[BitVisor-devel-en:118] Re: Bitvisor Wireguard problems?
Lonnie Cumberland
lonnie at outstep.com
Fri Jun 14 23:34:23 JST 2024
Happy Friday All,
I have been trouble shooting the "crashing" problem and here is what I
have found out so far.
1. If turn off "Wireguard" in the "make config" and set the "net=ippass"
then everything runs perfect with no crashing.
2. I tested with wireguard "on" and "net=ipwggos" and also various
settings with these (Actually made a build with each one and tested) but
still the crash occurred:
[ ] CPU_MMU_SPT_1 Shadow type 1 (very slow and stable)
[ ] CPU_MMU_SPT_2 Shadow type 2 (faster and unstable)
[*] CPU_MMU_SPT_3 Shadow type 3 (faster and unstable)
[ ] CPU_MMU_SPT_DISABLE Disable SPT (fast, insecure and no MMIO)
Now I need your help as in looking over the default ".vpn" settings it
seems as though someone was able to connect with a SoftEther server
perhaps on VPN-Gate and I also have a SoftEther server set up and would
like to do a test to see if that works since if it does then that
effectively confirms that there is a bug in the Wireguard code that is
causing the crash and hope fully the person that developed it can help
locate that bug to get it fixed, if at all possible.
With this in mind, can someone please tell me the basic vpn
configuration that is needed to connect to a SoftEther VPN server?
Default ".vpn" settings in the defconfig
-----------------------------------------------------
.vpn = {
.mode = "L3IPsec",
.virtualGatewayMacAddress = "00-88-88-88-88-88",
.bindV4 = "true",
.guestIpAddressV4 = "192.168.100.1",
.guestIpSubnetV4 = "255.255.255.0",
.guestMtuV4 = "1400",
/* .guestVirtualGatewayIpAddressV4 = "192.168.6.254", */
.dhcpV4 = "true",
.dhcpLeaseExpiresV4 = "3600",
.dhcpDnsV4 = "192.168.3.254",
.dhcpDomainV4 = "sec.softether.co.jp",
.adjustTcpMssV4 = "1240",
.hostIpAddressV4 = "192.168.12.11",
.hostIpSubnetV4 = "255.255.255.0",
.hostMtuV4 = "1500",
.hostIpDefaultGatewayV4 = "192.168.12.254",
.optionV4ArpExpires = "60",
.optionV4ArpDontUpdateExpires = "true",
.vpnGatewayAddressV4 = "192.168.11.1",
.vpnAuthMethodV4 = "Password",
.vpnPasswordV4 = "password1",
.vpnIdStringV4 = "user1 at tsukuba.ac.jp",
.vpnCertV4 = "",
.vpnCaCertV4 = "",
.vpnRsaKeyV4 = "",
.vpnSpecifyIssuerV4 = "false",
.vpnPhase1ModeV4 = "Aggressive",
.vpnPhase1CryptoV4 = "3DES",
.vpnPhase1HashV4 = "SHA-1",
.vpnPhase1LifeSecondsV4 = "7200",
.vpnPhase1LifeKilobytesV4 = "0",
.vpnWaitPhase2BlankSpanV4 = "100",
.vpnPhase2CryptoV4 = "3DES",
.vpnPhase2HashV4 = "SHA-1",
.vpnPhase2LifeSecondsV4 = "7200",
.vpnPhase2LifeKilobytesV4 = "0",
.vpnConnectTimeoutV4 = "5",
.vpnIdleTimeoutV4 = "300",
.vpnPingTargetV4 = "192.168.3.120",
.vpnPingIntervalV4 = "12",
.vpnPingMsgSizeV4 = "32",
.bindV6 = "false",
.guestIpAddressPrefixV6 = "2000::",
.guestIpAddressSubnetV6 = "64",
.guestMtuV6 = "1400",
.raV6 = "true",
.raLifetimeV6 = "300",
.raDnsV6 = "2001:dc4::1",
.hostIpAddressV6 = "5000::1:2:3:4",
.hostIpAddressSubnetV6 = "64",
.hostMtuV6 = "1500",
.hostIpDefaultGatewayV6 = "5000::254",
.optionV6NeighborExpires = "60",
.vpnGatewayAddressV6 = "1000::1",
.vpnAuthMethodV6 = "Password",
.vpnPasswordV6 = "Akihabara",
.vpnIdStringV6 = "testv6 at tsukuba.ac.jp",
.vpnCertV6 = "",
.vpnRsaKeyV6 = "",
.vpnPhase1CryptoV6 = "3DES",
.vpnPhase1HashV6 = "SHA-1",
.vpnPhase1LifeSecondsV6 = "7200",
.vpnPhase1LifeKilobytesV6 = "0",
.vpnWaitPhase2BlankSpanV6 = "100",
.vpnPhase1ModeV6 = "Aggressive",
.vpnPhase2CryptoV6 = "3DES",
.vpnPhase2HashV6 = "SHA-1",
.vpnPhase2LifeSecondsV6 = "7200",
.vpnPhase2LifeKilobytesV6 = "0",
.vpnPhase2StrictIdV6 = "false",
.vpnConnectTimeoutV6 = "5",
.vpnIdleTimeoutV6 = "300",
.vpnPingTargetV6 = "2001:200:564:0:230:48ff:fe83:cf41",
.vpnPingIntervalV6 = "12",
.vpnPingMsgSizeV6 = "32",
},
-----------------------------------------------------
Thanks for any help that you can provide.
Looking forward to hearing from you soon,
Lonnie
On 6/13/2024 6:25 PM, Lonnie Cumberland wrote:
> Hello All,
>
> I was able to replicate the "crashing" out of Bitvisor that was
> exhibited in the VMware Workstation 17 Pro by actually loading
> Bitvisor on the Intel NUC 7 without a hypervisor like VMware or QEMU.
>
> I created a USB boot stick to boot up bitvisor.efi via the loadvmm.efi
> when I went into a UEFI shell. Once bitvisor was loaded then I started
> the Ubuntu 22.04 via the "efi\ubuntu\grub.efi" and the OS cam up as
> expected and started sending Keep-Alive packets to my Wireguard server
> node. All was good up to this point. Then, I checked that I could
> ping a few places like Yahoo and some others with no problem.
>
> The problem came as soon as I started up a web browser which seemed to
> open and go to an initial website but then everything just "froze up"
> and effectively crashed. I had to hard-boot the system at this stage,
> and was not able to get any logs or helpful information.
>
> My guess is that it may have something to do with the way that
> bitvisor handles multiple CPU's but I am not sure.
>
> I will try to get things working in QEMU and see if I can get some
> type of information to send over to the mailing list since this is a
> real problem that seems to crash out bitvisor in the way that it
> handles the guest OS and maybe it can be fixed by more knowledgeable
> people.
>
> Just wanted to report these findings and hope to hear from someone soon.
>
> Thanks and have a great day,
> Lonnie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bitvisor.org/archives/bitvisor-devel-en/attachments/20240614/32611f06/attachment.htm>
More information about the BitVisor-devel-en
mailing list