Solved xrdp in jail

solskogen

solskogen

Hi!

I'm having trouble getting xrdp to start in a jail. The error is:

Code: 
Starting xrdp.
logging configuration:
        LogFile:       /var/log/xrdp.log
        LogLevel:      4
        EnableSyslog:  1
        SyslogLevel:   4
[20190404-11:26:56] [DEBUG] Testing if xrdp can listen on 0.0.0.0 port 3389.
[20190404-11:26:56] [ERROR] g_tcp_socket: Protocol not supported
[20190404-11:26:56] [ERROR] Failed to start xrdp daemon, possibly address already in use.
/usr/local/etc/rc.d/xrdp: WARNING: failed to start xrdp

I tried setting "address=192.168.0.40" as well, but still (almost) the same error (the ipaddress changed)


My jail.conf looks like this:
Code: 
exec.start      = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
mount.fdescfs;
mount.procfs;

mount.fstab = "/etc/fstab.$name";
host.hostname = "$name";
allow.nomount;
allow.mount.procfs;
allow.raw_sockets = 1;

path = "/usr/jails/$name";
persist;
allow.raw_sockets;
interface = "bce0";

nimmen {
        ip4.addr = "192.168.0.40/32";
        ip4.addr += "lo0|127.0.0.1/8";

}

xrdp works just fine on the host.
 
Is xrdp running on the host when you try that on the jail and, if yes, what is the address used by xrdp on the host ? What is the network interface used by the host ? If the xrdp on the host uses 0.0.0.0 and the jail and the host use the same network interface, I would expect your result. I am not sure though.
 
No, this happens when only the jail is running xrdp. I only tried running xrdp on the host just check if running it in a jail was the culpit or not.
 
Have you checked with sockstat() if something was already listening on that port (after that, I have no more idea...) ?
 
For anyone coming across this in the future: The "proper" way of doing this is ensuring that xrdp doesn't try to connect to an interface via IPv6. Looking at the xrdp configuration file (/usr/local/etc/xrdp/xrdp.ini) we find:
Code: 
; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
;
; Examples:
;   port=3389
;   port=unix://./tmp/xrdp.socket
;   port=tcp://.:3389                           127.0.0.1:3389
;   port=tcp://:3389                            *:3389
;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
;   port=tcp6://.:3389                          ::1:3389
;   port=tcp6://:3389                           *:3389
;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
;   port=vsock://<cid>:<port>
port=3389
Changing this to port=tcp://.:3389 allows starting xrdp in the jail using only IPv4 successfully.
 
I'm having a similar issue on a IPv4-only jail.

Starting xrdp itself works (I can connect from a RDP client). However, xrdp-sesman won't start. I suspect this is caused by sesman trying to listen on a IPv6 address.

How can I prevent xrdp-sesman from trying to listen on IPv6?

/usr/local/etc/xrdp/xrdp.ini ( working):
Code: 
port=tcp://192.168.100.5:3389

/usr/local/etc/xrdp/sesman.ini (not working):
Code: 
[Globals]                                                  
ListenAddress=192.168.100.5
ListenPort=3350

/var/log/xrdp-sesman.log:
Code: 
[20221018-11:41:34] [ERROR] g_tcp_socket: Protocol not supported
[20221018-11:41:34] [ERROR] Failed to start xrdp-sesman daemon, possibly address already in use.
 
freebsd-fan said:
I'm having a similar issue on a IPv4-only jail.

Starting xrdp itself works (I can connect from a RDP client). However, xrdp-sesman won't start. I suspect this is caused by sesman trying to listen on a IPv6 address.

How can I prevent xrdp-sesman from trying to listen on IPv6?

/usr/local/etc/xrdp/xrdp.ini ( working):
Code: 
port=tcp://192.168.100.5:3389

/usr/local/etc/xrdp/sesman.ini (not working):
Code: 
[Globals]                                                 
ListenAddress=192.168.100.5
ListenPort=3350

/var/log/xrdp-sesman.log:
Code: 
[20221018-11:41:34] [ERROR] g_tcp_socket: Protocol not supported
[20221018-11:41:34] [ERROR] Failed to start xrdp-sesman daemon, possibly address already in use.
Click to expand...
As Hiroo Ono mentioned, you must add a ipv6.addr to the jail file. There must be another way around this, but I had the same error as you and
adding the below to my jails jail.conf fixed it.

Code: 
ip6.addr = "fd90:9030::1";
 
You must log in or register to reply here.
Back
Top