Skip to content

v0.29.0
Compare
Choose a tag to compare
@mlsmaycon mlsmaycon released this 09 Sep 17:37
· 89 commits to main since this release
v0.29.0
f43a0a0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release Notes for v0.29.0

What's New

Relay Feature Integration

We are moving away from the TURN relay (coturn) to our own relay implementation based on WebSocket. This new system will ensure that all relayed connections utilize a single TCP port instead of allocating one port per connection as before. It enables the client to attempt a P2P connection in the background while using the Relay for a fast connection between nodes during bootstrap.

We've created an open thread to discuss the new implementation. Feel free to reach out here: #2566

Relay change notes:

  • The Advanced Infrastructure scripts and Getting Started scripts have been updated to include support for the new relay.
  • Your clients need to be running the updated client versions to take full advantage of the new relay, but don’t worry—these new agents are fully compatible with older nodes.
  • Cloud support for the new relay feature is coming soon*.
  • iOS and Android support are coming soon.

To deploy the new relay on existing installations, you can follow the steps below:

  1. Run a backup of your deployment as documented here: Advanced guide - Backup or Quickstart guide - backup
  2. Update your docker-compose.yml, by adding the new service as follows:
  # Relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    environment:
    - NB_LOG_LEVEL=info
    - NB_LISTEN_ADDRESS=:<PORT>
    - NB_EXPOSED_ADDRESS=<DOMAIN>:<PORT>
    - NB_AUTH_SECRET=<AUTH_SECRET>
    ports:
      - <PORT>:<PORT>
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

Replace PORT and DOMAIN according to your deployment. For AUTH_SECRET we recommend using a unique key, you can use a command like openssl rand -base64 32 | sed 's/=//g' to generate it.

  1. Update your management.json with the new configuration below:
    "Relay": {
        "Addresses": ["rel://<DOMAIN>:<PORT>"],
        "CredentialsTTL": "24h",
        "Secret": "<AUTH_SECRET>"
    },

Update PORT, DOMAIN and AUTH_SECRET with the same values configured in your docker-compose.yml file.

  1. Update your environment and redeploy:
docker compose pull
docker compose up -d --force-recreate

Improvements

  • Auto Update Geolite: Added automatic updates for Geolite data. #2297
    @benniekiss made this amazing contribution that allows the management service to update the geolocation databases when starting up.

In case you are running NetBird management in restricted locations like China, you can use add the flag --disable-geolite-update to the management command flags to disable the update.

  • Support for ECDSA Public Keys: Added support for ECDSA public keys in management. #2461
    @HarryKodden made their first contribution in this change to support ECDSA public keys.

  • RPM-Ostree Support: Added installation script support for rpm-ostree-based distros. #2508
    @M0Rf30 made their first contribution in this change to support installations for rpm-ostree-based distros.

  • Signal Dispatcher: Introduced signal dispatcher for better signaling. #2373

  • PostgreSQL Store Test: Improved test infrastructure for files generation using PostgreSQL store. #2478

  • X-Frame-Options Header: Updated dashboard to use X-Frame-Options with the sameorigin header. #2547

  • Retry on TUN Creation for Darwin: Improved client handling by retrying TUN creation for Darwin systems. #2564

  • Security Upgrade: Upgraded Alpine version from 3.19 to 3.20 to address security concerns. #2548

Bug Fixes

  • Fix Deadlock on Auto Connect: Avoided deadlock in client auto-connect with early exit handling. #2528
  • Destroy WG Interface on Timeout: Addressed issue where WireGuard interface wasn't destroyed on down timeout. #2435
  • Fix Service Down: Corrected the service-down issue in the client. #2519
  • Prevent Client Panic: Fixed client panic when there was no connection. #2541
  • Error Handling in OpenConnVia: Improved error handling in the openConnVia function. #2560
  • Fix Lock on Down: Fixed a lock issue when the service was brought down. #2546

Documentation

  • Route API Docs: Updated route API documentation with a new maximum domain number. #2516

Other Changes

  • Test Log Reduction: Reduced test log verbosity. #2550
  • Update Slack URL: Updated Slack URL in documentation. #2544
  • TestRecreation Test: Added TestRecreation unit test in the client. #2558

New Contributors

Full Changelog: v0.28.9...v0.29.0

Contributors

M0Rf30, HarryKodden, and benniekiss
Assets 43
Loading