From nobody Fri Jun 30 14:55:04 2023 X-Original-To: virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsyzP6HR8z4kbhN for ; Fri, 30 Jun 2023 14:55:13 +0000 (UTC) (envelope-from oleg.nauman@gmail.com) Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QsyzP1gJ3z47LQ for ; Fri, 30 Jun 2023 14:55:13 +0000 (UTC) (envelope-from oleg.nauman@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20221208 header.b=ni6nF1dy; spf=pass (mx1.freebsd.org: domain of oleg.nauman@gmail.com designates 2a00:1450:4864:20::32c as permitted sender) smtp.mailfrom=oleg.nauman@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3fa8ce2307dso24233585e9.2 for ; Fri, 30 Jun 2023 07:55:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688136908; x=1690728908; h=content-transfer-encoding:mime-version:references:in-reply-to :organization:message-id:date:subject:to:from:from:to:cc:subject :date:message-id:reply-to; bh=WiSbCDAWq111vAWMa6QKaAKsKNiAlHGA3FBrnVaM5II=; b=ni6nF1dyx371S3VtHppwTSfM/CvqONY78gDavcZQyrWocSxydAwWekmkbrGAjL/v7o THQtzmbFDS1acgRLNZzEIR2rPewunbGJ+gIUhmgPwM2eifcsZE9bcnwitUwU2YQmb8GO 8o2YWh1XnMqMuQtv7fxX4/qKnAB0s0eNRvKZtJokg/dmtHN6dNlhQm6oh8HVYwKV4wOh LbYj9raB8SNn9teoHA1tYspazF2fnOWRGeZMFBu4O3yUBZrgCL09V+0s4sL7fQezmBEc 9UEhmPhXRyKgOKeBnxVdMPL8hMfTVw9mbhYXDFAPGN65e1OasORTpjbiwUBsk7nvjl1M 1ZWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688136908; x=1690728908; h=content-transfer-encoding:mime-version:references:in-reply-to :organization:message-id:date:subject:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=WiSbCDAWq111vAWMa6QKaAKsKNiAlHGA3FBrnVaM5II=; b=ep518qHfj/++8y+ciDeS97fGOGyR788fZvw5aUHkLb2hjTyDYd9mtRVVWGxWhX4uJn V+itNwJZ9EGJy75EY44MSJpOBx0YRaIK8ttG8T2ATsE3NWLOwV7eivcqGzYoKb4clUfM ykLQ5JtZ1YSGwF1kNQkJI8POTdihsGwl9lDtXwZjCX0BDyqWOBjQwzteCFmfw7wfLie3 0B9809bU/ns5C2JwNURZBM0Slwv0VRxx0G/vkYjsgLZq6fRpZ4rs1VpHaNcm4ZjBNjdY +PrkOW8dJMCHBI/LKOoTqaVP4qSxRhGsuYAULVaWrGIMOAEDIamM/Yso6aykEzZ7QI57 gE8Q== X-Gm-Message-State: AC+VfDyxyctgQQkU4Bj2wSaQXceugwJ9zAXqDzzOgMhLGdfgJ6csH9Y/ 1c1fK/HP1YrUfvgr6TWgNCWQNAaGQrR68Q== X-Google-Smtp-Source: ACHHUZ558m4L4UKbd9KGw1cWKOmx7y3Hw6BGIXMYg8CWtohuGof1wX72ZFFVFvtFIis0jZVFp8nGPw== X-Received: by 2002:a05:600c:2243:b0:3f6:53a:6665 with SMTP id a3-20020a05600c224300b003f6053a6665mr2632937wmm.19.1688136908362; Fri, 30 Jun 2023 07:55:08 -0700 (PDT) Received: from sigill.theweb.org.ua ([88.154.51.10]) by smtp.gmail.com with ESMTPSA id q9-20020a1ce909000000b003fbc90e030csm1247971wmc.37.2023.06.30.07.55.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jun 2023 07:55:07 -0700 (PDT) From: "Oleg V. Nauman" To: virtualization@freebsd.org Subject: Re: CURRENT: bhyve: xfreerdp doesn't support OpenSSL 3 yet. Alternatives? Date: Fri, 30 Jun 2023 17:55:04 +0300 Message-ID: <4025709.BRNeRiNLvY@sigill.theweb.org.ua> Organization: Private persom In-Reply-To: <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> References: <20230629163533.4d430fed@thor.intern.walstatt.dynvpn.de> <20230629183519.7eff8540@thor.intern.walstatt.dynvpn.de> List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spamd-Result: default: False [-0.30 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; NEURAL_HAM_SHORT(-1.00)[-0.997]; NEURAL_HAM_LONG(-0.80)[-0.800]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; CTE_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[virtualization@freebsd.org]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; TAGGED_FROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32c:from]; HAS_ORG_HEADER(0.00)[]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[virtualization@freebsd.org] X-Rspamd-Queue-Id: 4QsyzP1gJ3z47LQ X-Spamd-Bar: / X-ThisMailContainsUnwantedMimeParts: N On 2023 M06 29, Thu 19:34:52 EEST FreeBSD User wrote: > Am Thu, 29 Jun 2023 16:41:51 +0200 > > Guido Falsi schrieb: > > On 29/06/23 16:35, FreeBSD User wrote: > > > Hello, > > > > > > running a recent CURRENT, 14.0-CURRENT #10 main-n263871-fd774e065c5d: > > > Thu Jun 29 05:26:55 CEST 2023 amd64, xfreerdp (net/freerdp) doesn't > > > working anymore on Windows 10 guest in bhyve. It seems OpenSSL 3 is the > > > culprit (see the error message from xfreerdp below). I opened already a > > > PR (see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281). In > > > a very quick response I was informed that recent FreeRDP doesn't > > > support OpenSSL 3 yes (https://github.com/FreeRDP/FreeRDP/pull/8920). > > > > > > Checking for HowTo's setting up bhyve guests, I dodn't realise any > > > setting for alternatives to RDP. As I do not fully understand how bhyve > > > passes through its guest's framebuffer device/ or native GUI, I'm a bit > > > helpless in searching for another solution to contact the Windows10 > > > guest from the X11 desktop of the hosts. > > > > > > Trying remmina turns out to be a fail, because in our installation > > > libsoup2 and libsoup3 are installed both and remmina complains about > > > having both symbols, also I realised remmina seems to utilize > > > net/freerdb as the RDP backend. > > > > > > Since I have no clue how to install "blindly" a VNCserver within the > > > Windows10 guest, I presume VNC is not an option in any way. > > > > > > Is there any way to access the bhyve guest's native graphical interface? > > > As in the PR shown above already documented (setup taken from the > > > FreeBSD Wiki/bhyve), a framebuffer is already configured. > > > > > > It would be nice if someone could give a hint. > > > > I had the same issue, with Windows 10 pro hosts, but the fault is in > > windows, which, by default, tries to negotiate an ancient protocol (NTLM > > using RC4 if I understand correctly). > > > > With modern windows RDP servers there are better protocols available, > > you can get them in remmina by forcing "TLS protocolo security" in the > > advanced tab, security protocol negotiation (second row). > > > > Doing this (after some experimentation with various options) solved the > > issue for me. > > Thank you very much for the quick response. > > net/remmina is not an option on most of my workstations, since some required > ports install libsoup3, and remmina complains about having found libsoup2 > symbols as well as libsoup3 symbols when starting up - and quits. > > Since remmina utilises net/freerdp, I was wondering if I could enforce TLS > security by any kind of a switch, and trying the following > > xfreerdp /v:192.168.0.128:5900 /u:ohartmann /sec:tls You can use net/rdesktop as RDP client. I have found it working with Windows 10 instance hosted by bhyve while I was trying to find solution for xreerdp failing to connect after openssl update to 3.0