From: Miguel Arroz <miguel.arroz@gmail.com>
To: stunnel@attglobal.net, "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Anatoli <me@anatoli.ws>,
WireGuard mailing list <wireguard@lists.zx2c4.com>,
Roopesh Chander S <roop@roopc.net>
Subject: Re: WireGuard Configurations Gone After iOS 15 Upgrade
Date: Wed, 22 Sep 2021 09:50:29 -0700 [thread overview]
Message-ID: <DA133F84-7C21-4234-97DB-FFEDF79D1607@gmail.com> (raw)
In-Reply-To: <96bcc87f-7de1-05a4-641a-27ffac7b052d@attglobal.net>
Hi,
I have two devices upgraded to iOS 15, an iPhone and iPad. Both had a tunnel configured with on-demand set. The behaviour was the same on both: the tunnel worked, but the app couldn’t show information, the exact way Eddie described. When I click the Edit button, I see all the fields blank, and the peer is gone, just like if I was creating a new configuration from scratch.
I tried the following on the iPhone:
- Turned the tunnel off using the switch in the app. As soon as it tried to turn itself on again (due to the on-demand flag), it showed an error and the tunnel could not be brought back up (I don’t remember the exact wording of the error alert).
- I deleted the tunnel configuration, and created one from scratch. Everything is working now. The tunnel works, and the app can read the configuration. I rebooted the iPhone to make sure it could reload everything afterwards, and it did.
I still have the iPad in the original state.
The log is essentially a repetition of the following line: "Unable to open config from keychain: -25300”.
I’m not sure if a local build made by me would help debugging this, as if I recall correctly from the Keychain API, the app group key (kSecAttrAccessGroup) is dependent on the team and bundle IDs (enforced by the code signing and runtime verification process), so I doubt I can build something that will be able to access the keychain that is already there. The only valid test would be building and installing it on iOS 14 and then upgrading to iOS 15, or distributing a beta version using TestFlight using the official team ID.
Regards,
Miguel Arroz
> On Sep 22, 2021, at 8:23 AM, Eddie <stunnel@attglobal.net> wrote:
>
> On 9/21/2021 9:50 PM, Jason A. Donenfeld wrote:
>> Hi,
>>
>> I'm not able to reproduce the bug quite yet, but I'd like to get a
>> better idea of what the bug is. Can you confirm that after reimporting
>> configs into iOS 15, they work just fine? And the issue is just in the
>> 14->15 flow? If this is correct, I see two issues:
> I haven't tried re-importing anything yet, in case you needed more information before trying that.
>> 1. Something goes wrong with the keychain from 14->15 and the app
>> loses authorization.
>>
>> 2. When the app can't open a keychain item, it deletes the VPN
>> profile? Or does it just gray it out? If it's deleting it, that's
>> wrong; it ought to just remain disabled until it's readable again.
> If I select one of the tunnels, all I see on the "Edit" page is the status slider and the on demand status. The section under INTERFACE is completely missing. Selecting Edit brings up the screen you would see when creating a new tunnel, with all parameters showing (in grey) Required, Automatic, Optional, etc. There are no values from the original configuration shown.
>> Jason
>>
next prev parent reply other threads:[~2021-09-22 16:52 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 0:23 Eddie
2021-09-22 0:28 ` Eddie
2021-09-22 0:45 ` Miguel Arroz
2021-09-22 3:14 ` Jason A. Donenfeld
2021-09-22 4:04 ` Anatoli
2021-09-22 4:50 ` Jason A. Donenfeld
2021-09-22 5:17 ` Jason A. Donenfeld
[not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com>
2021-09-22 13:59 ` Jason A. Donenfeld
2021-09-22 14:47 ` Andrew Fried
2021-09-22 15:23 ` Eddie
2021-09-22 16:50 ` Miguel Arroz [this message]
2021-09-22 19:28 ` Jason A. Donenfeld
2021-09-22 19:58 ` Jeffrey Walton
2021-09-22 22:15 ` Jason A. Donenfeld
2021-09-22 22:31 ` Miguel Arroz
2021-09-22 22:35 ` Jason A. Donenfeld
2021-09-22 22:42 ` Miguel Arroz
2021-09-22 22:43 ` Jason A. Donenfeld
2021-09-22 22:45 ` Eddie
2021-09-22 22:55 ` Eddie
2021-09-22 22:55 ` Jason A. Donenfeld
[not found] ` <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net>
[not found] ` <CAHmME9p5C3bGT=gXV6WQ5HNOBTtitXdGwKm7EaOv_bnVVvX5vA@mail.gmail.com>
2021-09-22 22:56 ` Eddie
2021-09-23 1:34 ` Jason A. Donenfeld
2021-09-23 2:49 ` Jason A. Donenfeld
2021-09-23 2:54 ` Miguel Arroz
2021-09-23 3:06 ` Miguel Arroz
2021-09-23 3:09 ` Jason A. Donenfeld
2021-09-23 3:19 ` Miguel Arroz
2021-09-23 3:22 ` Jason A. Donenfeld
2021-09-23 3:57 ` Jason A. Donenfeld
2021-09-23 4:13 ` Jason A. Donenfeld
2021-09-23 4:21 ` Miguel Arroz
2021-09-23 14:41 ` Anatoli
2021-09-23 17:26 ` Jason A. Donenfeld
2021-09-24 2:17 ` Jason A. Donenfeld
2021-09-24 8:05 ` Alan Graham
2021-09-22 22:24 ` Anatoli
2021-09-22 22:26 ` Jason A. Donenfeld
2021-09-22 23:12 ` Anatoli
2021-09-22 23:53 ` Alan Graham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DA133F84-7C21-4234-97DB-FFEDF79D1607@gmail.com \
--to=miguel.arroz@gmail.com \
--cc=Jason@zx2c4.com \
--cc=me@anatoli.ws \
--cc=roop@roopc.net \
--cc=stunnel@attglobal.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).