From nobody Sat Jul 8 07:49:47 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qyj9f3Cqsz4l44S; Sat, 8 Jul 2023 07:50:30 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp052.goneo.de (smtp052.goneo.de [85.220.129.60]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qyj9d11twz3xd4; Sat, 8 Jul 2023 07:50:28 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=NcAk5B8e; spf=none (mx1.freebsd.org: domain of freebsd@walstatt-de.de has no SPF policy when checking 85.220.129.60) smtp.mailfrom=freebsd@walstatt-de.de; dmarc=none Received: from hub1.goneo.de (hub1.goneo.de [85.220.129.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp5.goneo.de (Postfix) with ESMTPS id 759B610A32DA; Sat, 8 Jul 2023 09:50:21 +0200 (CEST) Received: from hub1.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPS id 5056311222AF; Sat, 8 Jul 2023 09:50:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1688802615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HdCIB6zHyyNUolujOesKFPDaHYc/l5WEdBkvsXfAVEE=; b=NcAk5B8eL3cK7dQ4j2cBF4azE9WYyzeGmm4us/MENkwGrCeO7byc/t6bERJ4Og0r9iA/1m DVd5KVjkDlKNm25rBQdARnZTgGs09qIEVnONi1xATSWX529AxUDLpb+dUnLDdV3Z0j+vpl 1qzYzsfNsDjhrS/ELH6fOo1JG5RkPGthgZGnGIwOx1wyApliCgPbSycuLIi02v9cgEb8cJ R2yfCnCkul0/mbq7ksMLXUKTT4IGWEXJZYtBpKvltMvfoK6KkV+s9ALe02pV1MiEKPlB8K ehzj2brxOHyYJ7f6ItJkiwry1PJK/dGNOcSTMoSnLogTcI+mCc+JCreMYKp9nQ== Received: from thor.intern.walstatt.dynvpn.de (dynamic-089-014-247-167.89.14.pool.telefonica.de [89.14.247.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPSA id 1492E105ED92; Sat, 8 Jul 2023 09:50:15 +0200 (CEST) Date: Sat, 8 Jul 2023 09:49:47 +0200 From: FreeBSD User To: Pierre Pronchery Cc: freebsd-virtualization@freebsd.org, freebsd-current@freebsd.org Subject: Re: CURRENT: bhyve: xfreerdp doesn't support OpenSSL 3 yet. Alternatives? Message-ID: <20230708095014.1ede5bcd@thor.intern.walstatt.dynvpn.de> In-Reply-To: <105d4fa7-8472-6316-fc15-7ba8dd987974@freebsdfoundation.org> References: <20230629163533.4d430fed@thor.intern.walstatt.dynvpn.de> <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> <105d4fa7-8472-6316-fc15-7ba8dd987974@freebsdfoundation.org> Organization: walstatt-de.de List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-UID: 80e7ba X-Rspamd-UID: 17a9d6 X-Spamd-Result: default: False [-2.30 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org,freebsd-virtualization@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[walstatt-de.de:+]; MIME_TRACE(0.00)[0:+]; BLOCKLISTDE_FAIL(0.00)[85.220.129.60:server fail,89.14.247.167:server fail,85.220.129.52:server fail]; RCVD_COUNT_THREE(0.00)[4]; ASN(0.00)[asn:25394, ipnet:85.220.128.0/17, country:DE]; RCPT_COUNT_THREE(0.00)[3]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_SOME(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; FROM_HAS_DN(0.00)[]; HAS_ORG_HEADER(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4Qyj9d11twz3xd4 X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N Am Fri, 30 Jun 2023 16:45:52 +0200 Pierre Pronchery schrieb: My apology for the delay. Shortly after the post here and several patches the problem vanished into t= hin air - alos by using tigervnc as the client and not, as proposed on the FreeBSD Wiki page,= xfreerdp. Thank you very much for helping! Regards oh > Hi everyone, >=20 > I believe I understand where the issue loading OpenSSL's > legacy provider comes from (for MD4 support) and I am currently working=20 > on a fix here: > https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.0-providers >=20 > Basically the OpenSSL provider module for legacy algorithms is not built= =20 > correctly, since the switch to OpenSSL 3.0.9 in base. The same goes with= =20 > the FIPS module, where finding an elegant solution is more difficult=20 > than for the legacy one, but I'm getting there. >=20 > Anyway, I will keep updating this branch until it's ready for a pull-up=20 > request, very likely with force-pushes in order to polish the commits=20 > before submission. >=20 > Let me know how it goes! >=20 > Cheers, > -- Pierre >=20 > On 6/29/23 23:56, Dustin Marquess wrote: > > On Jun 29, 2023 at 11:36=E2=80=AFAM -0500, FreeBSD User=20 > > , wrote: > >=20 > > Am Thu, 29 Jun 2023 16:41:51 +0200 > > Guido Falsi schrieb: > >=20 > > On 29/06/23 16:35, FreeBSD User wrote: > >=20 > > Hello, > >=20 > > running a recent CURRENT, 14.0-CURRENT #10 > > main-n263871-fd774e065c5d: Thu Jun 29 05:26:55 > > CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working > > anymore on Windows 10 guest in > > bhyve. It seems OpenSSL 3 is the culprit (see the error > > message from xfreerdp below). I > > opened already a PR (see: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272281)= . In a > > very quick response I was informed that recent FreeRDP > > doesn't support OpenSSL 3 yes > > (https://github.com/FreeRDP/FreeRDP/pull/8920). > >=20 > > Checking for HowTo's setting up bhyve guests, I dodn't > > realise any setting for > > alternatives to RDP. As I do not fully understand how bhyve > > passes through its guest's > > framebuffer device/ or native GUI, I'm a bit helpless in > > searching for another solution to > > contact the Windows10 guest from the X11 desktop of the hos= ts. > >=20 > > Trying remmina turns out to be a fail, because in our > > installation libsoup2 and libsoup3 > > are installed both and remmina complains about having both > > symbols, also I realised > > remmina seems to utilize net/freerdb as the RDP backend. > >=20 > > Since I have no clue how to install "blindly" a VNCserver > > within the Windows10 guest, I > > presume VNC is not an option in any way. > >=20 > > Is there any way to access the bhyve guest's native > > graphical interface? As in the PR shown > > above already documented (setup taken from the FreeBSD > > Wiki/bhyve), a framebuffer is > > already configured. > >=20 > > It would be nice if someone could give a hint. > >=20 > >=20 > > I had the same issue, with Windows 10 pro hosts, but the fault = is in > > windows, which, by default, tries to negotiate an ancient > > protocol (NTLM > > using RC4 if I understand correctly). > >=20 > > With modern windows RDP servers there are better protocols > > available, > > you can get them in remmina by forcing "TLS protocolo security" > > in the > > advanced tab, security protocol negotiation (second row). > >=20 > > Doing this (after some experimentation with various options) > > solved the > > issue for me. > >=20 > >=20 > > Thank you very much for the quick response. > >=20 > > net/remmina is not an option on most of my workstations, since some > > required ports install > > libsoup3, and remmina complains about having found libsoup2 symbols > > as well as libsoup3 > > symbols when starting up - and quits. > >=20 > > Since remmina utilises net/freerdp, I was wondering if I could > > enforce TLS security by any > > kind of a switch, and trying the following > >=20 > > xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls > >=20 > > resulting in > >=20 > > [...] > > [17:58:18:972] [1702:bb812700] [WARN][com.winpr.utils.ssl] - OpenSSL > > LEGACY provider failed to > > load, no md4 support available! > > [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - > > BIO_read returned an > > error: error:12800067:DSO support routines::could not load the > > shared library > > [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - > > BIO_read returned an > > error: error:12800067:DSO support routines::could not load the > > shared library > > [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - > > BIO_read returned an > > error: error:07880025:common libcrypto routines::reason(524325) > > [17:58:18:973] > > [1702:bb812700] [ERROR][com.freerdp.core] - > > transport_read_layer:freerdp_set_last_error_ex > > ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] > > [17:58:18:981] [1702:bb812700] [ERROR][com.freerdp.core.transport] - > > BIO_read returned a > > system error 35: Resource temporarily unavailable > > [17:58:18:981] [1702:bb812700] [ERROR][com.freerdp.core] - > > transport_read_layer:freerdp_set_last_error_ex > > ERRCONNECT_CONNECT_TRANSPORT_FAILED > > [0x0002000D] [17:58:18:981] [1702:bb812700] > > [ERROR][com.freerdp.core] - freerdp_post_connect > > failed > >=20 > >=20 > > My setup is > >=20 > > bhyve -c 4 -m 4G -w -H \ > > -s 0,hostbridge \ > > -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk_win10.img \ > > -s 5,virtio-net,tap0 \ > > -s 29,fbuf,tcp=3D0.0.0.0:5900,w=3D1920,h=3D1200,vga=3Dio \ > > -s 30,xhci,tablet \ > > -s 31,lpc \ > > -l com1,stdio \ > > -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ > > win10 > >=20 > > and this is a working image setup a couple of weeks ago when VBox > > has been defective on > > CURRENT - should say: it worked once. > >=20 > > I can not interpret the error above. > >=20 > > bhyve is novel to me and I have to admit that I make some capital > > mistakes here - but can't > > find satisfying doucumentation ... > >=20 > > Kind reagrds, > >=20 > > Oliver > >=20 > >=20 > > RDP would be on the guest's IP using port 3389.=C2=A0=C2=A0Port 5900 on= the host's=20 > > IP is bhyve's VNC port, which speaks VNC, not RDP. > >=20 > > If you want to use VNC, try TigerVNC. > >=20 > > -Dustin =20 >=20 --=20 O. Hartmann