Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Support for auth-key, tags, accept-routes via MDM and Managed App Configuration profiles #1572

Open
darshinimashar opened this issue Mar 24, 2021 · 13 comments
Open

FR: Support for auth-key, tags, accept-routes via MDM and Managed App Configuration profiles #1572

darshinimashar opened this issue Mar 24, 2021 · 13 comments
Labels
fr Feature request L3 Some users Likelihood mdm Fleet management OS-ios P2 Aggravating Priority level T0 New feature Issue type

Comments

@darshinimashar
Copy link

Support setting configuration values (e.g., auth-key, tags, accept-routes) via Managed App Configuration profiles on iOS devices that are managed through an MDM.

The customer use case is deploying Tailscale to iPads via Itune and having them configured and automatically connect to our network via a pre-generated auth-key.
@DentonGentry DentonGentry added L3 Some users Likelihood P2 Aggravating Priority level T0 New feature Issue type labels Mar 24, 2021
@DentonGentry
Copy link
Contributor

There is work going on to fix support for MDM profiles in the iOS and MacOS builds, which would be a first step.

@DentonGentry
Copy link
Contributor

Since this bug was filed, profile support was added to the macOS app to set the control server URL (but not the other requested fields like tags). iOS profile support isn't working yet.

This was referenced Mar 27, 2022
Closed
Closed
@canselcik
Copy link

@DentonGentry Thank you for keeping the FRs on this organized. This seems to be the main one so I'll ask here: what's the timeline you have in mind for the iOS app MDM support for configuring the control server URL? Any blockers on this like AppStore rules or some security concerns?

@DentonGentry
Copy link
Contributor

I promise that we will update the bug when progress is made. It is not currently being worked on. I understand that you want this support, but polling for status is not useful.

@JulienMalka

This comment was marked as duplicate.

Sign in to view
@DentonGentry DentonGentry added the fr Feature request label May 7, 2022
@DentonGentry DentonGentry changed the title Support to setting configuration values via Managed App Configuration profiles. FR: Support to setting configuration values via Managed App Configuration profiles. May 7, 2022
@DentonGentry DentonGentry changed the title FR: Support to setting configuration values via Managed App Configuration profiles. FR: iOS support for MDM and Managed App Configuration profiles Jul 10, 2022
@nmr94

This comment was marked as duplicate.

Sign in to view
@DentonGentry DentonGentry added the mdm Fleet management label Sep 9, 2023
@mrbluecoat
Copy link

One step closer... https://tailscale.com/kb/1286/macos-mdm/

Thanks Tailscale!

@agottardo
Copy link
Contributor

agottardo commented Oct 31, 2023
edited

The control server URL, along with many other settings, is now customizable using MDM on iOS as well: https://tailscale.com/kb/1315/mdm-keys/

@adipierro
Copy link

I can't find iOS configuration profile PayloadIdentifier anywhere in docs, although Tailscale on iOS definitely supports configuration via MDM according to this page. Could you please add PayloadIdentifier somewhere for reference?

@DentonGentry
Copy link
Contributor

https://tailscale.com/kb/1286/macos-mdm ?

@agottardo
Copy link
Contributor

I can't find iOS configuration profile PayloadIdentifier anywhere in docs, although Tailscale on iOS definitely supports configuration via MDM according to this page. Could you please add PayloadIdentifier somewhere for reference?

Most things on the KB topic that @DentonGentry linked to will work just fine on iOS. Just replace "macos" in any identifier with "ios".

@Epaphroditus
Copy link

Epaphroditus commented Jan 7, 2024
edited

I used Zoho's MDM to push the ios app along with this configuration file like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
                <dict>
                        <key>AllowIncomingConnections</key>
                        <string>always</string>
                        <key>ExitNodeAllowLANAccess</key>
                        <string>always</string>
                        <key>ExitNodeID</key>
                        <string>n2znPWb4AY11CNTRL</string>
                        <key>ExitNodesPicker</key>
                        <string>hide</string>
                        <key>ForceEnabled</key>
                        <true/>
                        <key>ManageTailnetLock</key>
                        <string>show</string>
                        <key>ManagedByOrganizationName</key>
                        <string>Epaphroditus Home Lab</string>
                        <key>PayloadDisplayName</key>
                        <string>Tailscale (MAS) #1</string>
                        <key>PayloadIdentifier</key>
                        <string>io.tailscale.ipn.ios.3DBA29B4-2D48-4B7F-9909-B7F85E8B68F0</string>
                        <key>PayloadType</key>
                        <string>io.tailscale.ipn.ios</string>
                        <key>PayloadUUID</key>
                        <string>FF453129-1F60-4AE7-90A3-229809ACCEBC</string>
                        <key>PayloadVersion</key>
                        <integer>1</integer>
                        <key>TailscaleStartOnLogin</key>
                        <true/>
                        <key>UpdateMenu</key>
                        <string>show</string>
                        <key>UseTailscaleDNSSettings</key>
                        <string>always</string>
                        <key>UseTailscaleSubnets</key>
                        <string>always</string>
                </dict>
</plist>

@agottardo agottardo changed the title FR: iOS support for MDM and Managed App Configuration profiles FR: Support for auth-key, tags, accept-routes via MDM and Managed App Configuration profiles Apr 10, 2024
@agottardo
Copy link
Contributor

Documentation on MDM for iOS is now up at https://tailscale.com/kb/1380/ios-mdm

I retitled this issue to specifically track support for auth keys, tags and accept-routes using MDM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fr Feature request L3 Some users Likelihood mdm Fleet management OS-ios P2 Aggravating Priority level T0 New feature Issue type
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@mrbluecoat @DentonGentry @JulienMalka @canselcik @agottardo @darshinimashar @adipierro @nmr94 @Epaphroditus