-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File generation incorrect for: mobileconfig for DNS-over-TLS #2352
Comments
The information there may be ambiguous. For instance, you may use a wildcard certificate and keep the "server name" empty. |
True, that is a fair point! |
We do need to move away from this silly autodetection mechanism, but the bug in the original post can be fixed quicker. @EugeneOne1 should be able to do that this week. As for a better mechanism, we need to think about
it. For now we probably will fallback
to the |
Respond like that if we can't find a way to detect the server name. |
Yes, that's what I meant as well, thanks for clarifying. |
I'll close this issue for now. Please feel free to open a new one if you think there are more issues. |
Issue Details
Expected Behavior
File generation for .mobileconfig DNS-over-TLS to be successful.
Actual Behavior
In the web interface followed these steps: Setup Guide -> DNS Privacy -> Download .mobileconfig for DNS-over-TLS
The
dot.mobileconfig
file that was generated & downloaded is not a valid xml file or recognised by iOS for import.Having a closer look, the top line of the generated file
dot.mobileconfig
it includes an error messagegetting host: address xxx: missing port in address
, top 3 lines of my generated file are as follows:Additionally under the array for section
<key>PayloadContent</key>
there is no<key>ServerName</key>
or associated<string>
as you would expect.Additional Information
Based on the behaviour I have observed, the generation of the mobileconfig files tries to automatically detect hostname, IP, port based on the hostname/port that you use to access the web management interface.
For example, on my VM I have a "management" IP & http port that I mostly use to manage it as opposed to the public hostname over https, if I access the web interface via that "mangement" IP address I will get different contents in
doh.mobileconfig
.To generate a correct
doh.mobileconfig
I needed to do this from the "public" hostname so that the details in the file are correct.Back to this issue for DOT, I have tried to generate the file when accessing the web interfaces on both http and https ports, using the public hostname and IP, as well as the private management IP, in all cases I get the
missing port in address
error.My guess is that it might be easier to move away from auto detection for the generating values for these config files, an option might be to use the details for server name and port from "Settings -> Encryption settings"?
If you need any further information please let me know!
The text was updated successfully, but these errors were encountered: