> On Jan 24, 2016, at 2:53 PM, Kyle Silfer <k...@rtoads.com> wrote: > > Here’s another piece of info I found out by trial and error and have been > meaning to report. > > Apple's Contacts client refuses to connect on nonstandard ports (for example, > it wants 8843 for SSL). You have the option to change the port number after > it fails its initial connect, but it doesn't really work. Once I matched the > port number, it worked fine for newer clients (although not with the OS X > 10.6 Address Book).
Depending on your server-side / DNS setup, you may have more reliable results by using the 'manual' connection setup in Contacts; the one where you specify username, password, and server, instead of email address and password. A CardDAV client can try multiple things when setting up an account, including looking for DNS SRV records and looking for /.well-known configuration. Both of these can help mitigate problems when using 'automatic' setup, when the server that doesn't have an IP address returned by a request for a DNS A (address) record for the email address domain. More info on these techniques can be found here: https://tools.ietf.org/html/rfc6764 <https://tools.ietf.org/html/rfc6764>. In my experience this can usually be shortcut by supplying user@servername instead of email address. > Because calendarserver delivers both Contacts and Calendars on the same port > (8443 by default), it becomes necessary to do something like redirect port > 8843 to 8443 either on the host (using rinetd in Linux) or using NAT on an > external device. For me, Contacts has no problem accessing 443, which in my case is also reverse proxied to Calendar & Contacts server. sudo lsof -n -l -P | grep Contacts: Contacts 7509 501 61u IPv4 0x98ff3c379420f4ff 0t0 TCP 192.168.2.89:52097->1.2.3.4:443 (ESTABLISHED) I also experimented with forcing Contacts to use other ports. If you're game, give some of this a try and report back. 1) On the client, add two lines to the end of /etc/pf.conf to block outbound packets to the server on ports 443 and 8443: block out quick on en0 proto tcp from any to 1.2.3.4 port 443 block out quick on en0 proto tcp from any to 1.2.3.4 port 8443 2) Load rules & enable pf if it wasn't already enabled. sudo pfctl -Fa -f /etc/pf.conf sudo pfctl -e 3) double check: ╭─ andre@foci ~ ╰─ $ nc -v -G 2 -z example.com 443 2>&1 | tail -n 1 nc: connectx to example.com port 443 (tcp) failed: Operation timed out ╭─ andre@foci ~ ╰─ $ nc -v -G 2 -z example.com 8443 2>&1 | tail -n 1 nc: connectx to example.com port 8443 (tcp) failed: Operation timed out ╭─ andre@foci ~ ╰─ $ nc -v -G 2 -z example.com 8843 2>&1 | tail -n 1 Connection to example.com port 8843 [tcp/*] succeeded! 4) Add Contacts account in 'manual' mode, specifying user@servername instead of email address. The client did fine by default (when the server accepted 443, 8443, 8443), and with 443 blocked. When I blocked 8443, account setup failed the first time, and worked the second time. Weird. 5) Disable the block rules by commenting the two lines you added to /etc/pf.conf, then sudo pfctl -Fa -f /etc/pf.conf -dre
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users
