when trying to connect to dev tunnel, i get an Exception... this happens on several computers.

HTTP: PUT https://euw.rel.tunnels.api.visualstudio.com/tunnels/amusing-pond-pc4n3qt/endpoints/84254436-e1fe-4066-bba7-fe7a41f07947-relay?api-version=2023-09-27-preview&connectionMode=TunnelRelay
HTTP: Authorization: github
HTTP: User-Agent: Dev-Tunnels-Service-CLI/1.0.1160+d54aaf0b07
HTTP: User-Agent: (OS:Microsoft Windows 10.0.19045)
HTTP: User-Agent: Dev-Tunnels-Service-CSharp-SDK/1.1.7+869adcec1c
HTTP: {
"id": "84254436-e1fe-4066-bba7-fe7a41f07947-relay",
"connectionMode": "TunnelRelay",
"hostId": "84254436-e1fe-4066-bba7-fe7a41f07947",
"hostPublicKeys": [
---deleted by me---
]
}
HTTP: DELETE https://euw.rel.tunnels.api.visualstudio.com/tunnels/amusing-pond-pc4n3qt?api-version=2023-09-27-preview
HTTP: Authorization: github
HTTP: User-Agent: Dev-Tunnels-Service-CLI/1.0.1160+d54aaf0b07
HTTP: User-Agent: (OS:Microsoft Windows 10.0.19045)
HTTP: User-Agent: Dev-Tunnels-Service-CSharp-SDK/1.1.7+869adcec1c
Unhandled exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken , ExceptionDispatchInfo )
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions )
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean )
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions , HttpRequestMessage , Boolean , Stream , CancellationToken )
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions , HttpRequestMessage , Boolean , Stream , CancellationToken )
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage )
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken )
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage , Boolean , Boolean , CancellationToken )
at Microsoft.DevTunnels.Cli.Options.TracingHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Options/TracingHttpHandler.cs:line 42
at Microsoft.DevTunnels.Management.FollowRedirectsHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellation)
at System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage , HttpCompletionOption , CancellationTokenSource , Boolean , CancellationTokenSource , CancellationToken )
at Microsoft.DevTunnels.Management.TunnelManagementClient.SendRequestAsync[TRequest,TResult](HttpMethod method, Uri uri, TunnelRequestOptions options, AuthenticationHeaderValue authHeader, TRequest body, CancellationToken cancellation)
at Microsoft.DevTunnels.Management.TunnelManagementClient.SendTunnelRequestAsync[TRequest,TResult](HttpMethod method, Tunnel tunnel, String[] accessTokenScopes, String path, String query, TunnelRequestOptions options, TRequest body, CancellationToken cancellation, Boolean isCreate)
at Microsoft.DevTunnels.Management.TunnelManagementClient.DeleteTunnelAsync(Tunnel tunnel, TunnelRequestOptions options, CancellationToken cancellation)
at Microsoft.DevTunnels.Cli.Commands.HostCommand.HostAsync(UInt16[] portNumbers, String protocol, String sshUser, TunnelCommandOptions options, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Commands/HostCommand.cs:line 434

I would like to host/test a dotnet asp api on my raspberry Pi. But it seems devtunnel cli doesnot work on it.

steps:

1. run the following command on Pi4 accoordind to the instructions on link

curl -sL https://aka.ms/DevTunnelCliInstall | bash

2. Here is the output of installation command

Downloading the devtunnel CLI...
Selecting previously unselected package libsecret-common.
(Reading database ... 45756 files and directories currently installed.)
Preparing to unpack .../libsecret-common_0.20.4-2_all.deb ...
Unpacking libsecret-common (0.20.4-2) ...
Selecting previously unselected package libsecret-1-0:armhf.
Preparing to unpack .../libsecret-1-0_0.20.4-2_armhf.deb ...
Unpacking libsecret-1-0:armhf (0.20.4-2) ...
Setting up libsecret-common (0.20.4-2) ...
Setting up libsecret-1-0:armhf (0.20.4-2) ...
Processing triggers for libc-bin (2.31-13+rpt2+rpi1+deb11u5) ...
devtunnel CLI installed!

Version:
bash: line 71: /root/bin/devtunnel: No such file or directory
    

To get started, run:
    source ~/.bashrc
    devtunnel -h

3. after source import the bashrc and run devtunnel, even I reboot the device, this devtunnel cli tool always report

-bash: /root/bin/devtunnel: No such file or directory

environment

• raspberry Pi 4B with 4G ram
• 2023-05-03-raspios-bullseye-armhf-lite.img installed

This library looks very interesting, but there is no any description about the prupose of it. Is it somehow connected with VSCode Remote extensions?

Hi,
I am developing Teams Platform apps with SSO in place. I need to deploy these in local for faster evaluation and register these urls in Azure portal.

I rely on devtunnel's fixed url to save myself from updating the azure portal app registration.

I think I have run out of my quota. I need another 6 GB quota.

Kindly update the max bandwidth.

when access the api every 2 or 3 sec once unable to get the response and did not throw any error response.

and also i checked in dev tools, there is no hit for that api

Would be great if we can have an sdk to manage tunnels via python.

This tool is positioned as a replacement for ngrok. One very useful feature of ngrok is the ability to view the request/response on a currently running tunnel.

I can't figure out how to do this with this tool, either through the browser (like ngrok) or via the CLI.

I can see an active tunnel...

devtunnel show <tunnel-id>

But when I connect to it, it just outputs a stream of "opened" ports and never shows any data on them...

devtunnel connect <tunnel-id>

Is it possible to get a debug view of the traffic without using another tool?

I`d like to test a web server on a old low RAM memeory PC which is Win10 LTSB x86.

Is there a x86 version for this great tool?

I started a gRPC server on ASP.NET Core and then tried to access it from a client through Dev Tunnels.

The client throws the following exception:

Grpc.Core.RpcException: 'Status(StatusCode="Internal", Detail="Error starting gRPC call. HttpRequestException: Requesting HTTP version 2.0 with version policy RequestVersionOrHigher while unable to establish HTTP/2 connection.", DebugException="System.Net.Http.HttpRequestException: Requesting HTTP version 2.0 with version policy RequestVersionOrHigher while unable to establish HTTP/2 connection.")'

The tunnel appears to downgrade HTTP requests, is it not compatible with HTTP/2?

Hi, can someone tell is there any option to launch devtunnel host
In detached (background mode)?

I've been trying out Dev Tunnels as a replacement for ngrok but I've run into a problem that persistent tunnels work fine for hours but stop responding after a while. I'm not sure what triggers this, it could be a hibernate/resume on my dev machine, could be that the tunnel is idle overnight, might be something else altogether. The current tunnel I'm trying is at https://zllwmpxn-7190.usw3.devtunnels.ms/, the simplest way to test is just browse to it but if I do that it times out. The DNS entry looks ok:

C:\>nslookup zllwmpxn-7190.usw3.devtunnels.ms
Server:  Linksys05100
Address:  192.168.7.1

Non-authoritative answer:
Name:    tunnels-prod-rel-usw3-v3-cluster.westus3.cloudapp.azure.com
Address:  20.125.70.28
Aliases:  zllwmpxn-7190.usw3.devtunnels.ms
          tunnels-prod-rel-usw3-live-tm.trafficmanager.net
          v3-usw3.cluster.rel.tunnels.api.visualstudio.com

The tunnel inspection URI works but shows no traffic. It's a public persistent tunnel (see image), but for security I'll recreate it once this problem is resolved.

The tunnel was created using Visual Studio and I am new to this so I may be missing something obvious.

I am running into CORS issues when connecting from a browser to a local REST API through devtunnel.
The reason seems to be that devtunnel rewrites the Origin request header to http://localhost:nnnn in some cases.

To reproduce, consider a PHP web application that returns the Origin request header:

<?php
# file index.php
echo "Origin:" . (print_r($_SERVER['HTTP_ORIGIN'], true)) . "\n";

If I run this locally using PHP's built-in web server:

php -S 0:8080 index.php

I can use curl to inspect the Origin header received:

$ curl http://localhost:8080 -H'Origin: http://whatever.example.com'
Origin:http://whatever.example.com

If I start a devtunnel and use that, it works similarly:

$ curl https://abcd1234.euw.devtunnels.ms:8080 -H'Origin: http://whatever.example.com'
Origin:http://whatever.example.com

But if I use an origin for the devtunnel host on a different port, the Origin suddenly gets rewritten to localhost:

$ curl https://abcd1234.euw.devtunnels.ms:8080 -H'Origin: https://abcd1234.euw.devtunnels.ms:8081'
Origin:http://localhost:8080

This is causing CORS issue when I have a frontend and a backend application using the same devtunnel hostname with different ports.

I apologize in advance as this is most likely the wrong place to request this feature, but I could not find a better place for it.

It would be great to have the ability to reserve a permanent host name, especially one that is slightly friendlier when we have to tell it to somebody over the phone or type it in on a mobile device. Because of the multi-region support, this might not be possible. But I would think in most cases we'd get good enough results since I don't normally move around geographically much when testing stuff via dev tunnels.

The general reasoning is that while the 30-day persisted name is very helpful, it's not uncommon for us to work with external services (for example mailgun) in our testing. We don't need the tunnel to test with these services very often, but it's still a pain to go in and reconfigure the service for a new URL if it has been more than 30 days since we last used the tunnel. This is especially true when it's a shared service that multiple developers use. Each developer has to reconfigure the service to point to their instance instead of spinning up a tunnel with a common name available to all developers.

Bonus points would be if we could reserve an entire prefix for our name/organization.

https://<reserved-name>.usw3.devtunnels.ms
https://*.<reserved-name>.usw3.devtunnels.ms

I would be fine if reserved-name was something that was still assigned to use. Since we have to sign in to our MS account, if it was either our e-mail/login name or org name, that would suffice so that we can't just start gobbling up easy to type names. So:

https://user_domain_org.usw3.devtunnels.ms
https://*.org-name.usw3.devtunnels.ms

@jfullerton44 in this change, the ID for the tunnel endpoint became mandatory

https://github.com/microsoft/dev-tunnels/blame/c85e0671d98dd25331149959af6e4adf67dfb2b8/cs/src/Contracts/TunnelEndpoint.cs#L31

However, it seems like the Dev Tunnels service does not actually return that as a non-nullable string. For example, this is my tunnel in production

  "endpoints": [
    {
      "hostRelayUri": "wss://usw2-data.rel.tunnels.api.visualstudio.com/api/v1/Host/Connect/29034sjz",
      "clientRelayUri": "wss://usw2-data.rel.tunnels.api.visualstudio.com/api/v1/Client/Connect/29034sjz",
      "id": null,
      "connectionMode": "TunnelRelay",
      "hostId": "706f244f-a4d3-422c-a8a4-f8dc272cb7e5",
      "portUriFormat": "https://29034sjz-{port}.usw2.devtunnels.ms/",
      "tunnelUri": "https://29034sjz.usw2.devtunnels.ms/",
      "portSshCommandFormat": "ssh 29034sjz-{port}@ssh.usw2.devtunnels.ms",
      "tunnelSshCommand": "ssh [email protected]"
    }
  ],

So, trying to parse that in Rust gives invalid type: null.

The generator uses the presence of the [JsonIgnore(...)] attribute to determine if a field should be nullable. Should that be applied to the ID?

This call (https://??????-4443-inspect.euw.devtunnels.ms/core/i18n/locales/it.json) with the browser in Italian returns a 404 error.
By setting the browser to English, however, this error is not encountered.

Failed to create dev tunnel 'mytesttunnel': Creating the dev tunnel failed. The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

VS version: Version 17.6.4

Also tried to do the same via cli:
https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/get-started?tabs=windows

.\devtunnel.exe list --verbose
The SSL connection could not be established, see inner exception.

It seems: https://global.rel.tunnels.api.visualstudio.com/tunnels?includePorts=true&global=true&api-version=2023-05-23-preview&ownedTunnelsOnly=true

has a certificate issue?

See output:

MSAL: TokenEndpoint: ****
HTTP: GET https://global.rel.tunnels.api.visualstudio.com/tunnels?includePorts=true&global=true&api-version=2023-05-23-preview&ownedTunnelsOnly=true
HTTP: Authorization: Bearer <token>
HTTP: User-Agent: Dev-Tunnels-Service-CLI/1.0.964+9595af4514
HTTP: User-Agent: Dev-Tunnels-Service-CSharp-SDK/1.0.7453+26a92598d1
Unhandled exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken , ExceptionDispatchInfo )
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions )
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean )
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions , HttpRequestMessage , Boolean , Stream , CancellationToken )
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions , HttpRequestMessage , Boolean , Stream , CancellationToken )
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage , Boolean , CancellationToken )
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage )
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken )
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage , Boolean , CancellationToken )
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage , Boolean , Boolean , CancellationToken )
   at Microsoft.DevTunnels.Cli.Options.TracingHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Options/TracingHttpHandler.cs:line 42
   at Microsoft.DevTunnels.Management.FollowRedirectsHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellation)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage , HttpCompletionOption , CancellationTokenSource , Boolean , CancellationTokenSource , CancellationToken )
   at Microsoft.DevTunnels.Management.TunnelManagementClient.SendRequestAsync[TRequest,TResult](HttpMethod method, Uri uri, TunnelRequestOptions options, AuthenticationHeaderValue authHeader, TRequest body, CancellationToken cancellation)
   at Microsoft.DevTunnels.Management.TunnelManagementClient.SendRequestAsync[TRequest,TResult](HttpMethod method, String clusterId, String path, String query, TunnelRequestOptions options, TRequest body, CancellationToken cancellation)
   at Microsoft.DevTunnels.Management.TunnelManagementClient.ListTunnelsAsync(String clusterId, String domain, TunnelRequestOptions options, Nullable`1 ownedTunnelsOnly, CancellationToken cancellation)
   at Microsoft.DevTunnels.Cli.Commands.CommandUtils.GetUserTunnelsAsync(CommonOptions options, IUserManager userManager, TunnelRequestOptions requestOptions, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Commands/CommandUtils.cs:line 136
   at Microsoft.DevTunnels.Cli.Commands.TunnelCommands.ListAsync(String[] tags, String[] allTags, Nullable`1 limit, CommonOptions options, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Commands/TunnelCommands.cs:line 216

I'm developing Web UI to inference video/image based on trained Deep Learning. So the web app is using resource that related with bandwidth, transfer rate, request body size.
I need to grading the dev tunnellimitation with this specification:

I'm trying to use Dev Tunnels with my Blazor .NET client application. I also have a REST API project (.NET 7) that the client utilizes.
The API is hosted in Azure, but I cannot get the client to make successful API requests when the client is running in a Dev Tunnel.
In Fiddler, I see the client making HTTP OPTIONS /protected/Provider HTTP/1.1 requests, but no other HTTP verbs are used in any requests.

I updated the CORS settings for the API to include the client dev tunnel URL (the actual settings file does not have any x 'd-out data).
"CorsPolicySettings": {
"Origins": [
"https://localhost:7094",
"https://xxxxxxxx-7094.use2.devtunnels.ms/"
]
},

What am I missing?

I set up a dev tunnel for the API running locally on my machine, and I can connect to it with the client just fine when the client is not using a dev tunnel. But when I switch the client to a dev tunnel, I have the same issue where no API requests are made - just the HTTP OPTIONS.

Here is an example header from an HTTP request:

Request URL:
https://xxxxxxxxxxxxxxxxxx.azurewebsites.net/protected/Provider
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: 127.0.0.1:8888
Referrer Policy: same-origin

With latest version the url is not print anymore after the port in devtunnel show output and with the new human readable id, the url does not seems to match the new id.

I need to know this info before running withtou running devtunnel host the tunnel is active in another terminal and I cannot run the commande or it will kill it.

Is the new id style also bind to a url ? Is it safe to depend on it now ? or could you just display the url again in the devtunnel show

Will the cli project for devTunnel also be open source? I coudn't find it currenlty.

When trying to start my tunnel today, with devtunnel host I'm getting the following error:

Unhandled exception: System.ArgumentNullException: Value cannot be null. (Parameter 'id')
   at Microsoft.Requires.NotNullOrEmpty(String value, String parameterName)
   at Microsoft.DevTunnels.Management.TunnelManagementClient.DeleteTunnelEndpointsAsync(Tunnel tunnel, String id, TunnelRequestOptions options, CancellationToken cancellation)
   at Microsoft.DevTunnels.Cli.Commands.HostCommand.HostAsync(UInt16[] portNumbers, String protocol, String sshUser, TunnelCommandOptions options, CancellationToken cancellation) in /__w/1/s/src/Tunnel/Src/CLI/Commands/HostCommand.cs:line 267

devtunnel show 
Tunnel ID             : xxxxxx
Name                  : 
Description           : 
Labels                : some-label
Access control        : {+Anonymous [connect]}
Host connections      : 0
Client connections    : 0
Current upload rate   : 0 MB/s (limit: 20 MB/s)
Current download rate : 0 MB/s (limit: 20 MB/s)
Upload total          : 16 MB
Download total        : 226 MB
Ports                 : 1
  8084  auto  https://xxxxxx-8084.use.devtunnels.ms/  
Tunnel Expiration     : 28.7 days

devtunnel version

Tunnel CLI version: 1.0.1042+788c4fbe73

Tunnel service URI        : https://global.rel.tunnels.api.visualstudio.com/
Tunnel service version    : 1.0.1046.58452 (54e4c4e036; 2023-11-22 23:50:22Z)
Tunnel service cluster    : use

Dev tunnels is a great feature, however it would be great if I was able to host the forwarding service on-site for those who need the additional security. Especially now that vscode server has removed the option to serve-local

I'm getting HTTP response code 301 for any operation, including listing tunnels, creating new tunnel, etc.
Same thing happens in Visual Studio.

I'm trying it on company PC, which has ZScaler proxy. Maybe it breaks it.
Shouldn't this tool follow address provided in response Location header?

We have developers starting to use these tunnels, we see this as a threat to our security. What we'd like to know is whether we have a way to:

(1) Prevent developers from using the unsafe options for the tunnel, like public and permanent
(2) Enforce that developers use the safe options for the tunnel, like private and temporary
 

Is there a central place where we can configure (1) and/or (2) in our ADO or GitHub tenants ? If we cannot do (1) and (2), what other controls do we have to secure this from a central point in an organization?

Thanks

While I was debbuing an application that calculate hash using the header name I discovered that dev-tunnels lowers the header name, an curl example:

curl --location 'https://host.devtunnels.ms/v1/actions/azdo-build-validation:add' \
--header 'X-OpsLevel-Timing: 1709083272' \
--header 'X-OpsLevel-Signature: sha256=347df57a124347c6db9c4117401763d4e6df61396623faf8c5c8a14f5c3984bd' \
--header 'Content-Type: application/json' \
--data '{
  "service": "pla-opslevel-integration-api",
  "repository": "hidrovias/pla-sln-opslevel-integration"
}'

And the log output using HttpLogginMiddleware(ASPNET CORE):

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[9]
      Request and Response:
      Protocol: HTTP/2
      Method: POST
      Scheme: https
      PathBase:
      Path: /v1/actions/azdo-build-validation:add
      Accept: */*
      Host: localhost:5011
      User-Agent: Faraday v1.10.3
      Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
      baggage: [Redacted]
      Content-Type: application/json
      traceparent: [Redacted]
      tracestate: [Redacted]
      Content-Length: 105
      x-request-id: [Redacted]
      x-real-ip: [Redacted]
      x-forwarded-proto: [Redacted]
      x-forwarded-host: [Redacted]
      x-forwarded-port: [Redacted]
      x-forwarded-scheme: [Redacted]
      x-original-uri: [Redacted]
      x-scheme: [Redacted]
      x-opslevel-timing: 1709085444
      x-opslevel-signature: sha256=32c77d5c0ee8bc84dcfae71838c5c7eb1fe17a8f3d3c5d6307d072460ba4c614
      x-datadog-trace-id: [Redacted]
      x-datadog-parent-id: [Redacted]
      x-datadog-sampling-priority: [Redacted]
      x-datadog-tags: [Redacted]
      sentry-trace: [Redacted]
      x-original-proto: [Redacted]
      x-forwarded-for: [Redacted]
      StatusCode: 401
      Content-Type: text/plain
      RequestBody: {
  "service": "pla-opslevel-integration-api",
  "repository": "hidrovias/pla-sln-opslevel-integration"
}
      RequestBodyStatus: [Completed]
      Duration: 59592,9107

using the configuration:

        builder.Services.AddHttpLogging(logging =>
        {
            logging.LoggingFields = HttpLoggingFields.RequestPropertiesAndHeaders | HttpLoggingFields.ResponsePropertiesAndHeaders | HttpLoggingFields.RequestBody | HttpLoggingFields.Duration;
            logging.RequestHeaders.Add("X-OpsLevel-Signature");
            logging.RequestHeaders.Add("X-OpsLevel-Timing");
        });

Is this the expected behaviour ?

I am currently working as an AI Researcher at Khyber Medical University. To connect to my workstation, I use Devtunnel. However, I have run out of my data limit. My account is linked with Microsoft via the email [email protected].

I kindly request an increase in my bandwidth to 10 GB.

I cannot seem to find how to set the access of the tunnel to organization. By default, it is private.

This documentation does not explain it: https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/cli-commands

Hello,

I'm trying to use devtunnel to test a shopify app. Some page are served through my server running locally through shopify. The cookies are then strip by shopify so the cookie tunnel_phishing_protection is not forwarded.

Is there any solution to skip this warning ?

I am running an HTTPS service locally, which I can access successfully on https://localhost:6001 (using Postman). If I expose this service via a tunnel and then try to access it via the tunnel URL (e.g. https://abcdefgh-6001.euw.devtunnels.ms), the connection fails with a 502 Bad Gateway and the server reports "Failed to authenticate HTTPS connection." and "Cannot determine the frame size or a corrupted frame was received.".

If I run the diagnostic server (devtunnel echo http -p 6001) the connection via the tunnel works just fine.

Do you have any idea what the problem may be? What might I do to investigate this further?

From within a vscode extension I issue the follwoing node-fetch request:

fetch("http://tunnel-address:80/path1/path2", {
headers: {
authorization: Bearer ${token},
accept: 'application/json'
}
});
(where "token" holds a valid token received from my api's login request.

I output all headers on server side and authorization header does not reach server.

When accessing directly without the tunnel, (i.e. url is http://localhost:9000/path1/path2) the authorization header IS recevied on the server side.

following instructions written here: https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/get-started?tabs=windows

error: ClientSSH: PortForwardingService connection to localhost:8080 failed: No connection could be made because the target machine actively refused it.
are there firewalls/other settings that need to be removed/installed to get dev tunnel working?

I am trying to connect a websocket over the devtunnel but the connection is not fully established.
I am trying using the wss:// protocol over the https:// endpoint.

Are websockets currently supported?

I've noticed that in recent days, creating a development tunnel or clicking 'Show Dev Tunnels Window' in VS is taking longer than it used to. Do you happen to know why this is happening and how I can resolve it?

And I have tried list dev tunnels in Dev Tunnel CLI, it seems to have the same problem.

I was trying to debug a Certificate Authentication issue using Tunneling.

Basically I have an Azure APIM, where I am doing a [send-request] (https://learn.microsoft.com/en-us/azure/api-management/send-request-policy) with authentication-certificate The request URL is my tunneled ASP.NET Core Web API running locally.

It looks like the certificate is not getting forwarded in: No client certificate found.

[21:42:59 INF] Request starting HTTP/2 GET https://localhost:7097/api/v1/Tenants/GetTenantByClientId?clientId=69fffd25-cd92-4db6-9a72-852e9cfbb7a0 - -
[21:42:59 DBG] No Content-Type header for request body.
[21:42:59 INF] Request:
Protocol: HTTP/2
Method: GET
Scheme: https
PathBase:
Path: /api/v1/Tenants/GetTenantByClientId
Host: localhost:7097
traceparent: [Redacted]
x-request-id: [Redacted]
x-real-ip: [Redacted]
x-forwarded-host: [Redacted]
x-forwarded-port: [Redacted]
x-forwarded-scheme: [Redacted]
x-original-uri: [Redacted]
x-scheme: [Redacted]
x-original-proto: [Redacted]
X-Original-For: [Redacted]
[21:42:59 DBG] 2 candidate(s) found for the request path '/api/v1/Tenants/GetTenantByClientId'
[21:42:59 DBG] Endpoint '[Redacted]TenantsController.GetTenantByClientId ([Redacted])' with route pattern 'api/v{version:apiVersion}/Tenants/GetTenantByClientId' is valid for the request path '/api/v1/Tenants/GetTenantByClientId'
[21:42:59 DBG] Endpoint '[Redacted]TenantsController.GetTenantByTenantCode ([Redacted])' with route pattern 'api/v{version:apiVersion}/Tenants/{tenantCode}' is valid for the request path '/api/v1/Tenants/GetTenantByClientId'
[21:42:59 DBG] Request matched endpoint '[Redacted]TenantsController.GetTenantByClientId ([Redacted])'
[21:42:59 DBG] Static files was skipped as the request already matched an endpoint.
[21:42:59 DBG] No client certificate found.
[21:42:59 DBG] AuthenticationScheme: Certificate was not authenticated.
[21:43:00 DBG] AuthenticationScheme: Certificate was not authenticated.
[21:43:00 INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
[21:43:00 INF] AuthenticationScheme: Bearer was challenged.
[21:43:00 INF] AuthenticationScheme: Certificate was challenged.
[21:43:00 INF] Response:
StatusCode: 403
WWW-Authenticate: [Redacted]
[21:43:00 INF] Request finished HTTP/2 GET https://localhost:7097/api/v1/Tenants/GetTenantByClientId?clientId=69fffd25-cd92-4db6-9a72-852e9cfbb7a0 - - - 403 0 - 1363.3172ms

And when the code is deployed to Azure, it's working fine: #51819

When i access dev tunnels api via flutter every 3 sec once the api call taking time there is no response like http status code or response body

i want to run this in docker container so, I want a public docker image, please update it.

is it possible to set the expiration date for a dev tunnel id

Currently the dev tunnels SDK logs an error if the registry key that sets policies doesn't exist on every outgoing HTTP request. This shouldn't happen: the lack of a policy is an expected state for the majority of users, I would expect a ~debug level log on client creation if the policy wasn't found, but not an error, and not on every request

[2024-01-29 14:27:05] debug Starting tunnel with `code-oss target\debug\code.exe --verbose tunnel`       
[2024-01-29 14:27:06] trace wsl availability detected via lxss
[2024-01-29 14:27:07] debug Starting tunnel to server...
user agent "vscode-server-launcher/1.87.0 Dev-Tunnels-Service-Rust-SDK/0.1.0 (OS: Windows 10.0.22621)"
[2024-01-29 14:27:07] error [tunnels::management::http_client] Failed to get policy header value: The system cannot find the file specified. (os error 2)
[2024-01-29 14:27:07] trace Found token in keyring
[2024-01-29 14:27:07] error [tunnels::management::http_client] Failed to get policy header value: The system cannot find the file specified. (os error 2)
[2024-01-29 14:27:07] trace Found token in keyring

I currently have a scenario where I'm running into an issue with CORS when I try to connect from one dev tunnel to another.
In my scenario I'm hosting an Angular application on devtunnel1.devtunnels.ms and my ASP.NET Core backend on devtunnel2.devtunnels.ms. I would like to communicate my Angular application (hosted on devtunnel1) to communicate with my backend hosted on devtunnel2.

Since the HTTP requests are performed by the browser, CORS is checked an I'm receiving an error of the following kind:

Access to XMLHttpRequest at 'https://devtunnel1.devtunnels.ms' from origin 'https://devtunnel2.devtunnels.ms' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I should mention that the request itself is routed successfully to my backend on devtunnel2, since the response code is a 200 and I also see the request coming through. The response is blocked from the browser due to the mentioned CORS error.

Did I configure something wrong or is this scenario not supported yet?

I've seen two problems so far

1. Sometimes it simply does not work, the Network Console window opens up but attempting to resend from it fails and from then on if you close the window and try again it shows no data.
2. If it is working resending a message picks up a lot of new headers (presumably from the page context). This is not helpful if you're just trying to resend the original message.

how to get TUNNELS_TOKEN / GitHub user authentication

My IT department would like to see a way to block access to authentication methods other than our Microsoft AD domain before they let me use this functionality. Could I request a policy setting to turn off GitHub authentication?

The console then keeps waiting.

Tunnel CLI version: 1.0.791+d10ee4be43

Tunnel service URI        : https://global.rel.tunnels.api.visualstudio.com/
Tunnel service version    : 1.0.944.532 (14026cffe3; 2023-10-04 01:45:30Z)
Tunnel service cluster    : usw2

Hey team,

I thought I'd try and give the CLI version a spin.

devtunnel host -p 5200

The UTC time represented when the offset is applied must be between year 0 and 10,000. (Parameter 'offset')

This appears to be an issue when authenticated via GitHub.

Unhandled exception: System.ArgumentOutOfRangeException: The UTC time represented when the offset is applied must be between year 0 and 10,000. (Parameter 'offset')
   at System.DateTimeOffset.ValidateDate(DateTime dateTime, TimeSpan offset)
   at System.DateTimeOffset..ctor(DateTime dateTime)
   at System.DateTimeOffset.op_Implicit(DateTime dateTime)
   at Microsoft.DevTunnels.Cli.Authentication.GitHubApp.AcquireTokenSilentAsync(String[] scopes, IAccount account, CancellationToken cancellation) in /Users/runner/work/1/s/src/Tunnel/Src/CLI/Authentication/GitHubApp.cs:line 125
   at Microsoft.DevTunnels.Cli.Authentication.UserManager.GetCurrentUserAsync(CommonOptions options, CancellationToken cancellation) in /Users/runner/work/1/s/src/Tunnel/Src/CLI/Authentication/UserManager.cs:line 70
   at Microsoft.DevTunnels.Cli.Commands.HostCommand.HostAsync(UInt16[] portNumbers, String protocol, String sshUser, TunnelCommandOptions options, CancellationToken cancellation) in /Users/runner/work/1/s/src/Tunnel/Src/CLI/Commands/HostCommand.cs:line 106

I have yet to be able to login. Always get this error and then PowerShell freezes up:

Unknown Status: Unexpected
Error 0xffffffff80070520
Context: Unexpected exception while waiting for accounts control to finish: '(pii)'
Tag: 0x1f7d734b (error code -2147023584) (internal error code 528315211)

The valid versions of the apiVersion passed into the HttpTunnelManagementClient are checked at runtime and an error is thrown if invalid

It would be less error-prone if API vesions were exposed as a type (e.g. an enum or union of string types) so that they can be checked at compile-time.

This led to some confusion in https://github.com/microsoft/vscode-remote-tunnels/pull/709#discussion_r1416362126

I tried to follow the installation instructions from Microsoft Learn on Fedora Linux:

curl -sL https://aka.ms/DevTunnelCliInstall | bash

but the script fails with the error

sudo: apt-get: command not found

From what I can see, the install script only uses apt-get for installing the libsecret dependency, not for installing dev-tunnels itself.
I understand its a hassle to support all kinds of package managers on all kinds of distributions, but perhaps this script could be updated to check if apt-get is available, and if not the print a warning that dependencies must be installed manually?

please support gmail login