winapps-org
[Workaround found][Upstream issue] Windows 11 + Podman : RDP seems to not work due to missing permission for podman
We tried to use Podman but RDP connection seemed to fail, this is most likely related to this upstream issue : https://github.com/dockur/windows/issues/679
This behavior and issue should be :
- [ ] Issue documented
- [ ] Workaround documented (mentioned here)
- [X] Investigated with help from @Moon1moon https://universal-blue.discourse.group/t/podman-and-freerdp-problem/2000/2
so, you can access it via vnc, but not rdp? (or atleast, rdp doesn't work anymore)
Yes via vnc it works, docker works with VNC and RDP @DaRandomCube
we have the same thing then
anyway any idea on how to fully delete the win11 podman thing? as when i use podman-compose rm and try to podman-compose --file, it doesn't download the windows 10 iso, aka there are some leftovers
Maybe this : https://docs.podman.io/en/latest/markdown/podman-system-prune.1.html
I haven't tested but I need to cleanup as well
I think I'll try to capture with wireshark at a later time a successful authentification with Docker and the issue with Podman and then try and compare both to see if I can pinpoint what is the issue.
I think I'll try to capture with wireshark at a later time a successful authentification with Docker and the issue with Podman and then try and compare both to see if I can pinpoint what is the issue.
any updates?
Nope I didn't find time to do it, assume there is no news unless I put an update here publicly
@AkechiShiro some clue to run freerdp with podman
https://universal-blue.discourse.group/t/podman-and-freerdp-problem/2000/2
To quote my answer upstream, a workaround is the following and then winapps can be used inside the shell spawned with the podman command.
You can try @DaRandomCube, should work for you
That seems to work @Moon1moon but only in the shell spawned from
podman unshare --rootless-netnsThen inside that shell, you can connect using
xfreerdpand it does work with podman.I had to specify (under NixOS with a shell managed by Home-Manager, else it was failing to enter the new shell)
SHELL=/bin/sh podman unshare --rootless-netnswith the following error :
Error: fork/exec /run/current-system/sw/bin/zsh: no such file or directory
To quote my answer upstream, a workaround is the following and then
winappscan be used inside the shell spawned with thepodmancommand.You can try @DaRandomCube, should work for you
That seems to work @Moon1moon but only in the shell spawned from
podman unshare --rootless-netnsThen inside that shell, you can connect using
xfreerdpand it does work with podman. I had to specify (under NixOS with a shell managed by Home-Manager, else it was failing to enter the new shell)SHELL=/bin/sh podman unshare --rootless-netnswith the following error :
Error: fork/exec /run/current-system/sw/bin/zsh: no such file or directory
Too late Made a new container with windows 10 and removed the 11 one If i go back home tomorrow i will try it
tried with a tiny11 container
created 2 tmux panes, each one is in the shell made by podman unshare --rootless-netns
one to up the container, and another to run the setup file, and that didn't work
tried with a tiny11 container created 2 tmux panes, each one is in the shell made by
podman unshare --rootless-netnsone to up the container, and another to run the setup file, and that didn't work
have you tried starting the container in a shell in your default netns, then running setup.sh in the rootless netns? that's what has worked for me.
I have no idea why it doesn't work for you, I think something specific with your setup that I probably dont have, you're on Fedora ?
Perhaps there is something else, that I dont have on NixOS on my side.
retried again, still doesn't work even on a tiny10 container
maybe it has to do something with #322
the initialized-exited issue doesn't happen atm (maybe the solution was memory thing?), so i retried, and nothing changed
tried vice-versa, same thing
made sure that the dependencies are installed
Try and show ip a output in the podman unshare ---rootless-netns shell
I think there is something different in there maybe the interface of the podman container.
Try and show
ip aoutput in the podman unshare ---rootless-netns shellI think there is something different in there maybe the interface of the podman container.
here is the output of ip a inside of podman unshare --rootles-netns which has the podman container running inside
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 3a:a7:b9:b9:35:3b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute wlo1
valid_lft forever preferred_lft forever
inet6 fe80::38a7:b9ff:feb9:353b/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
1087: podman1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fe:aa:fe:f8:83:69 brd ff:ff:ff:ff:ff:ff
inet 10.89.0.1/24 brd 10.89.0.255 scope global podman1
valid_lft forever preferred_lft forever
inet6 fe80::fcaa:feff:fef8:8369/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
1088: veth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master podman1 state UP group default qlen 1000
link/ether 82:c6:a0:b7:d1:e1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::80c6:a0ff:feb7:d1e1/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
and for whatever unknown funny reason there i can connect using rdp in the normal way now lemme test tiny11 instead of 10 real quick* -# maybe real quick
update: on a tiny11 container, the only way to connect using rdp is like what you said, xfreerdp from the podman unshare shell
the container needs to be started from a normal shell
@AkechiShiro I did see in a forum (can't quite remember where) where there was a discussion about privileged containers causing that issue. Maybe worth trying setting the permissions manually?
Thanks for the clarification @LDprg, I'm sorry but I don't have time right now to test and search the cleaner fix, with settings the permissions but a workaround was mentioned, like boot the podman containers and then, I believe that the podman needs to run with some more privileges.
- Run :
podman unshare ---rootless-netns /bin/bash - inside the shell run
xfreerdporwinapps
@AkechiShiro emm, my windows was advertising its ip as 20.20.20.21 , wich is so weird
@AkechiShiro its microsoft's public ip , and doesnt work , iam gonna see my luck using docker
@AkechiShiro here are the errors in fedora :
xfreerdp /u:"user" /p:"user" /v:20.20.20.21 /cert:tofu
[19:18:23:734] [8568:00002179] [WARN][com.freerdp.client.xfreerdp.utils] - [run_action_script]: [ActionScript] no such script '/home/user/.config/freerdp/action.sh'
[19:18:23:734] [8568:00002179] [WARN][com.freerdp.client.xfreerdp.utils] - [run_action_script]: [ActionScript] no such script '/home/user/.config/freerdp/action.sh'
[19:18:38:763] [8568:00002179] [ERROR][com.freerdp.core] - [freerdp_tcp_default_connect]: ERRCONNECT_CONNECT_FAILED [0x00020006]
[19:18:38:763] [8568:00002179] [ERROR][com.freerdp.core] - [freerdp_tcp_default_connect]: failed to connect to 20.20.20.21
[19:18:38:763] [8568:00002179] [ERROR][com.freerdp.core.nego] - [nego_connect]: Failed to connect
@gitnohubz I've seen this issue which could be related but I believe you tested using podman : https://github.com/dockur/windows/issues/191
The IP you should use is localhost or 127.0.0.1 and not 20.20.20.21 that you target with RDP.
EDIT : Remove another unrelated issue
@AkechiShiro setting up 127.0.0.1 in the root terminal of "podman unshare --rootless-netns" did work , thanks