Closed lewtopia closed 3 months ago
@lewtopia Hello! Apple devices require .mobileconfig
files to have a password when importing. The password cannot be blank. As a result, this project handles this password in the following way. There are two cases:
VPN_PROTECT_CONFIG
is NOT set to yes
(or not set), a random password is generated to protect the .mobileconfig
file, and that password is embedded in the .mobileconfig
file itself. Apple devices will retrieve the password from the file automatically when importing, and will not ask the user for the password during import. In your issue description, you are probably referring to this password. It is the password used when encrypting the certificate in the file.If VPN_PROTECT_CONFIG
is set to yes
, a random password is generated to protect the .mobileconfig
files, but the password is NOT embedded in the .mobileconfig
files. To retrieve the generated password, first open a Bash shell inside the container, then run cat /etc/ipsec.d/.vpnconfig
. If this file does not exist, this case (2) does not apply to you, see (1) above instead.
Note that if VPN_PROTECT_CONFIG
was previously set to yes
, changing it to no
at a later time will not remove the password. If you want to remove the password for newly generated client configuration files, remove /etc/ipsec.d/.vpnconfig
inside the container, then run sudo ikev2.sh
to re-create the client configuration.
I think I found the problem: see if your mirror version is old, and if so, update it to the latest version. Because of Aliyun's image warehouse, I pulled the image from two years ago that caused the same problem as you. Today, I changed the image warehouse, and the updated version was solved.
Checklist
Describe the issue Even when VPN_CONFIG_PROTECT is set to NO, the produced certificates are password protected.
When examining the vpnuser.mobileconfig file in an editor, the certificate section does display a password key / value, but this string is not the password, as it fails to open the certificate.
How or where to find the password that is generated to config protect the certificates?
To Reproduce Steps to reproduce the behavior:
Expected behavior 1) reveal the certificate password
OR
2) DON'T password protect certificates
Logs
Server (please complete the following information)
Client (please complete the following information)
Additional context Add any other context about the problem here.