Opened 6 years ago
Closed 6 years ago
#1025 closed Bug / Defect (fixed)
iOS: mobileconfig stops working after update to 1.2.8
Reported by: | miterra | Owned by: | Antonio Quartulli |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.8 |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hi,
Tested on iOS 9.x, 11.x with same behavior. When I try to connect manually the connection bar quickly (1 second) goes on and off. The application log is empty. Configured through profile with on-demand enabled. Everything was working on 1.2.7.
<plist version="1.0">
<dict>
<key>PayloadContent?</key>
<array>
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary?</key>
<integer>0</integer>
</dict>
<key>PayloadDisplayName?</key>
<string>VPN</string>
<key>PayloadIdentifier?</key>
<string>com.example.vpn.profile.vpn1</string>
<key>PayloadOrganization?</key>
<string>My Org</string>
<key>PayloadType?</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>C2006A76-5105-42FF-A65C-EBDD3E26C008</string>
<key>PayloadVersion?</key>
<integer>1</integer>
<key>Proxies</key>
<dict/>
<key>UserDefinedName?</key>
<string>My VPN</string>
<key>VPN</key>
<dict>
<key>AuthenticationMethod?</key>
<string>Certificate</string>
<key>RemoteAddress?</key>
<string>server.example.com</string>
<key>OnDemandEnabled?</key>
<integer>1</integer>
<key>OnDemandRules?</key>
<array>
<dict>
<key>Action</key>
<string>EvaluateConnection?</string>
<key>ActionParameters?</key>
<array>
<dict>
<key>Domains</key>
<array>
<string>mydomain.local</string>
</array>
<key>DomainAction?</key>
<string>ConnectIfNeeded?</string>
</dict>
</array>
</dict>
</array>
</dict>
<key>VPNSubType</key>
<string>net.openvpn.connect.app</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig?</key>
<dict>
<key>ca</key>
<string>OMITTED</string>
<key>key</key>
<string>OMITTED</string>
<key>cert</key>
<string>OMITTED</string>
<key>client</key>
<string>NOARGS</string>
<key>comp-lzo</key>
<string>yes</string>
<key>dev</key>
<string>tun</string>
<key>keepalive</key>
<string>10 120</string>
<key>key-direction</key>
<string>1</string>
<key>mute-replay-warnings</key>
<string>NOARGS</string>
<key>nobind</key>
<string>NOARGS</string>
<key>ns-cert-type</key>
<string>server</string>
<key>persist-key</key>
<string>NOARGS</string>
<key>persist-tun</key>
<string>NOARGS</string>
<key>remote</key>
<string>server.example.com 443 tcp</string>
<key>resolv-retry</key>
<string>infinite</string>
<key>tls-auth</key>
<string>OMITTED</string>
<key>verb</key>
<string>3</string>
</dict>
</dict>
</array>
<key>PayloadDescription?</key>
<string>VPN Profile</string>
<key>PayloadDisplayName?</key>
<string>VPN Profile</string>
<key>PayloadIdentifier?</key>
<string>com.example.ovpn.profile</string>
<key>PayloadOrganization?</key>
<string>My Org</string>
<key>PayloadRemovalDisallowed?</key>
<false/>
<key>PayloadType?</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>46C44F8D-681E-4E41-AB3C-543112AA78C2</string>
<key>PayloadVersion?</key>
<integer>1</integer>
</dict>
</plist>
Change History (13)
comment:1 Changed 6 years ago by
comment:2 Changed 6 years ago by
Yeah, tried re-deploying the profile with no luck. It did work before. If I remove AuthenticationMethod? pair it's not even allowing me to install the profile.
Tried with P12 bundle and it works. Somehow the OpenVPN inline key and certificate thing is broken.
comment:3 Changed 6 years ago by
Not sure how it worked before with AuthenticationMethod? set to Certificate, but no CertificatePayload?. When using inline key/cert only, the method should be set to Password. But I will retest to be sure
comment:5 Changed 6 years ago by
As a test, could you please check if it matches the example here: https://docs.openvpn.net/connecting/connecting-to-access-server-with-apple-ios/provisioning-profile-example-1/
Thanks!
comment:6 Changed 6 years ago by
Summary: | iOS: OpenVPN Connect stops working after update to 1.2.8 → iOS: mobileconfig stops working after update to 1.2.8 |
---|
comment:7 Changed 6 years ago by
Sorry for the delay. Just to confirm the example configuration you've mentioned is NOT working either.
comment:8 Changed 6 years ago by
Other people just reported the example worked fine. Interesting. Are you getting some error? What's the exact symptom?
comment:9 Changed 6 years ago by
Same as described before. The connection bar (when you tap on VPN) goes on and off very quickly. Some users reported it works with iOS 10.x. I don't have iOS 10.x devices on hand so I cannot test. For now I have 2 devices with 9.3.5 and 11.1.2 which behave identically.
comment:10 follow-up: 12 Changed 6 years ago by
I just want to be sure I understand the issue: when you say "connection bar", do you mean the connect toggle/button?
Is it possible to post (also on a pastebin website) the *current* mobileconfig you are using so we can try to test here? As I said this is working for several users now, therefore I guess there is something we are overlooking now.
comment:11 Changed 6 years ago by
Got some updates here. When trying your example I didn't even go to OpenVPN Connect app (I usually connect from iOS settings) so I did it now and from there I was able to connect. Connecting from Settings->VPN still does not work. As my configuration is a VoD it does not allow me to connect from the app. Also, when I added <key>vpn-on-demand</key> set to 0 in my configuration I was able to connect from the app and again not from iOS Settings. VoD itself does not work as well.
comment:12 Changed 6 years ago by
Replying to ordex:
I just want to be sure I understand the issue: when you say "connection bar", do you mean the connect toggle/button?
Yes.
comment:13 Changed 6 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
mobileconfigs should finally work as expected (like before 1.2.x series) now.
Feel free to open a new bug if something is still off.
have you tried reinstalling the certificate? I am not sure how this can work with:
but no certificate payload at all. 1.2.8 currently supports the original format with the p12 bundle (CertificatePayload?) directly injected in your ProvisioningProfile?.