Opened 10 years ago
Closed 10 years ago
#14038 closed defect (fixed)
VRDP not listening for IPv6 on Linux host [Fixed in SVN]
| Reported by: | Timothe Litt | Owned by: | |
|---|---|---|---|
| Component: | RDP | Version: | VirtualBox 4.3.26 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
Host OS Fedora 17
4.3 claims IPv6 support for RDP, but it isn't listening.
In VBox.log:
VirtualBox VM 4.3.26_OSE r98988 linux.amd64 (Mar 24 2015 20:06:06) release log 00:00:00.258916 VRDP: TCP server listening on port 3392 (IPv4 and IPv6). netstat -nltp | grep 3392 tcp 0 0 0.0.0.0:3392 0.0.0.0:* LISTEN 24636/VBoxHeadless
If VRDP was listening on IPv6, there would be a tcp 0 0 :::3392 line
telnet :: 3392 Trying ::... telnet: connect to address ::: Connection refused
The confusion may be that on some OSs a wildcard socket listen will accept connections from any address family. Or assume IPv4-compatible IPv6 addresses when listening on IPv6 sockets.
This is not the case on all Linux distributions. I don't think any accept either address family on an IPv4 listen. And whether IPv6 sockets accept IPv4 connections depends on the default for IPV6_ONLY, the default for which is configurable in /proc and varies by distribution.
VDRP appears to be listening on IPv4 0.0.0.0.
In the general case, VRDP needs to listen on two sockets to accept connections from both IPv4 and IPv6. This will work on any OS. Or there could be a configuration option to specify which address family to listen to.
In any case, the current log message is wrong and it doesn't seem possible to connect to VirtualBox's RDP over IPv6 on Fedora.
Related: it should be possible to bind the listen(s) to a specific IP address (v4 and/or v6). In a multihomed environment (which all IPv6 environments are), this can be useful. For example, one could use the default RDP port for all VMs if one could specify a dedicated IP address for each VM's RDP listener. Filtering by address can also reduce the number of rules required for some firewall situations.
Change History (6)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Thanks. Progress, but not complete success.
I installed 4.3.27-99580.vbox-extpack and shutdown/restarted one of my VMs.
VRDP now seems to be listening on IPv6 and IPv4 by default; one can connect to either port.
BUT, not if I specify a hostname that has both IPv6 and IPv4 addresses. Here is a failing case:
# host hagrid.sb.litts.net hagrid.sb.litts.net has address 192.168.148.136 hagrid.sb.litts.net has IPv6 address 2001:4830:11a2:941::136 # vboxmanage modifyvm "d71777f5-a958-40ab-ae3b-d52e0358ae17" --vrdeaddress hagrid.sb.litts.net (start VM) # netstat -nltp | grep 3394 tcp 0 0 192.168.148.136:3394 0.0.0.0:* LISTEN 14424/VBoxHeadless tcp 0 0 127.0.0.1:3394 0.0.0.0:* LISTEN 14424/VBoxHeadless
Here, VRDP is picking up the IPv4 address, but instead of the IPv6 address, it is using the IPv4 loopback address.
VBox.log VirtualBox VM 4.3.26_OSE r98988 linux.amd64 (Mar 24 2015 20:06:06) release log 00:00:00.030762 Log opened 2015-04-15T13:16:53.083146000Z 00:00:00.030764 Build Type: release 00:00:00.030772 OS Product: Linux 00:00:00.030774 OS Release: 2.6.43.8-1.fc15.x86_64 00:00:00.030775 OS Version: #1 SMP Mon Jun 4 20:33:44 UTC 2012 00:00:00.031094 DMI Product Name: PowerEdge 1900 00:00:00.031112 DMI Product Version: 00:00:00.031395 Host RAM: 7981MB total, 4238MB available 00:00:00.031400 Executable: /opt/VirtualBox/VBoxHeadless 00:00:00.031401 Process ID: 14424 00:00:00.031402 Package type: LINUX_64BITS_GENERIC (OSE) 00:00:00.034605 Installed Extension Packs: 00:00:00.034619 Oracle VM VirtualBox Extension Pack (Version: 4.3.27 r99580; VRDE Module: VBoxVRDP) 00:00:00.040591 VRDP: Statistics created: [full], enabled: 0. 00:00:00.041906 VRDP: VRDP: VD: Frames=10 MinMS=15 MaxMS=300 HistoryMS=2000 VideoMS=300 00:00:00.052581 VRDP: TCP server listening on port 3394 (IPv4).
If I use an IPv6-only host name, I can listen only on IPv6:
# host hagrid.v6.sb.litts.net hagrid.v6.sb.litts.net has IPv6 address 2001:4830:11a2:941::136 # vboxmanage modifyvm "d71777f5-a958-40ab-ae3b-d52e0358ae17" --vrdeaddress hagrid.v6.sb.litts.net (start VM) # netstat -nltp | grep 3394 tcp 0 0 2001:4830:11a2:941::13:3394 :::* LISTEN 14926/VBoxHeadless (Netstat is truncating the IPv6 address for display; the actual listening socket is correct.)
VRDP really should be listening on every address family/address returned by getaddrinfo()... If a host has 2 IPv4 addresses and 6 IPv6 addresses registered in DNS, there should be 6 listening sockets.
Or at least, one per address family. (From getaddrinfo()'s list, or allow specifying 2 host names; e.g. --vrdeaddress hagrid.v6.sb.litts.net,hagrid.v4.sb.litts.net .)
But certainly NOT one random family + a loopback address.
Note that the order in which getaddrinfo returns addresses is unpredictable/a site choices. RFC 3484 says essentially that "the family with the best success rate should be returned first". This can be influenced by site configuration. (Under linux, see gai.conf.) See sections 6 and 10 in the RFC. However, note that this is oriented toward connect(), not listen().
It still isn't possible to specify the address that VRDE binds to in the VirtualBox GUI. Perhaps this can be added to the "Server Port" field of the "Remote Display" tab under "Display" settings. (e.g. [2001:db8::1]:3389 or host.example.com:3389)
comment:3 by , 10 years ago
Thanks for testing. The VRDP server actually listens on every AF_INET/AF_INET6 address returned by getaddrinfo() and creates separate listening sockets. I'll have to reproduce the case to see what is going wrong.
The dependency on the order in which getaddrinfo returns addresses was a bug in the VRDP server code, which is fixed in 4.3.27-99580 extpack.
comment:4 by , 10 years ago
You can stop looking for a reproducer. I've tracked this down.
The latest confusion appears to be Fedora putting the IPv4 addresses -- including loopback -- in /etc/hosts, but not the IPv6 address. Adding the IPv6 address to /etc/hosts, thus matching DNS causes VRDP to open the three addresses (V4, V6, V4.loop) in /etc/hosts.
Looks like the new VRDP is doing the right thing as far as opening the listening sockets per getaddrinfo(). Sorry I didn't catch that sooner.
That leaves the inability to specify an address/hostname in the GUI.
Thanks.
comment:5 by , 10 years ago
| Summary: | VRDP not listening for IPv6 on Linux host → VRDP not listening for IPv6 on Linux host [Fixed in SVN] |
|---|
Great, thanks. The fix will be of course available in the next 4.3 release.
Regarding GUI: there was a related request 7441. Frank's comment is still valid and reflects the current state.
Thanks for the report.
Please try https://www.virtualbox.org/download/testcase/Oracle_VM_VirtualBox_Extension_Pack-4.3.27-99580.vbox-extpack
This problem happened because getaddrinfo returned IPv4 address before IPv6 and the VRDP server created the IPv4 socket first, so the IPv6 socket (which tried to listen for IPv4 too) could not be set to listened state later.