Releases: gravitl/netmaker
Releases · gravitl/netmaker
v0.20.2
Netmaker v0.20.2
whats new
- Endpoint detection can be disabled
- User settings reverted to more simple implementation
- Graph edges reflect ACLs
whats fixed
- TURN replacing Relays >> Relays moved to EE only
- Can now copy/paste on Mac GUI
- Endpoint check
- Minor TURN fixes
- NAT check for Ingress creation
- Firewall manager changes that should make Ingress and Egress way more reliable
- Metrics fixes
- Remove non-TURN proxy operations
known issues
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.20.1
Netmaker v0.20.1
whats new
whats fixed
- enrollment keys for non-admins
- client version displayed correctly in UI
- upd hole punching improvments
- SSL fallback to letsencrypt
- permission handling for non-admin users
known issues
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.20.0
Netmaker v0.20.0
whats new
- New UI
- Revamped compose-files and install scripts
- Reactive TURN (makes connections whenever p2p is not working)
- Ext Client editing + configurable allowedips
whats fixed
- Netmaker exporter now works with Caddy
- Major issue with Endpoint Detection fixed - local connections should be much better now
known issues
- cannot use OAUTH login on new UI. If this is required, continue to use v0.19.0
- Cannot use "$" character in installer as a value in variables, or it will break config.
- QR code is very difficult to scan. Fix is in next release.
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.19.0
Netmaker v0.19.0
whats new
- TURN
- dependency updates
- internet gateways (0.0.0.0/0) for egress
- deprecated editing of network parameters
- allow extra ips for extclient (not enabled in UI)
whats fixed
- unbiased random string
- get traffic keys on pull
- CI updates
- install/update script updates
- firewall checks
known issues
- Caddy does not handle netmaker exporter well for EE
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
Upgrade from 0.18.7
How to upgrade your server to include TURN. In docker-compose.yml:
- Replace v0.18.7 with v0.19.0 for both netmaker and netmaker-ui images.
- In docker-compose.yml, add the following to services.netmaker.environment:
TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
TURN_SERVER_API_HOST: "https://turnapi.NETMAKER_BASE_DOMAIN"
TURN_PORT: "3479"
TURN_USERNAME: "REPLACE_TURN_USERNAME"
TURN_PASSWORD: "REPLACE_TURN_PASSWORD"
USE_TURN: "true"
2.a Replace NETMAKER_BASE_DOMAIN with your base domain. Replace REPLACE_TURN_USERNAME with a username of your choice, and REPLACE_TURN_PASSWORD with a password (should be strong)
- Add the following section to services (in line with netmaker:, caddy:, mq:, etc):
turn:
container_name: turn
image: gravitl/turnserver:v1.0.0
network_mode: "host"
volumes:
- turn_server:/etc/config
environment:
DEBUG_MODE: "off"
VERBOSITY: "1"
TURN_PORT: "3479"
TURN_API_PORT: "8089"
CORS_ALLOWED_ORIGIN: "*"
TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
USERNAME: "REPLACE_TURN_USERNAME"
PASSWORD: "REPLACE_TURN_PASSWORD"
3.a replace NETMAKER_BASE_DOMAIN, REPLACE_TURN_USERNAME, and REPLACE_TURN_PASSWORD with the same values as in 1.a.
- Add "turn_server: {}" to your "volumes" section. It should look like this:
volumes:
caddy_data: {}
caddy_conf: {}
sqldata: {}
dnsconfig: {}
mosquitto_logs: {}
turn_server: {}
- add an "extra_hosts" section to caddy in the docker-compose. It should now look like this:
caddy:
image: caddy:2.6.2
container_name: caddy
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- /root/Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_conf:/config
ports:
- "80:80"
- "443:443"
- Modify the Caddyfile to add two new domains for TURN and TURN_API. Add the following sections, adjusting for your domain:
# TURN
https://turn.NETMAKER_BASE_DOMAIN {
reverse_proxy host.docker.internal:3479
}
#TURN API
https://turnapi.NETMAKER_BASE_DOMAIN {
reverse_proxy http://host.docker.internal:8089
}
- run docker-compose up -d
You should now have turn configured with your server.
v0.18.7
Netmaker v0.18.7
whats new
- internet gateways (0.0.0.0/0) for egress
- deprecated editing of network parameters
- allow extra ips for extclient (not enabled in UI)
whats fixed
- nm-quick - determine lastest version from releases
- wireguard public/private key rotation
- ee-license checks
known issues
- Caddy does not handle netmaker exporter well for EE
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.18.6
Netmaker v0.18.6
Limitations
-
Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0:
0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4 -
EE should still be considered pre-release, and we do not recommend upgrading yet.
Follow Upgrade Instructions Carefully - You must upgrade server before netclients
- You must be on v0.17.1 in order to upgrade
- SSH to your Netmaker server
- Run the upgrade script:
wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh - Follow prompts until the upgrade process on the server is completed.
- Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")
whats new
- no new features
whats fixed
- a few ext client/ingress issues
- viewing addresses (UI)
- when deleting an ingress gateway, ext clients are now removed from peers immediately
- ext client peers should be populated immediately after creation
- ext clients no longer reset public key when disabled/enabled
- can delete an ingress without clients
- removed unnecessary host update
- host nat type is now collected from clients
- fix peer update issue where caclulation was happening to frequently
- nm-quick && nm-upgrade
- EMQX image change && api routes
known issues
- Caddy does not handle netmaker exporter well for EE
- Migration causes a listen port of 0 for some upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
- No internet gateways/default routes
v0.18.5
Netmaker v0.18.5
Limitations
-
Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0:
0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4 -
EE should still be considered pre-release, and we do not recommend upgrading yet.
Follow Upgrade Instructions Carefully - You must upgrade server before netclients
- You must be on v0.17.1 in order to upgrade
- SSH to your Netmaker server
- Run the upgrade script:
wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh - Follow prompts until the upgrade process on the server is completed.
- Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")
What's New
- Logic for ext client ACLs (not really usable until new UI is finished)
- Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
- specify with DEFAULT_PROXY_MODE="on/off/auto"
What's Fixed
- Proxy Peer calculation improvements
- DNS is populated correctly after registration by enrollment key
- Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
- Interface data is sent on netclient register
- Upgrade script
- Latency issue with Node <-> Node Metrics
- Ports set from server for Hosts on register/join are actually used
Known Issues
- Caddy does not handle netmaker exporter well for EE
- Migration causes a listen port of 0 for upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.18.4
Netmaker v0.18.4
Wait till out of pre-release to fully upgrade
whats new
- Logic for ext client ACLs (not really usable until new UI is finished)
- Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
- specify with DEFAULT_PROXY_MODE="on/off/auto"
whats fixed
- Proxy Peer calculation improvements
- DNS is populated correctly after registration by enrollment key
- Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
- Interface data is sent on netclient register
- Upgrade script
- Latency issue with Node <-> Node Metrics
- Ports set from server for Hosts on register/join are actually used
known issues
- Caddy does not handle netmaker exporter well for EE
- Migration causes a listen port of 0 for upgraded hosts
- Docker clients can not re-join after deletion
- Innacurate Ext Client Metrics
- Issue with Mac + IPv6 addressing
- Nodes on same local network may not always connect
- List populates egress ranges twice
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.18.3
Netmaker v0.18.3
Wait till out of pre-release to fully upgrade
whats new
- Forced node deletions, if a host doesn't not receive message to delete a node, you can forcefully remove it by deleting it twice from UI/CLI
- Allows user to remove orpahned Nodes + Hosts easier
- EMQX ACLs, if using EMQX as broker, ACLs per host will be created, enhancing security around messages
- You can now create ext clients with your own public key, but this feature will not be represented on current UI (new UI on the horizon)
- STUN is now represented as a list including your NM server + 2 we are hosting + 2 of googles (clients will only use 2) for better NAT detection
- you specify which STUN servers to use with STUN_LIST env variable
whats fixed
- More Peer calculation improvements
- JSON output on list commands for
nmctl - Upgrade script
- Ports set from server for Hosts on register/join are actually used
- CLients
- More efficient Windows daemon handling
- Better peer route setting on clients
- Some commands involving the message queue on client have been fixed
- NFTables masquerading issue
- Some logging has been adjusted
- Migrations on Linux work for 0.17.x - 0.18.3
- EnrollmentKEys in an HA setup should function fine now
- Registration by enrollment key on client GUI
known issues
- Network interface routes may be removed after sometime/unintended network update
- Caddy does not handle netmaker exporter well for EE
- Incorrect latency on metrics (EE)
- Swagger docs not up to date
- Lengthy delay when you create an ext client
- issues connecting over IPv6 on Macs
- Nodes on same local network may not always connect
- Netclient GUI shows egress range(s) twice
- DNS entries are not sent after registration with EnrollmentKeys
- If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
v0.18.2
Netmaker v0.18.2
Do not attempt upgrade from 0.17.x quite yet
whats new
- Enrollment Keys, give the ability for an admin to enroll clients into multiple networks, can be unlimited, time, or usage based
- EMQX broker support and better MQTT support in general
- Now you must specify BROKER_ENDPOINT
- Also specify SERVER_BROKER_ENDPOINT, if not provided server will connect to broker over BROKER_ENDPOINT
- Thsi gives ability for user to specify any broker endpoint and use any protocal on clients desired, such as,
mqtts://mybroker.com:8083
(we will still default to wss)
whats fixed
- Fixed default ACL behavior, should work as expected
- Peer calculations enhancement
- main routines share a context and docker stop/ctrl+c give expected results now
- Github workflow edits
- Removed Deprecated Local Network Range from client + server
known issues
- EnrollmentKeys may not function as intended in an HA setup
- If a host does not receive a message to delete a node, it could become orphaned and un-deletable
- Network interface routes may be removed after sometime/unintended network update
- Upgrade script does not handle clients
- Caddy does not handle netmaker exporter well for EE
- Incorrect latency on metrics (EE)
- Swagger docs not up to date