Adguardhome: .mobileconfig generator
Hello,
as you know, new versions of iOS and macOS support DNS encryption by native. But to do this, we need to generate a configuration file in a special format (.mobileconfig). Here is an example of such a file:
https://www.reddit.com/r/MacOSBeta/comments/i21e59/how_to_set_up_cloudflare_dns_over_tls_secure_dns/
Is it possible to add the function of its generation and download in the section with settings? What do you think about this feature?
Thank you.
Cheers!馃
ammnt
All 4 comments
What we should do:
- Add a mobile profile generator URLs:
https://aghome/apple/dot.mobileconfighttps://aghome/apple/doh.mobileconfig
- These URLs should be available to authorized users only
- These links are only available if encryption is configured
- We should add these links to the Setup guide.
Here's how mobileconfig looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Name</key>
<string>AdGuard DNS over HTTPS</string>
<key>PayloadDescription</key>
<string>Configures device to use AdGuard DNS</string>
<key>PayloadDisplayName</key>
<string>AdGuard DNS</string>
<key>PayloadIdentifier</key>
<string>com.apple.dnsSettings.managed.767A11FC-31D2-4950-815E-B37B15448CA2</string>
<key>PayloadType</key>
<string>com.apple.dnsSettings.managed</string>
<key>PayloadUUID</key>
<string>767A11FC-31D2-4950-815E-B37B15448CA2</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>DNSSettings</key>
<dict>
<key>DNSProtocol</key>
<string>HTTPS</string>
<key>ServerURL</key>
<string>https://dns.adguard.com/dns-query</string>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Adds AdGuard DNS toBig Sur and iOS 14 or newer systems</string>
<key>PayloadDisplayName</key>
<string>AdGuard DNS</string>
<key>PayloadIdentifier</key>
<string>E3E3CB8B-C59E-486B-A713-D765328DB2A2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F2609BEA-93D6-4966-8487-33713DBCB644</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
For DOT it looks like this:
<key>DNSProtocol</key>
<string>TLS</string>
<key> ServerName</key>
<string>dns.adguard.com</string>
ameshkov
on 17 Sep 2020
@ameshkov, thanks for the answer! For DoT it has to be <key>ServerName</key> string, not <key>ServerURL</key>, i suppose. NextDNS have already implemented something like this and you can see how it works with them.
And we will need to consider one more thing for the future - these are clients identifiers and their indication in .mobileconfig. It must be dynamic variables <key>ServerURL</key> and <key>ServerName</key>, i think? NextDNS don't have this yet馃檭
ammnt
on 17 Sep 2020
@ameshkov, please also pay attention that this will allow us to identify the device model too (iphone, macbook, ipad etc.). Can't this profile be signed by your developer certificate?
ammnt
on 5 Oct 2020
please also pay attention that this will allow us to identify the device model too (iphone, macbook, ipad etc.).
Only in conjunction with #1383
Can't this profile be signed by your developer certificate?
We can't use our cert to sign third-parties' profiles.
ameshkov
on 5 Oct 2020
Related issues
thb007
路
3Comments
Iconology
路
3Comments
snhv
路
3Comments
ameshkov
路
3Comments
TXC
路
3Comments
Most helpful comment
What we should do:
https://aghome/apple/dot.mobileconfighttps://aghome/apple/doh.mobileconfigHere's how mobileconfig looks like:
For DOT it looks like this: