* WireGuard Configurations Gone After iOS 15 Upgrade @ 2021-09-22 0:23 Eddie 2021-09-22 0:28 ` Eddie 2021-09-22 3:14 ` Jason A. Donenfeld 0 siblings, 2 replies; 40+ messages in thread From: Eddie @ 2021-09-22 0:23 UTC (permalink / raw) To: WireGuard mailing list Title says it all. On both iPhone and iPad. The configuration names still show, with the slider, but trying to activate gives: Activation failure. Unable to retrieve tunnel information from the saved configuration. Selecting a tunnel name doesn't show any configuration. Cheers. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 0:23 WireGuard Configurations Gone After iOS 15 Upgrade Eddie @ 2021-09-22 0:28 ` Eddie 2021-09-22 0:45 ` Miguel Arroz 2021-09-22 3:14 ` Jason A. Donenfeld 1 sibling, 1 reply; 40+ messages in thread From: Eddie @ 2021-09-22 0:28 UTC (permalink / raw) To: wireguard On 9/21/2021 5:23 PM, Eddie wrote: > Title says it all. On both iPhone and iPad. > > The configuration names still show, with the slider, but trying to > activate gives: Activation failure. Unable to retrieve tunnel > information from the saved configuration. > > Selecting a tunnel name doesn't show any configuration. > > Cheers. Quick update. The log shows: [APP] Unable to open config from keychain:- 25300 Cheers. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 0:28 ` Eddie @ 2021-09-22 0:45 ` Miguel Arroz 0 siblings, 0 replies; 40+ messages in thread From: Miguel Arroz @ 2021-09-22 0:45 UTC (permalink / raw) To: stunnel; +Cc: wireguard Hi, I’m seeing the same problem in the app, but the tunnel does work. Its on-demand flag is set, so maybe the network extension is able to find the item in the keychain, but the app is not. Regards, Miguel Arroz > On Sep 21, 2021, at 5:28 PM, Eddie <stunnel@attglobal.net> wrote: > > On 9/21/2021 5:23 PM, Eddie wrote: >> Title says it all. On both iPhone and iPad. >> >> The configuration names still show, with the slider, but trying to activate gives: Activation failure. Unable to retrieve tunnel information from the saved configuration. >> >> Selecting a tunnel name doesn't show any configuration. >> >> Cheers. > > Quick update. > > The log shows: [APP] Unable to open config from keychain:- 25300 > > Cheers. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 0:23 WireGuard Configurations Gone After iOS 15 Upgrade Eddie 2021-09-22 0:28 ` Eddie @ 2021-09-22 3:14 ` Jason A. Donenfeld 2021-09-22 4:04 ` Anatoli 1 sibling, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 3:14 UTC (permalink / raw) To: Eddie; +Cc: WireGuard mailing list, Roopesh Chander S Hi Eddie, On Tue, Sep 21, 2021 at 6:26 PM Eddie <stunnel@attglobal.net> wrote: > > Title says it all. On both iPhone and iPad. > > The configuration names still show, with the slider, but trying to > activate gives: Activation failure. Unable to retrieve tunnel > information from the saved configuration. > > Selecting a tunnel name doesn't show any configuration. Thanks for the report. I had seen murmurs of this on IRC and Reddit too. This post [1] mentions that they just get deleted... I'm decrustifying my Apple setup, updating phones and macOS and Xcode and will hopefully have a patch out soon enough, and then hopefully not too rough of a time with the dreaded app store review process. I'm also CCing Roopesh who might be able to whip something up faster than me. Jason [1] https://www.reddit.com/r/WireGuard/comments/prhb3k/ios_15_released_on_monday/ ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 3:14 ` Jason A. Donenfeld @ 2021-09-22 4:04 ` Anatoli 2021-09-22 4:50 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Anatoli @ 2021-09-22 4:04 UTC (permalink / raw) To: wireguard Hi All, Same here. After recreating the tunnel from scratch and activating it, the tunnel is established, the server sees the handshake, but the iPhone doesn't have any connectivity, can't connect to anywhere while the tunnel is activated. After turning it off, internet starts working again. I guess the problems is not just the configs not being re-imported. Regards, Anatoli On 22/9/21 00:14, Jason A. Donenfeld wrote: > Hi Eddie, > > On Tue, Sep 21, 2021 at 6:26 PM Eddie <stunnel@attglobal.net> wrote: >> >> Title says it all. On both iPhone and iPad. >> >> The configuration names still show, with the slider, but trying to >> activate gives: Activation failure. Unable to retrieve tunnel >> information from the saved configuration. >> >> Selecting a tunnel name doesn't show any configuration. > > Thanks for the report. I had seen murmurs of this on IRC and Reddit > too. This post [1] mentions that they just get deleted... I'm > decrustifying my Apple setup, updating phones and macOS and Xcode and > will hopefully have a patch out soon enough, and then hopefully not > too rough of a time with the dreaded app store review process. I'm > also CCing Roopesh who might be able to whip something up faster than > me. > > Jason > > [1] https://www.reddit.com/r/WireGuard/comments/prhb3k/ios_15_released_on_monday/ > ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 4:04 ` Anatoli @ 2021-09-22 4:50 ` Jason A. Donenfeld 2021-09-22 5:17 ` Jason A. Donenfeld 2021-09-22 15:23 ` Eddie 0 siblings, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 4:50 UTC (permalink / raw) To: Anatoli, Eddie; +Cc: WireGuard mailing list, Roopesh Chander S Hi, I'm not able to reproduce the bug quite yet, but I'd like to get a better idea of what the bug is. Can you confirm that after reimporting configs into iOS 15, they work just fine? And the issue is just in the 14->15 flow? If this is correct, I see two issues: 1. Something goes wrong with the keychain from 14->15 and the app loses authorization. 2. When the app can't open a keychain item, it deletes the VPN profile? Or does it just gray it out? If it's deleting it, that's wrong; it ought to just remain disabled until it's readable again. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 4:50 ` Jason A. Donenfeld @ 2021-09-22 5:17 ` Jason A. Donenfeld [not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com> 2021-09-22 14:47 ` Andrew Fried 2021-09-22 15:23 ` Eddie 1 sibling, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 5:17 UTC (permalink / raw) To: Anatoli, Eddie; +Cc: WireGuard mailing list, Roopesh Chander S On Tue, Sep 21, 2021 at 10:50 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > 2. When the app can't open a keychain item, it deletes the VPN > profile? Or does it just gray it out? If it's deleting it, that's > wrong; it ought to just remain disabled until it's readable again. This is now fixed with https://w-g.pw/l/dteZ > 1. Something goes wrong with the keychain from 14->15 and the app > loses authorization. This I still have no idea about, as I can't reproduce the issue. It would be useful to know if it's transient, and so the fix to (2) above basically handles the issue by not blowing away the VPN profile. If somebody's got a reliable reproduction rig and can build this in xcode, I'd be interested in feedback here on what's in the master branch. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
[parent not found: <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com>]
* Re: WireGuard Configurations Gone After iOS 15 Upgrade [not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com> @ 2021-09-22 13:59 ` Jason A. Donenfeld 0 siblings, 0 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 13:59 UTC (permalink / raw) To: Reid Rankin Cc: Anatoli, Eddie, patate.cosmique, Roopesh Chander S, WireGuard mailing list Hi Reid, Thanks for the confirmation. Do you think you (and whoever else is experiencing this) could send me the logs from the app? You can send them off list if you're worried about private data in there. Thanks, Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 5:17 ` Jason A. Donenfeld [not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com> @ 2021-09-22 14:47 ` Andrew Fried 1 sibling, 0 replies; 40+ messages in thread From: Andrew Fried @ 2021-09-22 14:47 UTC (permalink / raw) To: wireguard I ran into the same problem on my iPhone and 4 separate iPads. The solution: delete the wireguard app, then re-download it from the app store. Problem solved. Andrew On 9/22/21 1:17 AM, Jason A. Donenfeld wrote: > On Tue, Sep 21, 2021 at 10:50 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: >> 2. When the app can't open a keychain item, it deletes the VPN >> profile? Or does it just gray it out? If it's deleting it, that's >> wrong; it ought to just remain disabled until it's readable again. > > This is now fixed with https://w-g.pw/l/dteZ > >> 1. Something goes wrong with the keychain from 14->15 and the app >> loses authorization. > > This I still have no idea about, as I can't reproduce the issue. It > would be useful to know if it's transient, and so the fix to (2) above > basically handles the issue by not blowing away the VPN profile. If > somebody's got a reliable reproduction rig and can build this in > xcode, I'd be interested in feedback here on what's in the master > branch. > > Jason > -- Andrew Fried afried@spamteq.com +1.703.667.4050 Office +1.703.362.0067 Mobile ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 4:50 ` Jason A. Donenfeld 2021-09-22 5:17 ` Jason A. Donenfeld @ 2021-09-22 15:23 ` Eddie 2021-09-22 16:50 ` Miguel Arroz 1 sibling, 1 reply; 40+ messages in thread From: Eddie @ 2021-09-22 15:23 UTC (permalink / raw) To: Jason A. Donenfeld, Anatoli; +Cc: WireGuard mailing list, Roopesh Chander S On 9/21/2021 9:50 PM, Jason A. Donenfeld wrote: > Hi, > > I'm not able to reproduce the bug quite yet, but I'd like to get a > better idea of what the bug is. Can you confirm that after reimporting > configs into iOS 15, they work just fine? And the issue is just in the > 14->15 flow? If this is correct, I see two issues: I haven't tried re-importing anything yet, in case you needed more information before trying that. > 1. Something goes wrong with the keychain from 14->15 and the app > loses authorization. > > 2. When the app can't open a keychain item, it deletes the VPN > profile? Or does it just gray it out? If it's deleting it, that's > wrong; it ought to just remain disabled until it's readable again. If I select one of the tunnels, all I see on the "Edit" page is the status slider and the on demand status. The section under INTERFACE is completely missing. Selecting Edit brings up the screen you would see when creating a new tunnel, with all parameters showing (in grey) Required, Automatic, Optional, etc. There are no values from the original configuration shown. > Jason > ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 15:23 ` Eddie @ 2021-09-22 16:50 ` Miguel Arroz 2021-09-22 19:28 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Miguel Arroz @ 2021-09-22 16:50 UTC (permalink / raw) To: stunnel, Jason A. Donenfeld Cc: Anatoli, WireGuard mailing list, Roopesh Chander S Hi, I have two devices upgraded to iOS 15, an iPhone and iPad. Both had a tunnel configured with on-demand set. The behaviour was the same on both: the tunnel worked, but the app couldn’t show information, the exact way Eddie described. When I click the Edit button, I see all the fields blank, and the peer is gone, just like if I was creating a new configuration from scratch. I tried the following on the iPhone: - Turned the tunnel off using the switch in the app. As soon as it tried to turn itself on again (due to the on-demand flag), it showed an error and the tunnel could not be brought back up (I don’t remember the exact wording of the error alert). - I deleted the tunnel configuration, and created one from scratch. Everything is working now. The tunnel works, and the app can read the configuration. I rebooted the iPhone to make sure it could reload everything afterwards, and it did. I still have the iPad in the original state. The log is essentially a repetition of the following line: "Unable to open config from keychain: -25300”. I’m not sure if a local build made by me would help debugging this, as if I recall correctly from the Keychain API, the app group key (kSecAttrAccessGroup) is dependent on the team and bundle IDs (enforced by the code signing and runtime verification process), so I doubt I can build something that will be able to access the keychain that is already there. The only valid test would be building and installing it on iOS 14 and then upgrading to iOS 15, or distributing a beta version using TestFlight using the official team ID. Regards, Miguel Arroz > On Sep 22, 2021, at 8:23 AM, Eddie <stunnel@attglobal.net> wrote: > > On 9/21/2021 9:50 PM, Jason A. Donenfeld wrote: >> Hi, >> >> I'm not able to reproduce the bug quite yet, but I'd like to get a >> better idea of what the bug is. Can you confirm that after reimporting >> configs into iOS 15, they work just fine? And the issue is just in the >> 14->15 flow? If this is correct, I see two issues: > I haven't tried re-importing anything yet, in case you needed more information before trying that. >> 1. Something goes wrong with the keychain from 14->15 and the app >> loses authorization. >> >> 2. When the app can't open a keychain item, it deletes the VPN >> profile? Or does it just gray it out? If it's deleting it, that's >> wrong; it ought to just remain disabled until it's readable again. > If I select one of the tunnels, all I see on the "Edit" page is the status slider and the on demand status. The section under INTERFACE is completely missing. Selecting Edit brings up the screen you would see when creating a new tunnel, with all parameters showing (in grey) Required, Automatic, Optional, etc. There are no values from the original configuration shown. >> Jason >> ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 16:50 ` Miguel Arroz @ 2021-09-22 19:28 ` Jason A. Donenfeld 2021-09-22 19:58 ` Jeffrey Walton ` (2 more replies) 0 siblings, 3 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 19:28 UTC (permalink / raw) To: WireGuard mailing list; +Cc: Eddie, Anatoli, Roopesh Chander S, Miguel Arroz Hi all, I've got a new build submitted to the App Store, and so now we wait for Apple's review. I do not understand the root cause or how it might resolve itself yet, because I haven't been able to reproduce. But I've removed the ridiculous code that deletes network profiles when the keychain can't be opened. My hope is that the open failure is transient, and so this fix will be sufficient to unwedge it. I guess we'll see... Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 19:28 ` Jason A. Donenfeld @ 2021-09-22 19:58 ` Jeffrey Walton 2021-09-22 22:15 ` Jason A. Donenfeld 2021-09-22 22:24 ` Anatoli 2 siblings, 0 replies; 40+ messages in thread From: Jeffrey Walton @ 2021-09-22 19:58 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: WireGuard mailing list On Wed, Sep 22, 2021 at 3:31 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi all, > > I've got a new build submitted to the App Store, and so now we wait > for Apple's review. > > I do not understand the root cause or how it might resolve itself yet, > because I haven't been able to reproduce. But I've removed the > ridiculous code that deletes network profiles when the keychain can't > be opened. My hope is that the open failure is transient, and so this > fix will be sufficient to unwedge it. I guess we'll see... I recall reading a report last night... An app lost access to its keychain items after an iOS 15 upgrade. The workaround was to "Enable iCloud Keychain". I don't think that's a good idea, however. You don't want your secrets leaving your security boundary and moving to Apple's cloud. In fact, I stopped using Apple devices back around iOS 6 when Apple integrated the keychain into their cloud services. Jeff ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 19:28 ` Jason A. Donenfeld 2021-09-22 19:58 ` Jeffrey Walton @ 2021-09-22 22:15 ` Jason A. Donenfeld 2021-09-22 22:31 ` Miguel Arroz 2021-09-23 1:34 ` Jason A. Donenfeld 2021-09-22 22:24 ` Anatoli 2 siblings, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 22:15 UTC (permalink / raw) To: WireGuard mailing list; +Cc: Eddie, Anatoli, Roopesh Chander S, Miguel Arroz Hi again, A new app has been released for both iOS and macOS. Please test it out and let me know how it goes. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:15 ` Jason A. Donenfeld @ 2021-09-22 22:31 ` Miguel Arroz 2021-09-22 22:35 ` Jason A. Donenfeld 2021-09-23 1:34 ` Jason A. Donenfeld 1 sibling, 1 reply; 40+ messages in thread From: Miguel Arroz @ 2021-09-22 22:31 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S Hi Jason, After the update, when I launch the app on the iPad, the row in the tunnel list has a red background, and the first time I launched it, the switch started switching very quickly between connected and disconnected. Also, nothing at all shows on the right side when I click it (not even the empty sections that were appearing before, it’s just a blank view). The tunnel also got disconnected when I launched the app, and is not connecting any more. On the iPhone (where I had already recreated the tunnel), also after the update, everything seems fine. Regards, Miguel Arroz > On Sep 22, 2021, at 3:15 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi again, > > A new app has been released for both iOS and macOS. Please test it out > and let me know how it goes. > > Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:31 ` Miguel Arroz @ 2021-09-22 22:35 ` Jason A. Donenfeld 2021-09-22 22:42 ` Miguel Arroz 2021-09-22 22:45 ` Eddie 0 siblings, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 22:35 UTC (permalink / raw) To: Miguel Arroz; +Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S Hi Miguel, On Wed, Sep 22, 2021 at 4:31 PM Miguel Arroz <miguel.arroz@gmail.com> wrote: > After the update, when I launch the app on the iPad, the row in the tunnel list has a red background, and the first time I launched it, the switch started switching very quickly between connected and disconnected. Also, nothing at all shows on the right side when I click it (not even the empty sections that were appearing before, it’s just a blank view). The tunnel also got disconnected when I launched the app, and is not connecting any more. Is this on a fresh 14->15 transition? Or had you already loaded the old version on 15? The row turns red when it can't open the keychain reference. I'm curious whether that's because it was already deleted stupidly by the old version of the app during the 14->15 transition, or whether it's still there, but the new version of the app on 15 is unable to load it. Also, what happens if you twiddle the iCloud keychain setting? Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:35 ` Jason A. Donenfeld @ 2021-09-22 22:42 ` Miguel Arroz 2021-09-22 22:43 ` Jason A. Donenfeld 2021-09-22 22:45 ` Eddie 1 sibling, 1 reply; 40+ messages in thread From: Miguel Arroz @ 2021-09-22 22:42 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S Hey Jason, > On Sep 22, 2021, at 3:35 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Is this on a fresh 14->15 transition? Or had you already loaded the > old version on 15? > > The row turns red when it can't open the keychain reference. I'm > curious whether that's because it was already deleted stupidly by the > old version of the app during the 14->15 transition, or whether it's > still there, but the new version of the app on 15 is unable to load > it. I already had loaded the old version after installing iOS 15, so it probably was deleted, which is consistent with the red row. Unfortunately I don’t have any other iOS device, only those two that were upgraded to iOS 15 and ran the old Wireguard version already. > Also, what happens if you twiddle the iCloud keychain setting? The behaviour didn’t change, although it probably doesn’t mean anything given the above. Regards, Miguel Arroz ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:42 ` Miguel Arroz @ 2021-09-22 22:43 ` Jason A. Donenfeld 0 siblings, 0 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 22:43 UTC (permalink / raw) To: Miguel Arroz; +Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S Hi Miguel, Gotcha. It is interesting that those red rows weren't wiped out, though... I would think that with the old code, after two launches, they'd be removed... Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:35 ` Jason A. Donenfeld 2021-09-22 22:42 ` Miguel Arroz @ 2021-09-22 22:45 ` Eddie 2021-09-22 22:55 ` Eddie [not found] ` <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net> 1 sibling, 2 replies; 40+ messages in thread From: Eddie @ 2021-09-22 22:45 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: WireGuard mailing list, Anatoli, Roopesh Chander S On 9/22/2021 3:35 PM, Jason A. Donenfeld wrote: > Hi Miguel, > > On Wed, Sep 22, 2021 at 4:31 PM Miguel Arroz <miguel.arroz@gmail.com> wrote: >> After the update, when I launch the app on the iPad, the row in the tunnel list has a red background, and the first time I launched it, the switch started switching very quickly between connected and disconnected. Also, nothing at all shows on the right side when I click it (not even the empty sections that were appearing before, it’s just a blank view). The tunnel also got disconnected when I launched the app, and is not connecting any more. I see the same red backgrounds and empty details pane. > Is this on a fresh 14->15 transition? Or had you already loaded the > old version on 15? I had already upgraded all my devices, so can't verify the 14->15 upgrade. > The row turns red when it can't open the keychain reference. I'm > curious whether that's because it was already deleted stupidly by the > old version of the app during the 14->15 transition, or whether it's > still there, but the new version of the app on 15 is unable to load > it. > > Also, what happens if you twiddle the iCloud keychain setting? Sorry, as much as I like Apple, that's one part I'm not trusting to their cloud. > Jason > > ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:45 ` Eddie @ 2021-09-22 22:55 ` Eddie 2021-09-22 22:55 ` Jason A. Donenfeld [not found] ` <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net> 1 sibling, 1 reply; 40+ messages in thread From: Eddie @ 2021-09-22 22:55 UTC (permalink / raw) To: Jason A. Donenfeld, WireGuard mailing list On 9/22/2021 3:45 PM, Eddie wrote: > On 9/22/2021 3:35 PM, Jason A. Donenfeld wrote: >> Hi Miguel, >> >> On Wed, Sep 22, 2021 at 4:31 PM Miguel Arroz <miguel.arroz@gmail.com> >> wrote: >>> After the update, when I launch the app on the iPad, the row in >>> the tunnel list has a red background, and the first time I launched >>> it, the switch started switching very quickly between connected and >>> disconnected. Also, nothing at all shows on the right side when I >>> click it (not even the empty sections that were appearing before, >>> it’s just a blank view). The tunnel also got disconnected when I >>> launched the app, and is not connecting any more. > I see the same red backgrounds and empty details pane. Which now means I can't delete the broken tunnels. >> Is this on a fresh 14->15 transition? Or had you already loaded the >> old version on 15? > I had already upgraded all my devices, so can't verify the 14->15 upgrade. >> The row turns red when it can't open the keychain reference. I'm >> curious whether that's because it was already deleted stupidly by the >> old version of the app during the 14->15 transition, or whether it's >> still there, but the new version of the app on 15 is unable to load >> it. >> >> Also, what happens if you twiddle the iCloud keychain setting? > Sorry, as much as I like Apple, that's one part I'm not trusting to > their cloud. >> Jason >> >> > > > ---------------------------------------------------------------------- > This e-mail was checked for spam by the freeware edition of CleanMail. > The freeware edition is restricted to personal and non-commercial use. > You can remove this notice by purchasing a commercial license: > http://antispam.byteplant.com/products/cleanmail/index.html ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:55 ` Eddie @ 2021-09-22 22:55 ` Jason A. Donenfeld 0 siblings, 0 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 22:55 UTC (permalink / raw) To: Eddie; +Cc: WireGuard mailing list On Wed, Sep 22, 2021 at 4:55 PM Eddie <stunnel@attglobal.net> wrote: > On 9/22/2021 3:45 PM, Eddie wrote: > > I see the same red backgrounds and empty details pane. > Which now means I can't delete the broken tunnels. What happens when you slide the item over to reveal the delete button and then press it? ^ permalink raw reply [flat|nested] 40+ messages in thread
[parent not found: <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net>]
[parent not found: <CAHmME9p5C3bGT=gXV6WQ5HNOBTtitXdGwKm7EaOv_bnVVvX5vA@mail.gmail.com>]
* Re: WireGuard Configurations Gone After iOS 15 Upgrade [not found] ` <CAHmME9p5C3bGT=gXV6WQ5HNOBTtitXdGwKm7EaOv_bnVVvX5vA@mail.gmail.com> @ 2021-09-22 22:56 ` Eddie 0 siblings, 0 replies; 40+ messages in thread From: Eddie @ 2021-09-22 22:56 UTC (permalink / raw) To: Jason A. Donenfeld, WireGuard mailing list On 9/22/2021 3:54 PM, Jason A. Donenfeld wrote: > On Wed, Sep 22, 2021 at 4:53 PM Eddie <stunnel@attglobal.net> wrote: >> On 9/22/2021 3:45 PM, Eddie wrote: >>> On 9/22/2021 3:35 PM, Jason A. Donenfeld wrote: >>>> Hi Miguel, >>>> >>>> On Wed, Sep 22, 2021 at 4:31 PM Miguel Arroz <miguel.arroz@gmail.com> >>>> wrote: >>>>> After the update, when I launch the app on the iPad, the row in >>>>> the tunnel list has a red background, and the first time I launched >>>>> it, the switch started switching very quickly between connected and >>>>> disconnected. Also, nothing at all shows on the right side when I >>>>> click it (not even the empty sections that were appearing before, >>>>> it’s just a blank view). The tunnel also got disconnected when I >>>>> launched the app, and is not connecting any more. >>> I see the same red backgrounds and empty details pane. >> Which now means I can't delete the broken tunnels. > What happens when you slide the item over to reveal the delete button > and then press it? > Sorry 'bout not sending that to the list, corrected. Didn't know about that option :-( Which does work, thanks. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:15 ` Jason A. Donenfeld 2021-09-22 22:31 ` Miguel Arroz @ 2021-09-23 1:34 ` Jason A. Donenfeld 2021-09-23 2:49 ` Jason A. Donenfeld 2021-09-23 2:54 ` Miguel Arroz 1 sibling, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 1:34 UTC (permalink / raw) To: WireGuard mailing list Cc: Eddie, Anatoli, Roopesh Chander S, Miguel Arroz, Alan Graham, oss Hey folks, Small update: I've managed to update a fresh 14 device to 15 using the latest build, and things are broken still. On the plus side: - The new build no longer deletes VPN profiles when the corresponding keychain references are unresolvable, so if there's any chance of recovery in a next build, it won't ruin those chances. - Now that I can reproduce it, I can hammer away at trying to fix this directly. On the minus side: - The fact that a keychain reference goes stale during an update from 14 to 15 sounds solidly like an Apple bug, rather than any sort of API misuse. - I'm skeptical that there'll be a workaround, and if there is, it will probably be pretty ugly. If anyone knows the SecItem APIs well, the file in question is: https://git.zx2c4.com/wireguard-apple/tree/Sources/Shared/Keychain.swift So, I guess I'll jump into this in full force now. Here we go... Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 1:34 ` Jason A. Donenfeld @ 2021-09-23 2:49 ` Jason A. Donenfeld 2021-09-23 2:54 ` Miguel Arroz 1 sibling, 0 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 2:49 UTC (permalink / raw) To: WireGuard mailing list Cc: Eddie, Anatoli, Roopesh Chander S, Miguel Arroz, Alan Graham, oss Hi again, I'm afraid the situation is somewhat bad... It appears that iOS 15 has completely deleted the iOS 14's WireGUard keychain items, at least as far as the WireGuard app can see. I've yet to jailbreak or look at an image dump to see if it's still hiding somewhere, but it also doesn't matter, because from the app's perspective, the keychain appears totally empty. Digging in just on the surface, it looks like the keychain references from iOS 14 are something like "67656e7000000000000000f7", with that f7 incrementing, while the ones from iOS 15 are "67656e700167269751a94355a004bfa75f951cec" -- same prefix, but the suffix is longer and seemingly random. Did the migration from one format to the other go bad on upgrade? Did something else happen? I don't really know much yet about the guts of this bug, but it does seem like something is going on. We've never had any issues with the keychain being emptied between iOS versions before. So now we need to figure out what to do. I'm still holding out a tiny sliver of hope that there's a mistake somewhere and this can all be fixed by the app, but so far I've come up dry when looking around for that. What if this really is an iOS 15 bug? I'll report it to Apple, of course, but that doesn't help the immediate issue that people's configs are being deleted. The behavior is at least detectable, so I could detect the migration, delete all of the orphaned network profiles (as before), and pop up a message box (resembling a ransomware screen!) saying "Where Have All Your Configurations Gone?", followed by an apologetic explanation. That's kind of unsatisfactory, though. I'm all ears on other ideas if you've got any. And if any Apple developers are hanging out on this list and want to try their hand at a solution, that'd be much appreciated. (Plus, my entreaty from March [1] remains.) Jason [1] https://lists.zx2c4.com/pipermail/wireguard/2021-March/006455.html ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 1:34 ` Jason A. Donenfeld 2021-09-23 2:49 ` Jason A. Donenfeld @ 2021-09-23 2:54 ` Miguel Arroz 2021-09-23 3:06 ` Miguel Arroz 2021-09-23 3:09 ` Jason A. Donenfeld 1 sibling, 2 replies; 40+ messages in thread From: Miguel Arroz @ 2021-09-23 2:54 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi, (Now without HTML…) I never wrote code touching the Keychain on iOS, but did on macOS using the iOS behaviour (kSecUseDataProtectionKeychain set to true). There are two things in that class that I would look into: - Line 40: items[kSecAttrAccessGroup] = FileManager.appGroupId If I understand correctly, this ends up being "group.$(APP_ID_IOS)”. I’m a bit surprised this doesn’t need the Team ID before “group”, as it definitely needs that in macOS. - The openReference() function, because it’s not setting the same kSecAttrAccessGroup parameter when reading. The documentation mentions what happens when it’s not set (https://developer.apple.com/documentation/security/ksecattraccessgroup), I wonder if that changed (intentionally or due to a bug in iOS 15): > If you don’t explicitly set a group, keychain services defaults to the app’s first access group, which is either the first keychain access group, or the app ID when the app has no keychain groups. None of these explain why the tunnel keeps working after upgrading to iOS 15 (if the on-demand flag is set), as I would expect the Network Extension to hit the same problem, as it goes through the same Keychain code. But maybe the behaviour is slightly different than when it’s running through the app for some reason. It could explain why re-building the tunnels would work from then on (although then I would expect the extension to *not* be able to read them). So all this may be just a red herring. Hope it helps somehow. Regards, Miguel Arroz > On Sep 22, 2021, at 6:34 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hey folks, > > Small update: I've managed to update a fresh 14 device to 15 using the > latest build, and things are broken still. > > On the plus side: > - The new build no longer deletes VPN profiles when the corresponding > keychain references are unresolvable, so if there's any chance of > recovery in a next build, it won't ruin those chances. > - Now that I can reproduce it, I can hammer away at trying to fix this directly. > > On the minus side: > - The fact that a keychain reference goes stale during an update from > 14 to 15 sounds solidly like an Apple bug, rather than any sort of API > misuse. > - I'm skeptical that there'll be a workaround, and if there is, it > will probably be pretty ugly. > > If anyone knows the SecItem APIs well, the file in question is: > https://git.zx2c4.com/wireguard-apple/tree/Sources/Shared/Keychain.swift > > So, I guess I'll jump into this in full force now. Here we go... > > Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 2:54 ` Miguel Arroz @ 2021-09-23 3:06 ` Miguel Arroz 2021-09-23 3:09 ` Jason A. Donenfeld 1 sibling, 0 replies; 40+ messages in thread From: Miguel Arroz @ 2021-09-23 3:06 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Oops never mind the second one, I misread the documentation. Reading from the keychain without specifying the group should scan all groups… > On Sep 22, 2021, at 7:54 PM, Miguel Arroz <miguel.arroz@gmail.com> wrote: > > Hi, > > (Now without HTML…) > > I never wrote code touching the Keychain on iOS, but did on macOS using the iOS behaviour (kSecUseDataProtectionKeychain set to true). > > There are two things in that class that I would look into: > > - Line 40: items[kSecAttrAccessGroup] = FileManager.appGroupId > > If I understand correctly, this ends up being "group.$(APP_ID_IOS)”. I’m a bit surprised this doesn’t need the Team ID before “group”, as it definitely needs that in macOS. > > - The openReference() function, because it’s not setting the same kSecAttrAccessGroup parameter when reading. The documentation mentions what happens when it’s not set (https://developer.apple.com/documentation/security/ksecattraccessgroup), I wonder if that changed (intentionally or due to a bug in iOS 15): > >> If you don’t explicitly set a group, keychain services defaults to the app’s first access group, which is either the first keychain access group, or the app ID when the app has no keychain groups. > > None of these explain why the tunnel keeps working after upgrading to iOS 15 (if the on-demand flag is set), as I would expect the Network Extension to hit the same problem, as it goes through the same Keychain code. But maybe the behaviour is slightly different than when it’s running through the app for some reason. It could explain why re-building the tunnels would work from then on (although then I would expect the extension to *not* be able to read them). So all this may be just a red herring. > > Hope it helps somehow. > > Regards, > > Miguel Arroz > > > >> On Sep 22, 2021, at 6:34 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: >> >> Hey folks, >> >> Small update: I've managed to update a fresh 14 device to 15 using the >> latest build, and things are broken still. >> >> On the plus side: >> - The new build no longer deletes VPN profiles when the corresponding >> keychain references are unresolvable, so if there's any chance of >> recovery in a next build, it won't ruin those chances. >> - Now that I can reproduce it, I can hammer away at trying to fix this directly. >> >> On the minus side: >> - The fact that a keychain reference goes stale during an update from >> 14 to 15 sounds solidly like an Apple bug, rather than any sort of API >> misuse. >> - I'm skeptical that there'll be a workaround, and if there is, it >> will probably be pretty ugly. >> >> If anyone knows the SecItem APIs well, the file in question is: >> https://git.zx2c4.com/wireguard-apple/tree/Sources/Shared/Keychain.swift >> >> So, I guess I'll jump into this in full force now. Here we go... >> >> Jason > ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 2:54 ` Miguel Arroz 2021-09-23 3:06 ` Miguel Arroz @ 2021-09-23 3:09 ` Jason A. Donenfeld 2021-09-23 3:19 ` Miguel Arroz 1 sibling, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 3:09 UTC (permalink / raw) To: Miguel Arroz Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi Miguel, On Wed, Sep 22, 2021 at 8:54 PM Miguel Arroz <miguel.arroz@gmail.com> wrote: > If I understand correctly, this ends up being "group.$(APP_ID_IOS)”. I’m a bit surprised this doesn’t need the Team ID before “group”, as it definitely needs that in macOS. Indeed it's prefixed with the team on macOS, but IIRC that never worked on iOS. > - The openReference() function, because it’s not setting the same kSecAttrAccessGroup parameter when reading. The documentation mentions what happens when it’s not set (https://developer.apple.com/documentation/security/ksecattraccessgroup), I wonder if that changed (intentionally or due to a bug in iOS 15): > > > If you don’t explicitly set a group, keychain services defaults to the app’s first access group, which is either the first keychain access group, or the app ID when the app has no keychain groups. For setting, but for reading/updating, that page says: > By default, the SecItemUpdate, SecItemDelete, and SecItemCopyMatching > methods search all the app’s access groups. Add the kSecAttrAccessGroup > attribute to the query to limit the search to a particular group. So in theory, it should be fine to omit that in openReference(). Adding it in there also doesn't cause any changes, unfortunately. > None of these explain why the tunnel keeps working after upgrading to iOS 15 (if the on-demand flag is set Oh, I didn't realize that was happening. Are you *sure* about that? Is the tunnel actually working? Or is it on, but crashing? When I go to enable the tunnel from the system preferences view of it, it starts and then stops, indicating the network extension couldn't open the keychain ref either. And in the log, I see the [NET] process indeed failing in the same spot as the [APP] process. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 3:09 ` Jason A. Donenfeld @ 2021-09-23 3:19 ` Miguel Arroz 2021-09-23 3:22 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Miguel Arroz @ 2021-09-23 3:19 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi, > On Sep 22, 2021, at 8:09 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Oh, I didn't realize that was happening. Are you *sure* about that? Is > the tunnel actually working? Or is it on, but crashing? When I go to > enable the tunnel from the system preferences view of it, it starts > and then stops, indicating the network extension couldn't open the > keychain ref either. And in the log, I see the [NET] process indeed > failing in the same spot as the [APP] process. > > Jason Yeah, I’m 100% sure they were working fine after the update but before I launched the app and touched the on/off switch there. I only noticed the problem due to the emails here, as the tunnel itself was working smoothly (I only have one per device and it’s on-demand, so I rarely interact with the app itself). My initial assumption was, after iOS upgrade, the network extension was able to read the data to create the tunnel, but the app corrupted it as soon as I tried to turn the tunnel off through the app. Regards, Miguel Arroz ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 3:19 ` Miguel Arroz @ 2021-09-23 3:22 ` Jason A. Donenfeld 2021-09-23 3:57 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 3:22 UTC (permalink / raw) To: Miguel Arroz Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi Miguel, On Wed, Sep 22, 2021 at 9:19 PM Miguel Arroz <miguel.arroz@gmail.com> wrote: > Yeah, I’m 100% sure they were working fine after the update but before I launched the app and touched the on/off switch there. Interesting... Alright then, new theory: the keychain references are accessible in the old 12-byte format, but are presented when iterating in the new 20-byte format. The deleteReferences(except: refs) function iterates through all, removes everything in the except list, and then deletes what remains. If the iteration reference doesn't match with the except reference, despite pointing to the same object, then it'll delete them incorrectly. ...restoring to iOS 14 now to test that theory. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 3:22 ` Jason A. Donenfeld @ 2021-09-23 3:57 ` Jason A. Donenfeld 2021-09-23 4:13 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 3:57 UTC (permalink / raw) To: Miguel Arroz Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi Miguel, On Wed, Sep 22, 2021 at 9:22 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > Interesting... Alright then, new theory: the keychain references are > accessible in the old 12-byte format, but are presented when iterating > in the new 20-byte format. The deleteReferences(except: refs) function > iterates through all, removes everything in the except list, and then > deletes what remains. If the iteration reference doesn't match with > the except reference, despite pointing to the same object, then it'll > delete them incorrectly. ...restoring to iOS 14 now to test that > theory. Good news! The theory holds. Thanks for bringing that behavior to my attention. I think this should be fixable. iOS changing persistent keychain refs to be non-bijective I guess is a bit of a shocker, but I'm glad we've gotten to the bottom of it. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 3:57 ` Jason A. Donenfeld @ 2021-09-23 4:13 ` Jason A. Donenfeld 2021-09-23 4:21 ` Miguel Arroz 2021-09-23 14:41 ` Anatoli 0 siblings, 2 replies; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 4:13 UTC (permalink / raw) To: Miguel Arroz Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi, Fixed! https://git.zx2c4.com/wireguard-apple/commit/?id=03a59ff38e96fb3bb5dde2f15fe42198d1dfb995 Thank you to everyone in this thread who helped get to the bottom of this. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 4:13 ` Jason A. Donenfeld @ 2021-09-23 4:21 ` Miguel Arroz 2021-09-23 14:41 ` Anatoli 1 sibling, 0 replies; 40+ messages in thread From: Miguel Arroz @ 2021-09-23 4:21 UTC (permalink / raw) To: Jason A. Donenfeld Cc: WireGuard mailing list, Eddie, Anatoli, Roopesh Chander S, Alan Graham, oss Hi, Awesome! Thank you for the quick fix. Regards, Miguel Arroz > On Sep 22, 2021, at 9:13 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi, > > Fixed! https://git.zx2c4.com/wireguard-apple/commit/?id=03a59ff38e96fb3bb5dde2f15fe42198d1dfb995 > > Thank you to everyone in this thread who helped get to the bottom of this. > > Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 4:13 ` Jason A. Donenfeld 2021-09-23 4:21 ` Miguel Arroz @ 2021-09-23 14:41 ` Anatoli 2021-09-23 17:26 ` Jason A. Donenfeld 1 sibling, 1 reply; 40+ messages in thread From: Anatoli @ 2021-09-23 14:41 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: WireGuard mailing list Great! Thanks for a quick solution! Please let us know in this thread when the update is in the AppStore. > On 23 Sep 2021, at 01:14, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi, > > Fixed! https://git.zx2c4.com/wireguard-apple/commit/?id=03a59ff38e96fb3bb5dde2f15fe42198d1dfb995 > > Thank you to everyone in this thread who helped get to the bottom of this. > > Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 14:41 ` Anatoli @ 2021-09-23 17:26 ` Jason A. Donenfeld 2021-09-24 2:17 ` Jason A. Donenfeld 0 siblings, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-23 17:26 UTC (permalink / raw) To: Anatoli; +Cc: WireGuard mailing list On Thu, Sep 23, 2021 at 8:42 AM Anatoli <me@anatoli.ws> wrote: > Please let us know in this thread when the update is in the AppStore. Indeed I will. It's been in the "waiting for review" state for about 13 hours. So hopefully that'll change somewhat soonish. Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-23 17:26 ` Jason A. Donenfeld @ 2021-09-24 2:17 ` Jason A. Donenfeld 2021-09-24 8:05 ` Alan Graham 0 siblings, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-24 2:17 UTC (permalink / raw) To: Anatoli; +Cc: WireGuard mailing list On Thu, Sep 23, 2021 at 11:26 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > On Thu, Sep 23, 2021 at 8:42 AM Anatoli <me@anatoli.ws> wrote: > > Please let us know in this thread when the update is in the AppStore. > > Indeed I will. It's been in the "waiting for review" state for about > 13 hours. So hopefully that'll change somewhat soonish. This has been released now. I'll send out an email in a new thread announcing this. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-24 2:17 ` Jason A. Donenfeld @ 2021-09-24 8:05 ` Alan Graham 0 siblings, 0 replies; 40+ messages in thread From: Alan Graham @ 2021-09-24 8:05 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: Anatoli, WireGuard mailing list I can confirm that upgrading wireguard, and then upgrading to iOS 15 works flawlessly with the released bits. Best wishes, Alan On Thu, Sep 23, 2021 at 7:27 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > On Thu, Sep 23, 2021 at 11:26 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > > > On Thu, Sep 23, 2021 at 8:42 AM Anatoli <me@anatoli.ws> wrote: > > > Please let us know in this thread when the update is in the AppStore. > > > > Indeed I will. It's been in the "waiting for review" state for about > > 13 hours. So hopefully that'll change somewhat soonish. > > This has been released now. I'll send out an email in a new thread > announcing this. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 19:28 ` Jason A. Donenfeld 2021-09-22 19:58 ` Jeffrey Walton 2021-09-22 22:15 ` Jason A. Donenfeld @ 2021-09-22 22:24 ` Anatoli 2021-09-22 22:26 ` Jason A. Donenfeld 2 siblings, 1 reply; 40+ messages in thread From: Anatoli @ 2021-09-22 22:24 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: WireGuard mailing list [-- Attachment #1: Type: text/plain, Size: 271 bytes --] I can confirm that recreating the tunnel from scratch does work. So the problem is that the tunnel settings become corrupted when iOS is upgraded from 13.x / 14.x to 15.0. Here are some printscreens of how it looks like (in Spanish): Tunnel details look this way: [-- Attachment #2: image0.jpeg --] [-- Type: image/jpeg, Size: 20223 bytes --] [-- Attachment #3: Type: text/plain, Size: 76 bytes --] When on the previous screen you click Edit, the edit page opens this way: [-- Attachment #4: image1.jpeg --] [-- Type: image/jpeg, Size: 35644 bytes --] [-- Attachment #5: Type: text/plain, Size: 181 bytes --] When you try to activate such a tunnel, you get the error saying: “Activation failure: it wasn’t possible to recover the tunnel information from the saved configuration” [-- Attachment #6: image2.jpeg --] [-- Type: image/jpeg, Size: 25063 bytes --] [-- Attachment #7: Type: text/plain, Size: 560 bytes --] > On 22 Sep 2021, at 16:28, Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi all, > > I've got a new build submitted to the App Store, and so now we wait > for Apple's review. > > I do not understand the root cause or how it might resolve itself yet, > because I haven't been able to reproduce. But I've removed the > ridiculous code that deletes network profiles when the keychain can't > be opened. My hope is that the open failure is transient, and so this > fix will be sufficient to unwedge it. I guess we'll see... > > Jason ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:24 ` Anatoli @ 2021-09-22 22:26 ` Jason A. Donenfeld 2021-09-22 23:12 ` Anatoli 0 siblings, 1 reply; 40+ messages in thread From: Jason A. Donenfeld @ 2021-09-22 22:26 UTC (permalink / raw) To: Anatoli; +Cc: WireGuard mailing list On Wed, Sep 22, 2021 at 4:24 PM Anatoli <me@anatoli.ws> wrote: > > I can confirm that recreating the tunnel from scratch does work. So the problem is that the tunnel settings become corrupted when iOS is upgraded from 13.x / 14.x to 15.0. What are you testing? The new version of the app or the old one? Does the new one corrupt settings or only the old one? Precision is important here. ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 22:26 ` Jason A. Donenfeld @ 2021-09-22 23:12 ` Anatoli 2021-09-22 23:53 ` Alan Graham 0 siblings, 1 reply; 40+ messages in thread From: Anatoli @ 2021-09-22 23:12 UTC (permalink / raw) To: Jason A. Donenfeld; +Cc: WireGuard mailing list Sorry, I replied before I've got your mail about the new version. This is how the old version was behaving. Haven't tested yet the new version. I'll test it and report today or tomorrow. On 22/9/21 19:26, Jason A. Donenfeld wrote: > On Wed, Sep 22, 2021 at 4:24 PM Anatoli <me@anatoli.ws> wrote: >> >> I can confirm that recreating the tunnel from scratch does work. So the problem is that the tunnel settings become corrupted when iOS is upgraded from 13.x / 14.x to 15.0. > > What are you testing? The new version of the app or the old one? Does > the new one corrupt settings or only the old one? Precision is > important here. > ^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: WireGuard Configurations Gone After iOS 15 Upgrade 2021-09-22 23:12 ` Anatoli @ 2021-09-22 23:53 ` Alan Graham 0 siblings, 0 replies; 40+ messages in thread From: Alan Graham @ 2021-09-22 23:53 UTC (permalink / raw) To: Anatoli; +Cc: Jason A. Donenfeld, WireGuard mailing list Hi, I have an iOS 15 iPhone 12 Pro Max with three tunnels configured. The upgrade from 14 to 15 busted the configs as described. I deleted and recreated one of the tunnels and it worked fine. I updated to today's bits (which appear to have been released in record time). The tunnel that I deleted and recreated is still working fine. The other two tunnels now have red backgrounds and I can no longer click them to see the (empty) details like I could in the older build. Trying to activate it does not work (it does not, however, rapidly switch between on and off). It looks like I can delete them by swiping left to reveal a delete button, but I can leave them in their current state for more testing. I did not have on-demand turned on for any of the tunnels so I cannot speak to that partially working state. I have iCloud keychain on, so that doesn't appear to be a fix/workaround. I also have an iPad that I haven't upgraded yet, so I should be able to test the upgrade path, but I'm not sure these bits resolve the problem. Best regards, Alan On Wed, Sep 22, 2021 at 4:26 PM Anatoli <me@anatoli.ws> wrote: > > Sorry, I replied before I've got your mail about the new version. > > This is how the old version was behaving. Haven't tested yet the new version. > I'll test it and report today or tomorrow. > > > On 22/9/21 19:26, Jason A. Donenfeld wrote: > > On Wed, Sep 22, 2021 at 4:24 PM Anatoli <me@anatoli.ws> wrote: > >> > >> I can confirm that recreating the tunnel from scratch does work. So the problem is that the tunnel settings become corrupted when iOS is upgraded from 13.x / 14.x to 15.0. > > > > What are you testing? The new version of the app or the old one? Does > > the new one corrupt settings or only the old one? Precision is > > important here. > > ^ permalink raw reply [flat|nested] 40+ messages in thread
end of thread, other threads:[~2021-09-24 8:06 UTC | newest] Thread overview: 40+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-09-22 0:23 WireGuard Configurations Gone After iOS 15 Upgrade Eddie 2021-09-22 0:28 ` Eddie 2021-09-22 0:45 ` Miguel Arroz 2021-09-22 3:14 ` Jason A. Donenfeld 2021-09-22 4:04 ` Anatoli 2021-09-22 4:50 ` Jason A. Donenfeld 2021-09-22 5:17 ` Jason A. Donenfeld [not found] ` <CAMaqUZ2dTaOJ3oPex0pQxBM9njHA7rW5Hb69MvG645n+ya_jhQ@mail.gmail.com> 2021-09-22 13:59 ` Jason A. Donenfeld 2021-09-22 14:47 ` Andrew Fried 2021-09-22 15:23 ` Eddie 2021-09-22 16:50 ` Miguel Arroz 2021-09-22 19:28 ` Jason A. Donenfeld 2021-09-22 19:58 ` Jeffrey Walton 2021-09-22 22:15 ` Jason A. Donenfeld 2021-09-22 22:31 ` Miguel Arroz 2021-09-22 22:35 ` Jason A. Donenfeld 2021-09-22 22:42 ` Miguel Arroz 2021-09-22 22:43 ` Jason A. Donenfeld 2021-09-22 22:45 ` Eddie 2021-09-22 22:55 ` Eddie 2021-09-22 22:55 ` Jason A. Donenfeld [not found] ` <814501e8-c2c8-1e0a-2f30-fd83fb7769ec@attglobal.net> [not found] ` <CAHmME9p5C3bGT=gXV6WQ5HNOBTtitXdGwKm7EaOv_bnVVvX5vA@mail.gmail.com> 2021-09-22 22:56 ` Eddie 2021-09-23 1:34 ` Jason A. Donenfeld 2021-09-23 2:49 ` Jason A. Donenfeld 2021-09-23 2:54 ` Miguel Arroz 2021-09-23 3:06 ` Miguel Arroz 2021-09-23 3:09 ` Jason A. Donenfeld 2021-09-23 3:19 ` Miguel Arroz 2021-09-23 3:22 ` Jason A. Donenfeld 2021-09-23 3:57 ` Jason A. Donenfeld 2021-09-23 4:13 ` Jason A. Donenfeld 2021-09-23 4:21 ` Miguel Arroz 2021-09-23 14:41 ` Anatoli 2021-09-23 17:26 ` Jason A. Donenfeld 2021-09-24 2:17 ` Jason A. Donenfeld 2021-09-24 8:05 ` Alan Graham 2021-09-22 22:24 ` Anatoli 2021-09-22 22:26 ` Jason A. Donenfeld 2021-09-22 23:12 ` Anatoli 2021-09-22 23:53 ` Alan Graham
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).