Skip to content

Releases: netbirdio/netbird

v0.26.5

28 Mar 11:34
22beac1
Compare
Choose a tag to compare

What's Changed

  • Feature/peer validator by @pappz in #1553
  • support to configure extra blacklist of iface in "up" command by @hoozecn in #1734
  • Fix invalid token on peer login due to the cache race by @braginini in #1763

New Contributors

Full Changelog: v0.26.4...v0.26.5

v0.26.4

27 Mar 17:14
ea2d060
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.26.3...v0.26.4

v0.26.3

12 Mar 18:29
4a1aee1
Compare
Choose a tag to compare

Release notes

New features

Peer session expiration notification

The NetBird client will notify users when they peer session expires.

For systems running the GUI client it will send a system notification similar to the example below:
image

And when there is no CLI running, the daemon service will notify all active terminal sessions as the example below:
image

Enhancements:

NetBird status command reports DNS server addresses and routes

The netbird status command now reports the DNS server addresses and routes for the peer. This information helps troubleshoot network connectivity issues and verify the network configuration. In the case of a routing client, it will link the active routes to the selected routing peers. See outputs below:

Daemon version: development
CLI version: development
Management: Connected
Signal: Connected
Relays: 2/2 Available
Nameservers: 2/3 Available
FQDN: vik-x1-7.netbird.stage
NetBird IP: 100.119.244.41/16
Interface type: Kernel
Quantum resistance: false
Routes: 20.0.0.0/8, 30.0.0.0/8
Peers count: 0/22 Connected
Peers detail:
 ubuntu.netbird.stage:
  NetBird IP: 100.119.181.187
  Public key: +BRlYReQ5wtzZ/nFSwpc3/S+wyfonEtGo3Qr9KT4wTs=
  Status: Connected
  -- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/srflx
  ICE candidate endpoints (Local/Remote): 192.168.100.1:51820/1.2.3.4:51820
  Last connection update: 2024-03-08 16:52:17
  Last WireGuard handshake: 2024-03-08 16:52:17
  Transfer status (received/sent) 316 B/292 B
  Quantum resistance: false
  Routes: 10.0.0.0/8

Daemon version: development
CLI version: development
Management: Connected to https://stageapi.wiretrustee.com:443
Signal: Connected to https://signal.stage.netbird.io:443
Relays:
  [stun:api.netbird.io:3478] is Available
  [turn:api.netbird.io:3478?transport=udp] is Available
Nameservers:
  [8.8.8.8:53, 8.8.4.4:53] for [.] is Available
  [10.72.0.10:53] for [svc.cluster.local] is Unavailable, reason: 1 error occurred:
	* read udp 192.168.178.38:50445->10.72.0.10:53: i/o timeout
FQDN: vik-x1-7.netbird.stage
NetBird IP: 100.119.244.41/16
Interface type: Kernel
Quantum resistance: false
Routes: -
Peers count: 1/1 Connected

Custom service name in the NetBird service commands

In this version, we received a community contribution that allows custom service names to be configured when installing and managing daemon services. See examples below:

netbird service install --service netbird-custom
netbird service start --service netbird-custom
netbird service stop --service netbird-custom

Big thanks to @nazarewk for this contribution and all the work he is doing in maintaining the NetBird Nix packages up to date.

An additional connection retry mechanism

We have added an additional connection retry mechanism to the client, where even after the client exits its normal connectivity flow, it will try a new connection attempt every hour for 14 days. This is useful for clients that restart right at the moment of a Management service outage and for incorrect management responses that cause the client to exit its other layers of connectivity retries.

What's Changed

  • Add reverse proxy settings to management.json template (#1639)
  • Update bug-issue-report.md label (#1640)
  • Add quotes to timestamp examples in openapi spec (#1642)
  • Add open-source network security image (#1643)
  • Enable review linter with exported docs check (#1647)
  • Log version when starting management and signal (#1649)
  • Fix cloud information not stored (#1651)
  • Enhance DNS failover reliability (#1637)
  • Send UI notification on peer session expiry (#1646)
  • Register creation time for peer, user and account (#1654)
  • Handle canceling schedule and avoid recursive call (#1636)
  • Do not fail on virtualized windows systems (#1669)
  • Return 1s when next expiration is too low (#1672)
  • add ansible collections contributions (#1675)
  • Send terminal notification on peer session expiry (#1660)
  • Check for record not found when searching the store (#1686)
  • Add fallback retry to daemon (#1690)
  • add --service/-s flag for specifying system service name (#1691)
  • Add routes and dns servers to status command (#1680)

Big thanks to our community contributors

Full Changelog: v0.26.2...v0.26.3

v0.26.2

28 Feb 13:47
f64e73c
Compare
Choose a tag to compare

Release notes

Enhancements:

New posture check: Peer network ranges

We have added a new posture check that allows you to define a set of IP ranges a device must be in before connecting to the network. This check is useful when you want to control access based on a network a peer is located. e.g., you can disable a connection to a routing peer when the peer is connecting from your office network range:
https://docs.netbird.io/how-to/manage-posture-checks#peer-network-range-check

See example below:
image

Add support for downloading geolocation databases to the management service

Now, the management service will download the geolocation databases automatically. This feature is useful for self-hosted users using the geolocation posture check. Learn more at https://docs.netbird.io/selfhosted/geo-support

Updated GUI icons to reflect the connection status

We have updated the tray icon to reflect the connection status and update availability. Now you can see if the client is connected or disconnected you will see the NetBird icon alternating colors, proving a more clear view of the connection status.

Connected:
image
image
Disconnected:
image
image

What's Changed

  • Add account usage logic (#1567)
  • Use SQLite store as default when running tests when env is not set (#1612)
  • Add private network posture check (#1606)
  • Make SQLite default in configuration generation script (#1610)
  • Check git status after go mod tidy on CI (#1614)
  • Add quantum resistance status output (#1608)
  • Update download-geolite2.sh to use packages URLs (#1624)
  • Add support for device flow on getting started with zitadel (#1616)
  • Extend bypass middleware with support of wildcard paths (#1628)
  • Add support for downloading Geo databases to the management service (#1626)
  • Combine update-available and connected/disconnected tray icon states (#1615)
  • Rename PrivateNetworkCheck to PeerNetworkRangeCheck (#1629)
  • FIx order when validating account settings (#1632)
  • Fix invalid cross-device link when moving geolocation databases (#1638)

Big thanks to our community contributors

Full Changelog: v0.26.0...v0.26.1

v0.26.1

27 Feb 19:10
b085419
Compare
Choose a tag to compare

What's Changed

  • Add account usage logic by @lixmal in #1567
  • Use SQLite store as default when running tests when env is not set by @surik in #1612
  • Add peer network posture check by @bcmmbaga in #1606
  • Make SQLite default in configuration generation script by @ph1ll in #1610
  • Check git status after go mod tidy on CI by @surik in #1614
  • Add quantum resistance status output by @braginini in #1608
  • Update download-geolite2.sh to use packages URLs by @mlsmaycon in #1624
  • Add support for device flow on getting started with zitadel by @mlsmaycon in #1616
  • Extend bypass middleware with support of wildcard paths by @surik in #1628
  • Add support for downloading Geo databases to the management service by @bcmmbaga in #1626
  • Combine update-available and connected/disconnected tray icon states by @lixmal in #1615
  • Rename PrivateNetworkCheck to PeerNetworkRangeCheck by @bcmmbaga in #1629
  • FIx order when validating account settings by @pascal-fischer in #1632

New Contributors

Full Changelog: v0.26.0...v0.26.1

v0.26.0

22 Feb 12:57
e18bf56
Compare
Choose a tag to compare

Release notes

These release notes summarize what happened in the previous 0.25 release and what happened with the 0.26 release. There are cool new features and long-awaited enhancements that we want to share.

New features

Dashboard V2 is here

Our redesigned management dashboard is here. It's faster, more responsive, and has a new look. It's also more intuitive and easier to use. The new dashboard is available to all cloud users and new self-hosted deployments; for existing self-hosted deployments, you can switch between the old and new dashboards at any time by updating the docker image from wiretrustee/dashboard to netbirdio/dashboard:latest.

Checkout these screenshots:
Peer's view
image

Access control
image

DNS Nameservers
image

Posture checks

We are introducing a new feature called posture checks. This feature allows you to define a set of conditions a device must meet before connecting to the network. For example, you can require that a device has a specific version of a NetBird or Operating system. In this release, we are introducing the first version of this feature, and we are looking forward to your feedback.

It includes 3 types of checks:
OS version
image
NetBird version
image
Geo Location
image

For self-hosted users: The geo-location check won't work without the databases, and we are working on automated download support for it, which will be released very soon.

Check out more at: https://docs.netbird.io/how-to/manage-posture-checks

NetStack mode

We are introducing a new running mode called NetStack. In this mode, NetBird enables secure connectivity and access from serverless functions like AWS lambda and Azure Functions to cloud or on-premises servers, containers, databases, and other internal resources. See more at https://docs.netbird.io/how-to/netbird-on-faas

Rosenpass integration

We are introducing an experimental integration with Rosenpass, which provides a quantum-resistant pre-shared key rotation mechanism. Learn more at: https://docs.netbird.io/how-to/enable-post-quantum-cryptography

Behavioral changes:

Deprecation of JSON store engine

With this release, we are marking the JSON file store engine as deprecated. New installations will be using SQLite store by default. This change will allow us to support robust relational engines like Postgres.

We plan to keep support for JSON file store engine until v0.28.0, and we will update the community if the plan changes.

To migrate from JSON to SQLite, please follow the guide here: https://docs.netbird.io/selfhosted/sqlite-store#migrating-from-json-store-to-sq-lite-store

SSH server disabled by default on new installations

We have disabled the SSH server on the client side by default for new installations. You can enable it by adding the flag --allow-server-ssh to the NetBird client. Existing installations are unaffected by this change and require you to disable SSH if you don't need it.

To enable SSH:

netbird down
netbird up --allow-server-ssh

To disable SSH

netbird down
netbird up --allow-server-ssh=false

Shout-out to @charnesp for this contribution.

GUI client support is coming soon.

Upgrade step for management version < 0.15.3

As part of our deprecation of Rules in favor of Policies, the users with management on version < v0.15.3
should first upgrade their systems to v0.25.9,
run management to properly migrate rules to policies and upgrade to 0.26.0+.

Enhancements:

JWT group-based access control (self-hosted only)

We have added support for group-based access control in the JWT token. Now, you can define a group in the JWT token and use it to control access to the network. Cloud users have a similar feature available with IDP sync.

Access NetBird settings in Windows RDP connections

In 0.25.3, we fixed an issue that prevented users from updating the NetBird settings in Windows RDP connections. Now, you can update the settings in the RDP connection settings.

Control client auto-connection when starting

The ability to control whether the client should automatically connect when the daemon is starting, after an operating system boot, or after netbird service restart, now if you want to disable the default connection, you can run the following steps:

To disable auto-connect:

netbird down
netbird up --disable-auto-connect

To enable auto-connect:

netbird down
netbird up --disable-auto-connect=false

Shout-out to @oskardotglobal for this contribution.

GUI client support is coming soon.

What's Changed

  • Allow adding 3 nameserver addresses (#1588)
  • Remove Account.Rules from Store engines (#1528)
  • Add initial support of device posture checks (#1540)
  • feat: add --disable-auto-connectflag to prevent auto connection after daemon service start (#1161)
  • Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508)
  • Extend system meta (#1598)
  • Make SQLite default for new installations (#1529)
  • Fix misassigned peer metadata (#1600)
  • Mark new peer meta fields required in OpenAPI spec (#1604)
  • Add posture checks metrics report (#1603)
  • Fix copying posture checks definitions (#1605)
  • Add permissive mode to rosenpass (#1599)

Big thanks to our community contributors

Full Changelog: v0.25.9...v0.26.0

v0.25.9

16 Feb 15:38
0afd738
Compare
Choose a tag to compare

What's Changed

  • Make sure the iOS dialer does not get overwritten by @lixmal in #1585

Full Changelog: v0.25.8...v0.25.9

v0.25.8

13 Feb 12:23
cf87f1e
Compare
Choose a tag to compare

What's Changed

  • Expose trusted proxy list and counter configuration for realip middleware by @surik in #1535
  • Add an extra server reflexive candidate with WG port by @mlsmaycon in #1549
  • Properly handle cache error and return userdata by @mlsmaycon in #1571
  • Return error when peer is not valid by @mlsmaycon in #1573
  • Fix/prevent returning error from external cache by @mlsmaycon in #1576

Full Changelog: v0.25.7...v0.25.8

v0.25.7

07 Feb 15:16
a7547b9
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.25.6...v0.25.7

v0.25.6

05 Feb 16:33
62bacee
Compare
Choose a tag to compare

What's Changed

  • Update bug-issue-report and feature request templates by @mlsmaycon in #1499
  • Fix data dir creation permissions by @lixmal in #1503
  • Fix iOS DNS timeout by @lixmal in #1504
  • Restore dns on unclean shutdown by @lixmal in #1494
  • getFirstListenerAvailable(): adjust logging levels and add success message by @nazarewk in #1513
  • Extract peer real IP from Load Balancer when possible by @surik in #1510
  • Export info log level setter for Android by @pappz in #1518
  • Update port, ip choice logic in DNS service by @pappz in #1514
  • Fix/resolv parser by @pappz in #1520
  • Remove query parameter from policy endpoints by @surik in #1527
  • Update grpc-middleware to bring changes related to realip by @surik in #1526
  • Use dashboard v2 for getting started scripts by @mlsmaycon in #1530

Full Changelog: v0.25.5...v0.25.6