From nobody Thu Jun 29 16:34:52 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsPFb6mdcz4jsG2; Thu, 29 Jun 2023 16:35:31 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp6.goneo.de (smtp6.goneo.de [IPv6:2001:1640:5::8:31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QsPFb4hDwz3Bqm; Thu, 29 Jun 2023 16:35:31 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; none Received: from hub1.goneo.de (hub1.goneo.de [IPv6:2001:1640:5::8:52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp6.goneo.de (Postfix) with ESMTPS id 1DD1310A1E8A; Thu, 29 Jun 2023 18:35:22 +0200 (CEST) Received: from hub1.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPS id 3C7E3105C5ED; Thu, 29 Jun 2023 18:35:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1688056520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=w19PIR/1rTrwNLoneV5BUxDDcURMQBsLEjXFNDAmFnM=; b=KWJb3N60yFR1L4z9YkY5LBoYL4a7mveBbhasGLtxjMRQFwjpzSAvOVkrNnZt0xbCPhiT9k eKeIduE1q6JHYLGAS3Z/1FAVoyYOdIK9AlNFmQVnNE6fJR0OqgHRr9nwVi01RmoaqH9o6w pb4fDc9t/6kq1+rY0Bv8zIRq0NPfOC+oRiQ0320EVaeKPPrgD79qOJUQfUICycq1y0fTem qcy0J3wKDf+WYFvb+aTNr/v11nhxk9yDvR7UzqFuNA4u5PRJa1zeVb98raZXpaAeNlW4yT yr9pMI8rA8jD0ASWtJ9dBhn5hSkWaCitK2e7oXSQzXlsTaE+F/HGrQ2bqDmFrw== Received: from thor.intern.walstatt.dynvpn.de (dynamic-078-054-236-144.78.54.pool.telefonica.de [78.54.236.144]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPSA id E8DD6105C58D; Thu, 29 Jun 2023 18:35:19 +0200 (CEST) Date: Thu, 29 Jun 2023 18:34:52 +0200 From: FreeBSD User To: Guido Falsi Cc: freebsd-virtualization@freebsd.org, FreeBSD CURRENT Subject: Re: CURRENT: bhyve: xfreerdp doesn't support OpenSSL 3 yet. Alternatives? Message-ID: <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> In-Reply-To: References: <20230629163533.4d430fed@thor.intern.walstatt.dynvpn.de> Organization: walstatt-de.de List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-UID: ea3b7d X-Rspamd-UID: d4dbf2 X-Rspamd-Queue-Id: 4QsPFb4hDwz3Bqm X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:25394, ipnet:2001:1640::/32, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N Am Thu, 29 Jun 2023 16:41:51 +0200 Guido Falsi schrieb: > On 29/06/23 16:35, FreeBSD User wrote: > > Hello, > > > > running a recent CURRENT, 14.0-CURRENT #10 main-n263871-fd774e065c5d: Thu Jun 29 05:26:55 > > CEST 2023 amd64, xfreerdp (net/freerdp) doesn't working anymore on Windows 10 guest in > > bhyve. It seems OpenSSL 3 is the culprit (see the error message from xfreerdp below). I > > opened already a PR (see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281). In a > > very quick response I was informed that recent FreeRDP doesn't support OpenSSL 3 yes > > (https://github.com/FreeRDP/FreeRDP/pull/8920). > > > > Checking for HowTo's setting up bhyve guests, I dodn't realise any setting for > > alternatives to RDP. As I do not fully understand how bhyve passes through its guest's > > framebuffer device/ or native GUI, I'm a bit helpless in searching for another solution to > > contact the Windows10 guest from the X11 desktop of the hosts. > > > > Trying remmina turns out to be a fail, because in our installation libsoup2 and libsoup3 > > are installed both and remmina complains about having both symbols, also I realised > > remmina seems to utilize net/freerdb as the RDP backend. > > > > Since I have no clue how to install "blindly" a VNCserver within the Windows10 guest, I > > presume VNC is not an option in any way. > > > > Is there any way to access the bhyve guest's native graphical interface? As in the PR shown > > above already documented (setup taken from the FreeBSD Wiki/bhyve), a framebuffer is > > already configured. > > > > It would be nice if someone could give a hint. > > > > I had the same issue, with Windows 10 pro hosts, but the fault is in > windows, which, by default, tries to negotiate an ancient protocol (NTLM > using RC4 if I understand correctly). > > With modern windows RDP servers there are better protocols available, > you can get them in remmina by forcing "TLS protocolo security" in the > advanced tab, security protocol negotiation (second row). > > Doing this (after some experimentation with various options) solved the > issue for me. > Thank you very much for the quick response. net/remmina is not an option on most of my workstations, since some required ports install libsoup3, and remmina complains about having found libsoup2 symbols as well as libsoup3 symbols when starting up - and quits. Since remmina utilises net/freerdp, I was wondering if I could enforce TLS security by any kind of a switch, and trying the following xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls resulting in [...] [17:58:18:972] [1702:bb812700] [WARN][com.winpr.utils.ssl] - OpenSSL LEGACY provider failed to load, no md4 support available! [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:12800067:DSO support routines::could not load the shared library [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:12800067:DSO support routines::could not load the shared library [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:07880025:common libcrypto routines::reason(524325) [17:58:18:973] [1702:bb812700] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [17:58:18:981] [1702:bb812700] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 35: Resource temporarily unavailable [17:58:18:981] [1702:bb812700] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [17:58:18:981] [1702:bb812700] [ERROR][com.freerdp.core] - freerdp_post_connect failed My setup is bhyve -c 4 -m 4G -w -H \ -s 0,hostbridge \ -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk_win10.img \ -s 5,virtio-net,tap0 \ -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1200,vga=io \ -s 30,xhci,tablet \ -s 31,lpc \ -l com1,stdio \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ win10 and this is a working image setup a couple of weeks ago when VBox has been defective on CURRENT - should say: it worked once. I can not interpret the error above. bhyve is novel to me and I have to admit that I make some capital mistakes here - but can't find satisfying doucumentation ... Kind reagrds, Oliver -- O. Hartmann