Releases: gravitl/netmaker
v0.8.3
NOTICE: v0.8.3 and v0.8.2 contains breaking changes for netclients. If upgrading from v0.8.1 or lower, you must perform the following actions on all netclients, or uninstall and rejoin the network:
create /etc/netclient/config folder
move all files in /etc/netclient besides the netclient into the config folder
if a new network is joined: remove existing [email protected] files and netclient-network.timer files from /etc/systemd/system
if 3 is performed, run systemctl-daemon reload
Alternatively, you can run "netclient uninstall" on each client, replace the netclient with the new version, and rejoin the network.
What's New?
- Integrated Netclient code into Netmaker. Netmaker no longer runs Netclient binary. Instead, it makes direct function calls. This reduces the image size for Netmaker by 50%.
- Enabled HA topology for Netmaker: https://netmaker.readthedocs.io/en/develop/server-installation.html#highly-available-installation. UDP Hole Punching implemenation made full HA infeasible. Now, distributed servers with UDP Hole Punching will work.
What's Fixed?
- Minor changes to nm-quick install script (changed docker install to docker.io) and quick install instructions (changed apt install command).
- Fixed a bug that caused MTU settings to revert to default on checkin
Known Issues
- Overly verbose logging on Netmaker server with Netclient logs. Will change verbosity in next release.
v0.8.2
NOTICE: v0.8.2 contains breaking changes for netclients. If upgrading from v0.8.1 or lower to v0.8.2, you must perform the following actions on all netclients, or uninstall and rejoin the network:
- create /etc/netclient/config folder
- move all files in /etc/netclient besides the netclient into the config folder
- if a new network is joined: remove existing [email protected] files and netclient-network.timer files from /etc/systemd/system
- if 3 is performed, run systemctl-daemon reload
Alternatively, you can run "netclient uninstall" on each client, replace the netclient with the new version, and rejoin the network.
What's New?
- Moved netclient config files under /etc/netclient/config. This allows for running the tiny dockerized version of netmaker/netclient (beware of breaking changes, see above)
- Added a configurable checkin time for server (set env var CHECKIN_INTERVAL). Default of 15 seconds for all clients. When set, this value is passed to clients via the access token. Clients will not receive updated values for checkin interval. This is only set on Join (but can be changed manually).
- Linux now has one checkin systemd service timer for all networks, instead of one per network
- IsServer is now adjustable, allowing for manual debugging of server issues on netclient.
v0.8.1
What's New?
- Added contained mode for server, netclient management, specified with CLIENT_MODE=contained
- Created smaller images for Containers, they are 1/10 the size they used to be..
- Added default setting to help with upgraded nodes from 0.7
- DNS simplified, can now set static DNS configs, use coredns as a generic DNS server
What's Fixed?
- Ingress deletion issue when no ext clients present #284
- Egress Deletion issue, removes ingress post-up/down #285
- Mac Client copies binary appropriately,
Known issues
- Mac binary currently not present in release, would require a build on Mac right now
- Mac has not been tested with M1 chips
- Library issues running netclient in certain environments (SUSE, OpenWRT)
- relay server will not forward traffic to egress gateway behind relay
- old files still in repo (old docs, scripts, etc)
- Kubernetes manifests out of date
- Resolvectl does not work on some systems
- Sometimes peers appear on a relayed node, when they should not
v0.8.0
What's New?
- Windows client with NT support. Run fully meshed Windows nodes - Requires v0.4.9 of WireGuard for Windows
- Make sure to use
Powershell as Admin
- Make sure to use
- Mac client with userspace (wireguard-go) support. Run fully meshed Mac nodes
- Relay Server functionality for nodes - designate nodes as "relay servers" for hard-to-reach nodes (behind double NAT's, Firewalls, etc)
- Configurable MTU for nodes (default set to 1280). Fixes previous connectivity issues for certain environments
- (experimental) Userspace support for Boringtun and Wireguard-Go
What's Fixed?
- Logging on netclient improved - now shows output of failed commands for traceability
- Can add dashes to network and key names
- #277
- #266
- #245
- #254
Known issues
- Lack of documentation for new features: Mac, Windows, Relay
- Mac has not been tested with M1 chips
- Library issues running netclient in certain environments (SUSE, OpenWRT)
- relay server will not forward traffic to egress gateway behind relay
- old files still in repo (old docs, scripts, etc)
- Kubernetes manifests out of date
- Socket leaks in Nginx with low CPU (1cpu shared)
- Sometimes peers appear on a relayed node, when they should not
v0.7.3
What's New?
- Automated Ext Client egress gateway range addition to allowed ips
- Added optional Ext Client DNS field on network level - will propogate to ext clients when set
- Added Ext Client DNS to docs but not built
- UI updated to reflect changes
What's Fixed?
- QR code mapping on UI fixed
Known issues
- No docs for new DNS field yet
v0.7.1
What's New?
- NoSQL --> SQL: The official database is now rqlite, but we've refactored the backend to easily support ANY SQL or key-value database. Support for additional databases can be achieved with a single file.
- Multitenancy: Superadmins can add network admins who control individual networks without seeing each others.
- UDP Hole-Punching: Server maintains a list of UDP ports opened by peers and makes them accessible to other peers in the network, allowing for easier NAT connections and easier configuration (no firewall opening needed).
- Kubernetes Manifests: Deploy the Netmaker server to Kubernetes, and/or run the netclient on nodes to create an extensible private cluster network
- Log levels: verbosity can be set between 0-3
What's Fixed?
- This was a major refactor. We blew away a lot of code and changed a lot of the internals. The GRPC model is now much more simple, and the codebase is substantially smaller. This may lead to some new bugs which we'll have to find along the way but we've done our best to catch them.
What's Gone?
-
MongoDB: Mongo is heavy and we have always intended to switch to something lighter. rqlite is a great place to start, and we can now easily add databases like sqlite and mysql, as well as key-value stores like OpenDHT and Redis. The bad news? You won't be able to upgrade from 0.5 to 0.7. This release requires a fresh install.
-
Secure WireGuard GRPC: This feature was clunky, incomplete, and made both the server and client very convoluted to use. It was meant to make SSL unnecessary but ended up just making things harder. We may introduce a similar feature at some point in the future, but for now we're taking it out. We are now providing a recommended way to deploy Netmaker behind an Nginx proxy with SSL certificates for security.
v0.5.11
v0.7
v0.5
What's New
- External Client Mode
-- Create Ingress Gateways
-- Add clients to Gateways
-- Supports secure network access from any WireGuard-enabled device
->>>> iPhone, Android, iOS, Windows, etc. - Secure GRPC
-- Server-Agent communication (GRPC) now take place over WireGuard tunnels
-- Increases security of network substantially - Unmanaged Client
-- Deploy Netclient without installing to SystemD
-- Enables self-managed support for Linux systems w/o SystemD (FreeBSD, etc.) - Documentation
-- Extensive version-controlled documentation under the docs directory
-- built with Sphinx ala ReadTheDocs
-- Hosted in two locations: here and here
What's Improved
- Netclient Revamped
-- Better CLI experience
-- Help text for commands
-- Additional commands
-- Allows for self-managed client (w/o systemd daemon)
What's Fixed
-- Various UI bugs
-- Various backend bugs
What's Broken
-- expdatetime on chrome
-- GRPC over WireGuard stops working sometimes
-- dns randomly causes errors due to missing file
-- missing sections in docs
-- intclient and extclient validation
-- can click "add server to network" even if it's already in network
v0.3
Update README.md