lima-vm port fowarding hang

[RouxAntoine]

Description

Hello I try to debug a docker port forward through docker -> lima-vm -> mac os host

My docker is setup with lima-vm (vmType: vz, limactl version 1.2.1)
The container is a vault container.
The docker run command is:

docker run --cap-add=IPC_LOCK -d --name=vault -e VAULT_LOG_LEVEL=DEBUG -e VAULT_DEV_ROOT_TOKEN_ID="local-root-token" -p 8200:8200 --network $(docker inspect cluster-dev-control-plane --format '{{ .NetworkSettings.Networks.kind.NetworkID }}') hashicorp/vault:1.20.4

For an amount of times accessing to the IHM on 127.0.0.1:8200 works, but after some standby time the error message The connection was reset appeared

Do you have any clue to debug this behaviour ?

my debug attempt:

• reboot mac
• restart lima vm
  limactl factory-reset

from the mac os host

when the vm start logs contained ERRO[0041] [hostagent] failed to accept TCP connection: accept tcp 127.0.0.1:6443: use of closed network connection
but accessing https://localhost:6443/.well-known/openid-configuration (perfectly works)

$ sudo lsof -i -P | grep LISTEN | grep 8200
limactl   22808        ANTOINE   17u  IPv4 0xfd95f35c062e1e19      0t0  TCP localhost:8200 (LISTEN)
limactl   22808        ANTOINE   19u  IPv4 0xf9c54f64a30135ff      0t0  TCP localhost:8200 (LISTEN)

$ nc -v 127.0.0.1 8200
Connection to 127.0.0.1 port 8200 [tcp/trivnet1] succeeded!

$ vault status
Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": EOF

from into the lima's vm

$ sudo ss -lnp | grep 8200
tcp   LISTEN 0      4096                                        0.0.0.0:8200             0.0.0.0:*    users:(("rootlesskit",pid=4172,fd=3))                             
tcp   LISTEN 0      4096                                           [::]:8200                [::]:*    users:(("rootlesskit",pid=4172,fd=9))

$ vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
...

$ sudo journalctl -u lima-guestagent
Feb 02 23:24:02 lima-default systemd[1]: Started lima-guestagent.
Feb 02 23:24:02 lima-default systemd[1]: Stopping lima-guestagent...
Feb 02 23:24:02 lima-default systemd[1]: lima-guestagent.service: Deactivated successfully.
Feb 02 23:24:02 lima-default systemd[1]: Stopped lima-guestagent.
Feb 02 23:24:02 lima-default systemd[1]: Started lima-guestagent.
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="event tick: 3s"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="Enabling auditing"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="Auditing enabled (0)"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="serving the guest agent on vsock port: 2222"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="setWorthCheckingIPTablesRoutine(): monitoring netfilter audit events"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="Monitoring kubernetes services"
Feb 02 23:24:02 lima-default lima-guestagent[1723]: time="2026-02-02T23:24:02+01:00" level=info msg="fixSystemTimeSkew(): monitoring system time skew"

$ systemctl status lima-guestagent.service 
_ lima-guestagent.service - lima-guestagent
     Loaded: loaded (/etc/systemd/system/lima-guestagent.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2026-02-02 23:24:02 CET; 7min ago
   Main PID: 1723 (lima-guestagent)
      Tasks: 8 (limit: 4608)
     Memory: 8.7M
        CPU: 911ms
     CGroup: /system.slice/lima-guestagent.service
             └─1723 /usr/local/bin/lima-guestagent daemon --vsock-port 2222