5C<br /> -l bootrom,/usr/local/share/uefi-firmware/BHYVE=5FUE=46I.fd =5C<br /> win10<br /> <br /> and this is a working image setup a couple of weeks ago when VBox has bee= n defective on<br /> CURRENT - should say: it worked once.<br /> <br /> I can not interpret the error above.<br /> <br /> bhyve is novel to me and I have to admit that I make some capital mistake= s here - but can't<br /> find satisfying doucumentation ...<br /> <br /> Kind reagrds,<br /> <br /> Oliver</blockquote> <div dir=3D=22auto=22><br /> RDP would be on the guest's IP using port 3389.&=23160;&=23160;Port 5900 = on the host's IP is bhyve's VNC port, which speaks VNC, not RDP.<br /> <br /> If you want to use VNC, try TigerVNC.<br /> <br /> -Dustin</div> </div> </body> </html> --649dfdfb_59d8ab0b_387--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?be6cc036-958a-4940-88eb-8907fb33ae29>