Skip to content

Agent Tunnel installer follow-ups: enrollment-success != tunnel connectivity; dialog localization #1831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
irvingouj@Devolutions (irvingoujAtDevolution) wants to merge 1 commit into
base: master
Choose a base branch
from
+19 −0
Draft

Agent Tunnel installer follow-ups: enrollment-success != tunnel connectivity; dialog localization #1831

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions devolutions-agent/src/enrollment.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,14 @@ pub async fn enroll_agent(
let (key_pem, csr_pem) = generate_key_and_csr(&agent_name)?;

let enroll_response = request_enrollment(gateway_url, enrollment_token, &csr_pem).await?;

// TODO(agent-tunnel): enrollment success here only means the HTTPS cert exchange on
// POST /jet/tunnel/enroll succeeded and the config was persisted — it does NOT verify the
// QUIC tunnel (UDP, quic_endpoint) can actually be established. The installer's
// EnrollAgentTunnel custom action reports "success" on this return, so a blocked QUIC port
// (e.g. firewall on UDP 4433) yields a green install while the agent never comes online and
// silently auto-reconnects forever. Add a short post-enroll QUIC connectivity probe to
// enroll_response.quic_endpoint and surface a clear warning/failure when it can't connect.
persist_enrollment_response(agent_name, advertise_subnets, enroll_response, &key_pem)
}

Expand Down
11 changes: 11 additions & 0 deletions package/AgentWindowsManaged/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,17 @@ private static void Project_UIInitialized(SetupEventArgs e)
strings.Add(s.Attributes["Id"].Value, s.InnerText);
}

// TODO(agent-tunnel): these strings are loaded into a LOCAL dict that only feeds the
// pre-flight MessageBoxes below (x86 / .NET 4.8 / newer-installed). The custom dialogs
// (AgentTunnelDialog, AgentDialog title, etc.) resolve their "[Key]" labels via
// MsiRuntime.Localize, which is NOT populated from these custom strings — light.exe only
// emits strings referenced via !(loc.X) into the MSI, and the custom "[Key]" labels are
// never !(loc.X)-referenced, so they fall back to the raw key name in the UI
// (e.g. "AgentTunnelDlgTitle" shows literally). Wire this `strings` dict into the
// ManagedUI runtime localization (or have the custom dialogs use a shared I18n backed by
// it) so the labels render. Standard dialogs (Welcome/InstallDir) work only because
// WixSharp's built-in UI references those standard IDs via !(loc.X).

string I18n(string key)
{
if (!strings.TryGetValue(key, out string result))
Expand Down
Loading