[BUG] Can't access remotely OpenShift Local (CRC) running on Win11 from rhel9 VM

[aocferreira]

General information

• OS: Windows
• Hypervisor: Hyper-V
• Did you run crc setup before starting it (Yes/No)? Yes
• Running CRC on: Laptop

CRC version

CRC version: 2.10.1+7e7f6b2d
OpenShift version: 4.11.7
Podman version: 4.2.0

CRC status

DEBU CRC version: 2.10.1+7e7f6b2d
DEBU OpenShift version: 4.11.7
DEBU Podman version: 4.2.0
DEBU Running 'crc status'
DEBU Checking file: C:\Users\andrefe\.crc\machines\crc\.crc-exist
DEBU Checking file: C:\Users\andrefe\.crc\machines\crc\.crc-exist
DEBU Running 'Hyper-V\Get-VM crc | Select-Object -ExpandProperty State'
DEBU Running SSH command: df -B1 --output=size,used,target /sysroot | tail -1
DEBU Using ssh private keys: [C:\Users\andrefe\.crc\machines\crc\id_ecdsa C:\Users\andrefe\.crc\cache\crc_hyperv_4.11.7_amd64\id_ecdsa_crc]
DEBU SSH command results: err: <nil>, output: 32737570816 16656883712 /sysroot
CRC VM:          Running
OpenShift:       Running (v4.11.7)
Podman:
Disk Usage:      16.66GB of 32.74GB (Inside the CRC VM)
Cache Usage:     18.06GB
Cache Directory: C:\Users\andrefe\.crc\cache

CRC config

- consent-telemetry                     : no

Host Operating System

Host Name:                 DESKTOP-HGKVRBI
OS Name:                   Microsoft Windows 11 Enterprise
OS Version:                10.0.22621 N/A Build 22621
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          N/A
Registered Organization:   N/A
Product ID:                00330-80000-00000-AA876
Original Install Date:     05/10/2022, 22:53:24
System Boot Time:          29/10/2022, 10:42:33
System Manufacturer:       Microsoft Corporation
System Model:              Surface Book 3
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 126 Stepping 5 GenuineIntel ~1298 Mhz
BIOS Version:              Microsoft Corporation 15.11.140, 08/07/2022
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-gb;English (United Kingdom)
Input Locale:              pt;Portuguese (Portugal)
Time Zone:                 (UTC+00:00) Dublin, Edinburgh, Lisbon, London
Total Physical Memory:     32,353 MB
Available Physical Memory: 22,333 MB
Virtual Memory: Max Size:  32,353 MB
Virtual Memory: Available: 20,704 MB
Virtual Memory: In Use:    11,649 MB
Page File Location(s):     N/A
Domain:                    WORKGROUP
Logon Server:              \\DESKTOP-HGKVRBI
Hotfix(s):                 3 Hotfix(s) Installed.
                           [01]: KB5017271
                           [02]: KB5018427
                           [03]: KB5017233
Network Card(s):           10 NIC(s) Installed.
                           [01]: Fortinet Virtual Ethernet Adapter (NDIS 6.30)
                                 Connection Name: Ethernet 3
                                 Status:          Media disconnected
                           [02]: Fortinet SSL VPN Virtual Ethernet Adapter
                                 Connection Name: Ethernet 4
                                 Status:          Media disconnected
                           [03]: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
                                 Connection Name: Ethernet 5
                                 Status:          Hardware not present
                           [04]: VirtualBox Host-Only Ethernet Adapter
                                 Connection Name: VirtualBox Host-Only Network
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 169.254.249.83
                                 [02]: fe80::1e52:1e1a:881:3279
                           [05]: Wintun Userspace Tunnel
                                 Connection Name: OpenVPN Wintun
                                 Status:          Media disconnected
                           [06]: TAP-Windows Adapter V9
                                 Connection Name: Local Area Connection 2
                                 Status:          Media disconnected
                           [07]: Intel(R) Wi-Fi 6 AX201 160MHz
                                 Connection Name: WiFi
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.1.1
                                 IP address(es)
                                 [01]: 192.168.1.77
                           [08]: VMware Virtual Ethernet Adapter for VMnet1
                                 Connection Name: VMware Network Adapter VMnet1
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.182.254
                                 IP address(es)
                                 [01]: 192.168.182.1
                                 [02]: fe80::779a:433d:2dfb:22c2
                           [09]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection
                                 Status:          Media disconnected
                           [10]: VMware Virtual Ethernet Adapter for VMnet8
                                 Connection Name: VMware Network Adapter VMnet8
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.186.254
                                 IP address(es)
                                 [01]: 192.168.186.1
                                 [02]: fe80::11cb:1fa0:6150:b729
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Steps to reproduce

1. Setup CRC on win11
2. Add rule in firewall to allow connections
3. Create port forwarding rule to send connections to 127.0.0.1:6443 where CRC is running netsh interface portproxy add v4tov4 listenaddress=192.168.1.77 listenport=9001 connectaddress=127.0.0.1 connectport=6443
4. From the VM: oc login -u developer -p developer https://192.168.1.77:9001

Expected

Remote access to OpenShift

Actual

[test@workstation ~]$ oc login -u developer -p developer https://192.168.1.77:9001 The server is using a certificate that does not match its hostname: x509: certificate is valid for 10.217.4.1, not 192.168.1.77 You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): y

Error from server (InternalError): Internal error occurred: unexpected response: 412

Logs

Before gather the logs try following if that fix your issue

$ crc delete -f
$ crc cleanup
$ crc setup
$ crc start --log-level debug

Please consider posting the output of crc start --log-level debug on http://gist.github.com/ and post the link in the issue.

https://gist.github.com/aocferreira/dfddb62a21dc3e2d001619cc7090d5e2

[gbraad]

Why do you use 192.168.1.77 ? IIRC, that the Hyper-V virtual switches have forwarding disabled out of the box. This is also the reason why you are not able to connect from WSL to a VM.

Get-NetIPInterface | where {$_.InterfaceAlias -eq 'vEthernet (WSL)' -or $_.InterfaceAlias -eq 'vEthernet (Default Switch)'} | Set-NetIPInterface -Forwarding Enabled

Might this be the reason?

[aocferreira]

Hi gbraad,

Thanks for your reply.

I was using 192.168.1.77 because that's the IP address of my laptop on the local network 192.168.1.0/24.

So, you are saying that I should not connect via that interface but instead using below one?

Ethernet adapter vEthernet (Default Switch):

Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d95f:e7ae:f5c:3ff1%36 IPv4 Address. . . . . . . . . . . : 172.24.64.1 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . :

I cannot ping this address from my test VM... Let me know if I miss something..

[gbraad]

from the VM:

the VM is running on the same host, connected to the Virtual Switch (Default Switch), right?

[aocferreira]

Sorry, i should have said that on this setup I have the VM running on VMware workstation. is it a problem connecting with CRC assuming its running on hyperV?

[gbraad]

I am now very unclear of your setup.

You are running a nested virtualization setup, or is VMware running alongside of Hyper-V? I hope you understand that this kind of setup is not something we test. We can not reproduce anything involving VMware, so in that case you are responsible for your network configuration and settings. Perhaps someone in the community might be able to help.

[aocferreira]

Hi @gbraad VMware was running alongside Hyper-V, but I will test now to have my VM also running on HyperV together with 'crc' VM.. You are saying this setup should work? However i was checking and it seems this VM doesn't have external IP/network adapter and resolves only to 127.0.0.1 ... how should I be able to connect vrom my VM to CRC?

Any article that i can follow?

thanks.

[aocferreira]

i have now both VMs runing in HyperV and both of them connected to default Switch. Connectivity is working between them.

[test@localhost ~]$ oc login -u developer -p developer https://172.24.68.13:6443 The server is using a certificate that does not match its hostname: x509: certificate is valid for 10.217.4.1, not 172.24.68.13 You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): y

The connection to the server oauth-openshift.apps-crc.testing was refused - did you specify the right host or port?

Is this even suppose to work? Idea is to accomplish something similar as: https://github.com/code-ready/crc/issues/3038

But as far as I can see that issue was not resolved.

Thank you.

[aocferreira]

i've managed to connect. However, 'crc status' says that OpenShift is unreachable... Any idea why?

[gbraad]

Not sure what the final setup looks like, but

However, 'crc status' says that OpenShift is unreachable

is based on a local query to the API. this might fail if things have moved around. If your environment works, reachable as intended by you, I would ignore the status value.

[aocferreira]

thanks for the help @gbraad .