Bug report

Describe your environment

Device: MacBook Pro 2019
OS name and version: Ventura 13.3.1
IVPN app version: Daemon: v3.10.14 [amd64], UI: 3.10.14 [x64]. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) IVPN/3.10.14 Chrome/106.0.5249.199 Electron/21.4.1 Safari/537.36

Describe the problem

Even with the usual IP range "exceptions" confugured, when spinning up boxes using lima (https://github.com/lima-vm/lima), the ssh connection is refused which causes connectivity problems.

Steps to reproduce:

turn on ivpn firewall and connect to any server
install trellis-cli: brew install roots/tap/trellis-cli
Set up a trellis project trellis new example.com
spin up a local lima instance trellis vm start
alternatively: with debug output limactl start example.com --debug

Observed Results:

Connection refused at ssh stage

Log...

`limactl start example.com --debug > output.log 2>&1` ``` time="2023-05-01T14:14:35+01:00" level=debug msg="interpreting argument \"example.com\" as an instance name" time="2023-05-01T14:14:35+01:00" level=info msg="Using the existing instance \"example.com\"" time="2023-05-01T14:14:35+01:00" level=debug msg="Make sure \"shared\" network is stopped" time="2023-05-01T14:14:35+01:00" level=debug msg="Make sure \"bridged\" network is stopped" time="2023-05-01T14:14:35+01:00" level=debug msg="Make sure \"host\" network is stopped" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] Creating iso file /Users/myusername/.lima/example.com/cidata.iso" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] Using /var/folders/_g/bh765_417yx7vj8hc385mxg00000gn/T/diskfs_iso68103242 as workspace" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] OpenSSH version 9.0.1 detected" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com" time="2023-05-01T14:14:36+01:00" level=info msg="[hostagent] Starting VZ (hint: to watch the boot progress, see \"/Users/myusername/.lima/example.com/serial.log\")" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] Start udp server listening on: 127.0.0.1:54151" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] Start tcp server listening on: 127.0.0.1:51924" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] Using search domains: [ivpn-client]" time="2023-05-01T14:14:36+01:00" level=debug msg="received an event" event="{2023-05-01 14:14:36.883538 +0100 BST {false false false [] 51923}}" time="2023-05-01T14:14:36+01:00" level=info msg="SSH Local Port: 51923" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] [VZ] - vm state change: \"VirtualMachineStateStarting\"" time="2023-05-01T14:14:36+01:00" level=info msg="[hostagent] new connection from to " time="2023-05-01T14:14:36+01:00" level=info msg="[hostagent] [VZ] - vm state change: running" time="2023-05-01T14:14:36+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:14:36+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:14:37+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:14:40+01:00" level=info msg="[hostagent] 2023/05/01 14:14:40 tcpproxy: for incoming conn 127.0.0.1:51926, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: no route to host" time="2023-05-01T14:14:40+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:14:50+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:14:50+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:14:50+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:14:50+01:00" level=info msg="[hostagent] 2023/05/01 14:14:50 tcpproxy: for incoming conn 127.0.0.1:51972, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:14:50+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:00+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:00+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:00+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:00+01:00" level=info msg="[hostagent] 2023/05/01 14:15:00 tcpproxy: for incoming conn 127.0.0.1:51991, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:00+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:10+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:10+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:10+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:10+01:00" level=info msg="[hostagent] 2023/05/01 14:15:10 tcpproxy: for incoming conn 127.0.0.1:52008, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:10+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:20+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:20+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:20+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:20+01:00" level=info msg="[hostagent] 2023/05/01 14:15:20 tcpproxy: for incoming conn 127.0.0.1:52009, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:20+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:30+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:30+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:30+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:30+01:00" level=info msg="[hostagent] 2023/05/01 14:15:30 tcpproxy: for incoming conn 127.0.0.1:52010, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:30+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:40+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:40+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:40+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:40+01:00" level=info msg="[hostagent] 2023/05/01 14:15:40 tcpproxy: for incoming conn 127.0.0.1:52011, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:40+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:15:50+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:15:50+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:15:50+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:15:50+01:00" level=info msg="[hostagent] 2023/05/01 14:15:50 tcpproxy: for incoming conn 127.0.0.1:52013, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:15:50+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:00+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:00+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:00+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:00+01:00" level=info msg="[hostagent] 2023/05/01 14:16:00 tcpproxy: for incoming conn 127.0.0.1:52014, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:16:00+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:10+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:10+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:10+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:10+01:00" level=info msg="[hostagent] 2023/05/01 14:16:10 tcpproxy: for incoming conn 127.0.0.1:52015, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:16:10+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: Connection closed by remote host\\r\\nConnection closed by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:20+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:21+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:21+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:21+01:00" level=info msg="[hostagent] 2023/05/01 14:16:21 tcpproxy: for incoming conn 127.0.0.1:52016, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:16:21+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:31+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:31+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:31+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:31+01:00" level=info msg="[hostagent] 2023/05/01 14:16:31 tcpproxy: for incoming conn 127.0.0.1:52017, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:16:31+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:41+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:41+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:41+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:41+01:00" level=info msg="[hostagent] 2023/05/01 14:16:41 tcpproxy: for incoming conn 127.0.0.1:52019, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: connection was refused" time="2023-05-01T14:16:41+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 51923\\r\\n\": exit status 255" time="2023-05-01T14:16:46+01:00" level=debug msg="[hostagent] Stopping udp proxy (read udp 185.125.190.57:123: i/o timeout)" time="2023-05-01T14:16:51+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:16:51+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:16:51+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"\", err=" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] The essential requirement 1 of 3 is satisfied" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] Waiting for the essential requirement 2 of 3: \"user session is ready for ssh\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing script \"user session is ready for ssh\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing ssh for script \"user session is ready for ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ timeout 30s bash -c 'until sudo diff -q /run/lima-ssh-ready /mnt/lima-cidata/meta-data 2>/dev/null; do sleep 3; done'\\n\", err=" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] The essential requirement 2 of 3 is satisfied" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] Waiting for the essential requirement 3 of 3: \"the guest agent to be running\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing script \"the guest agent to be running\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing ssh for script \"the guest agent to be running\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ sock=/run/lima-guestagent.sock\\n+ timeout 30s bash -c 'until [ -S \\\"/run/lima-guestagent.sock\\\" ]; do sleep 3; done'\\n\", err=" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] The essential requirement 3 of 3 is satisfied" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] Waiting for the final requirement 1 of 1: \"boot scripts must have finished\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing script \"boot scripts must have finished\"" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] Forwarding unix sockets" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] executing ssh for script \"boot scripts must have finished\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 51923 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] Forwarding \"/run/lima-guestagent.sock\" (guest) to \"/Users/myusername/.lima/example.com/ga.sock\" (host)" time="2023-05-01T14:16:52+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ timeout 30s bash -c 'until sudo diff -q /run/lima-boot-done /mnt/lima-cidata/meta-data 2>/dev/null; do sleep 3; done'\\n\", err=" time="2023-05-01T14:16:52+01:00" level=info msg="[hostagent] The final requirement 1 of 1 is satisfied" time="2023-05-01T14:16:52+01:00" level=debug msg="received an event" event="{2023-05-01 14:16:52.496681 +0100 BST {true false false [] 51923}}" time="2023-05-01T14:16:52+01:00" level=info msg="READY. Run `limactl shell example.com` to open the shell." ```

Expected Results:

The normal IP address exceptions allow the connection to proceed

Log...

`ivpn firewall -off` `limactl start example.com --debug > firewall-off.log 2>&1` ``` time="2023-05-01T14:23:58+01:00" level=debug msg="interpreting argument \"example.com\" as an instance name" time="2023-05-01T14:23:58+01:00" level=info msg="Using the existing instance \"example.com\"" time="2023-05-01T14:23:58+01:00" level=debug msg="Make sure \"shared\" network is stopped" time="2023-05-01T14:23:58+01:00" level=debug msg="Make sure \"bridged\" network is stopped" time="2023-05-01T14:23:58+01:00" level=debug msg="Make sure \"host\" network is stopped" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] Creating iso file /Users/myusername/.lima/example.com/cidata.iso" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] Using /var/folders/_g/bh765_417yx7vj8hc385mxg00000gn/T/diskfs_iso2242143299 as workspace" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] OpenSSH version 9.0.1 detected" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] Start udp server listening on: 127.0.0.1:54198" time="2023-05-01T14:23:59+01:00" level=info msg="[hostagent] Starting VZ (hint: to watch the boot progress, see \"/Users/myusername/.lima/example.com/serial.log\")" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] Start tcp server listening on: 127.0.0.1:52093" time="2023-05-01T14:23:59+01:00" level=debug msg="[hostagent] Using search domains: [ivpn-client]" time="2023-05-01T14:24:00+01:00" level=debug msg="received an event" event="{2023-05-01 14:24:00.012589 +0100 BST {false false false [] 52092}}" time="2023-05-01T14:24:00+01:00" level=info msg="SSH Local Port: 52092" time="2023-05-01T14:24:00+01:00" level=debug msg="[hostagent] [VZ] - vm state change: \"VirtualMachineStateStarting\"" time="2023-05-01T14:24:00+01:00" level=info msg="[hostagent] new connection from to " time="2023-05-01T14:24:00+01:00" level=info msg="[hostagent] [VZ] - vm state change: running" time="2023-05-01T14:24:00+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:24:00+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:24:00+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:03+01:00" level=info msg="[hostagent] 2023/05/01 14:24:03 tcpproxy: for incoming conn 127.0.0.1:52095, error dialing \"192.168.5.15:22\": connect tcp 192.168.5.15:22: no route to host" time="2023-05-01T14:24:03+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 52092\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 52092\\r\\n\": exit status 255" time="2023-05-01T14:24:13+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:24:13+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:24:13+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:13+01:00" level=info msg="[hostagent] W0501 14:24:13.852487 56590 gonet.go:457] ep.GetRemoteAddress() failed: endpoint not connected" time="2023-05-01T14:24:13+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"mux_client_request_session: read from master failed: Broken pipe\\r\\nFailed to connect to new control master\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"mux_client_request_session: read from master failed: Broken pipe\\r\\nFailed to connect to new control master\\r\\n\": exit status 255" time="2023-05-01T14:24:23+01:00" level=info msg="[hostagent] Waiting for the essential requirement 1 of 3: \"ssh\"" time="2023-05-01T14:24:23+01:00" level=debug msg="[hostagent] executing script \"ssh\"" time="2023-05-01T14:24:23+01:00" level=debug msg="[hostagent] executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"\", err=" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] The essential requirement 1 of 3 is satisfied" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] Waiting for the essential requirement 2 of 3: \"user session is ready for ssh\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing script \"user session is ready for ssh\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing ssh for script \"user session is ready for ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ timeout 30s bash -c 'until sudo diff -q /run/lima-ssh-ready /mnt/lima-cidata/meta-data 2>/dev/null; do sleep 3; done'\\n\", err=" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] The essential requirement 2 of 3 is satisfied" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] Waiting for the essential requirement 3 of 3: \"the guest agent to be running\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing script \"the guest agent to be running\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing ssh for script \"the guest agent to be running\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ sock=/run/lima-guestagent.sock\\n+ timeout 30s bash -c 'until [ -S \\\"/run/lima-guestagent.sock\\\" ]; do sleep 3; done'\\n\", err=" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] The essential requirement 3 of 3 is satisfied" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] Waiting for the final requirement 1 of 1: \"boot scripts must have finished\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing script \"boot scripts must have finished\"" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] Forwarding unix sockets" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] executing ssh for script \"boot scripts must have finished\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/myusername/.lima/_config/user\" -o IdentityFile=\"/Users/myusername/.ssh/airportcars_ed255199\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/hooli_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/id_ed25519\" -o IdentityFile=\"/Users/myusername/.ssh/id_rsa\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Bitbucket\" -o IdentityFile=\"/Users/myusername/.ssh/myusername-Github\" -o IdentityFile=\"/Users/myusername/.ssh/ubuntu_vagrant\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=myusername -o ControlMaster=auto -o ControlPath=\"/Users/myusername/.lima/example.com/ssh.sock\" -o ControlPersist=5m -p 52092 127.0.0.1 -- /bin/bash]" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] Forwarding \"/run/lima-guestagent.sock\" (guest) to \"/Users/myusername/.lima/example.com/ga.sock\" (host)" time="2023-05-01T14:24:24+01:00" level=debug msg="[hostagent] stdout=\"\", stderr=\"+ timeout 30s bash -c 'until sudo diff -q /run/lima-boot-done /mnt/lima-cidata/meta-data 2>/dev/null; do sleep 3; done'\\n\", err=" time="2023-05-01T14:24:24+01:00" level=info msg="[hostagent] The final requirement 1 of 1 is satisfied" time="2023-05-01T14:24:24+01:00" level=debug msg="received an event" event="{2023-05-01 14:24:24.582219 +0100 BST {true false false [] 52092}}" time="2023-05-01T14:24:24+01:00" level=info msg="READY. Run `limactl shell example.com` to open the shell." ```

Relevant Code:

ivpn firewall -on
brew install roots/tap/trellis-cli
trellis new example.com
trellis vm start
trellis vm stop

# for extra info...
limactl start example.com --debug
limactl stop example.com --debug

I have cross-posted this issue with lima here: https://github.com/lima-vm/lima/issues/1519

ivpn / desktop-app

Firewall doesn't allow limactl to work #278