Netmaker Versions Save

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

v0.20.2

10 months ago

Netmaker v0.20.2

whats new

  • Endpoint detection can be disabled
  • User settings reverted to more simple implementation
  • Graph edges reflect ACLs

whats fixed

  • TURN replacing Relays >> Relays moved to EE only
  • Can now copy/paste on Mac GUI
  • Endpoint check
  • Minor TURN fixes
  • NAT check for Ingress creation
  • Firewall manager changes that should make Ingress and Egress way more reliable
  • Metrics fixes
  • Remove non-TURN proxy operations

known issues

  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.20.1

11 months ago

Netmaker v0.20.1

whats new

whats fixed

  • enrollment keys for non-admins
  • client version displayed correctly in UI
  • upd hole punching improvments
  • SSL fallback to letsencrypt
  • permission handling for non-admin users

known issues

  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.20.0

11 months ago

Netmaker v0.20.0

whats new

  • New UI
  • Revamped compose-files and install scripts
  • Reactive TURN (makes connections whenever p2p is not working)
  • Ext Client editing + configurable allowedips

whats fixed

  • Netmaker exporter now works with Caddy
  • Major issue with Endpoint Detection fixed - local connections should be much better now

known issues

  • cannot use OAUTH login on new UI. If this is required, continue to use v0.19.0
  • Cannot use "$" character in installer as a value in variables, or it will break config.
  • QR code is very difficult to scan. Fix is in next release.
  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.19.0

1 year ago

Netmaker v0.19.0

whats new

  • TURN
  • dependency updates
  • internet gateways (0.0.0.0/0) for egress
  • deprecated editing of network parameters
  • allow extra ips for extclient (not enabled in UI)

whats fixed

  • unbiased random string
  • get traffic keys on pull
  • CI updates
  • install/update script updates
  • firewall checks

known issues

  • Caddy does not handle netmaker exporter well for EE
  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

Upgrade from 0.18.7

How to upgrade your server to include TURN. In docker-compose.yml:

  1. Replace v0.18.7 with v0.19.0 for both netmaker and netmaker-ui images.
  2. In docker-compose.yml, add the following to services.netmaker.environment:
      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
      TURN_SERVER_API_HOST: "https://turnapi.NETMAKER_BASE_DOMAIN"
      TURN_PORT: "3479"
      TURN_USERNAME: "REPLACE_TURN_USERNAME"
      TURN_PASSWORD: "REPLACE_TURN_PASSWORD"
      USE_TURN: "true"

2.a Replace NETMAKER_BASE_DOMAIN with your base domain. Replace REPLACE_TURN_USERNAME with a username of your choice, and REPLACE_TURN_PASSWORD with a password (should be strong)

  1. Add the following section to services (in line with netmaker:, caddy:, mq:, etc):
  turn:
    container_name: turn
    image: gravitl/turnserver:v1.0.0
    network_mode: "host"
    volumes:
      - turn_server:/etc/config
    environment:
      DEBUG_MODE: "off"
      VERBOSITY: "1"
      TURN_PORT: "3479"
      TURN_API_PORT: "8089"
      CORS_ALLOWED_ORIGIN: "*"
      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
      USERNAME: "REPLACE_TURN_USERNAME"
      PASSWORD: "REPLACE_TURN_PASSWORD"

3.a replace NETMAKER_BASE_DOMAIN, REPLACE_TURN_USERNAME, and REPLACE_TURN_PASSWORD with the same values as in 1.a.

  1. Add "turn_server: {}" to your "volumes" section. It should look like this:
volumes:
  caddy_data: {}
  caddy_conf: {}
  sqldata: {}
  dnsconfig: {}
  mosquitto_logs: {}
  turn_server: {}
  1. add an "extra_hosts" section to caddy in the docker-compose. It should now look like this:
 caddy:
    image: caddy:2.6.2
    container_name: caddy
    restart: unless-stopped
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - /root/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_conf:/config
    ports:
      - "80:80"
      - "443:443"
  1. Modify the Caddyfile to add two new domains for TURN and TURN_API. Add the following sections, adjusting for your domain:
# TURN
https://turn.NETMAKER_BASE_DOMAIN {
	reverse_proxy host.docker.internal:3479
}

#TURN API
https://turnapi.NETMAKER_BASE_DOMAIN {
        reverse_proxy http://host.docker.internal:8089
}
  1. run docker-compose up -d

You should now have turn configured with your server.

v0.18.7

1 year ago

Netmaker v0.18.7

whats new

  • internet gateways (0.0.0.0/0) for egress
  • deprecated editing of network parameters
  • allow extra ips for extclient (not enabled in UI)

whats fixed

  • nm-quick - determine lastest version from releases
  • wireguard public/private key rotation
  • ee-license checks

known issues

  • Caddy does not handle netmaker exporter well for EE
  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.6

1 year ago

Netmaker v0.18.6

Limitations

  • Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0: 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4

  • EE should still be considered pre-release, and we do not recommend upgrading yet.

Follow Upgrade Instructions Carefully - You must upgrade server before netclients

  1. You must be on v0.17.1 in order to upgrade
  2. SSH to your Netmaker server
  3. Run the upgrade script: wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh
  4. Follow prompts until the upgrade process on the server is completed.
  5. Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")

whats new

  • no new features

whats fixed

  • a few ext client/ingress issues
    • viewing addresses (UI)
    • when deleting an ingress gateway, ext clients are now removed from peers immediately
    • ext client peers should be populated immediately after creation
    • ext clients no longer reset public key when disabled/enabled
    • can delete an ingress without clients
  • removed unnecessary host update
  • host nat type is now collected from clients
  • fix peer update issue where caclulation was happening to frequently
  • nm-quick && nm-upgrade
  • EMQX image change && api routes

known issues

  • Caddy does not handle netmaker exporter well for EE
  • Migration causes a listen port of 0 for some upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
  • No internet gateways/default routes

v0.18.5

1 year ago

Netmaker v0.18.5

Limitations

  • Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0: 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4

  • EE should still be considered pre-release, and we do not recommend upgrading yet.

Follow Upgrade Instructions Carefully - You must upgrade server before netclients

  1. You must be on v0.17.1 in order to upgrade
  2. SSH to your Netmaker server
  3. Run the upgrade script: wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh
  4. Follow prompts until the upgrade process on the server is completed.
  5. Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")

What's New

  • Logic for ext client ACLs (not really usable until new UI is finished)
  • Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
    • specify with DEFAULT_PROXY_MODE="on/off/auto"

What's Fixed

  • Proxy Peer calculation improvements
  • DNS is populated correctly after registration by enrollment key
  • Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
  • Interface data is sent on netclient register
  • Upgrade script
  • Latency issue with Node <-> Node Metrics
  • Ports set from server for Hosts on register/join are actually used

Known Issues

  • Caddy does not handle netmaker exporter well for EE
  • Migration causes a listen port of 0 for upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.4

1 year ago

Netmaker v0.18.4

Wait till out of pre-release to fully upgrade

whats new

  • Logic for ext client ACLs (not really usable until new UI is finished)
  • Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
    • specify with DEFAULT_PROXY_MODE="on/off/auto"

whats fixed

  • Proxy Peer calculation improvements
  • DNS is populated correctly after registration by enrollment key
  • Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
  • Interface data is sent on netclient register
  • Upgrade script
  • Latency issue with Node <-> Node Metrics
  • Ports set from server for Hosts on register/join are actually used

known issues

  • Caddy does not handle netmaker exporter well for EE
  • Migration causes a listen port of 0 for upgraded hosts
  • Docker clients can not re-join after deletion
  • Innacurate Ext Client Metrics
  • Issue with Mac + IPv6 addressing
  • Nodes on same local network may not always connect
  • List populates egress ranges twice
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.3

1 year ago

Netmaker v0.18.3

Wait till out of pre-release to fully upgrade

whats new

  • Forced node deletions, if a host doesn't not receive message to delete a node, you can forcefully remove it by deleting it twice from UI/CLI
    • Allows user to remove orpahned Nodes + Hosts easier
  • EMQX ACLs, if using EMQX as broker, ACLs per host will be created, enhancing security around messages
  • You can now create ext clients with your own public key, but this feature will not be represented on current UI (new UI on the horizon)
  • STUN is now represented as a list including your NM server + 2 we are hosting + 2 of googles (clients will only use 2) for better NAT detection
    • you specify which STUN servers to use with STUN_LIST env variable

whats fixed

  • More Peer calculation improvements
  • JSON output on list commands for nmctl
  • Upgrade script
  • Ports set from server for Hosts on register/join are actually used
  • CLients
    • More efficient Windows daemon handling
    • Better peer route setting on clients
    • Some commands involving the message queue on client have been fixed
    • NFTables masquerading issue
    • Some logging has been adjusted
    • Migrations on Linux work for 0.17.x - 0.18.3
    • EnrollmentKEys in an HA setup should function fine now
    • Registration by enrollment key on client GUI

known issues

  • Network interface routes may be removed after sometime/unintended network update
  • Caddy does not handle netmaker exporter well for EE
  • Incorrect latency on metrics (EE)
  • Swagger docs not up to date
  • Lengthy delay when you create an ext client
  • issues connecting over IPv6 on Macs
  • Nodes on same local network may not always connect
  • Netclient GUI shows egress range(s) twice
  • DNS entries are not sent after registration with EnrollmentKeys
  • If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.2

1 year ago

Netmaker v0.18.2

Do not attempt upgrade from 0.17.x quite yet

whats new

  • Enrollment Keys, give the ability for an admin to enroll clients into multiple networks, can be unlimited, time, or usage based
  • EMQX broker support and better MQTT support in general
    • Now you must specify BROKER_ENDPOINT
    • Also specify SERVER_BROKER_ENDPOINT, if not provided server will connect to broker over BROKER_ENDPOINT
    • Thsi gives ability for user to specify any broker endpoint and use any protocal on clients desired, such as, mqtts://mybroker.com:8083 (we will still default to wss)

whats fixed

  • Fixed default ACL behavior, should work as expected
  • Peer calculations enhancement
  • main routines share a context and docker stop/ctrl+c give expected results now
  • Github workflow edits
  • Removed Deprecated Local Network Range from client + server

known issues

  • EnrollmentKeys may not function as intended in an HA setup
  • If a host does not receive a message to delete a node, it could become orphaned and un-deletable
  • Network interface routes may be removed after sometime/unintended network update
  • Upgrade script does not handle clients
  • Caddy does not handle netmaker exporter well for EE
  • Incorrect latency on metrics (EE)
  • Swagger docs not up to date