3461b1bb90
Expect correct conn type ( #1801 )
2024-04-05 00:10:32 +02:00
3d2a2377c6
Don't return errors on disallowed routes ( #1792 )
2024-04-03 19:06:04 +02:00
25f5f26527
Timeout rule removing loop and catch IPv6 unsupported error in loop ( #1791 )
2024-04-03 18:57:50 +02:00
bb0d5c5baf
Linux legacy routing ( #1774 )
...
* Add Linux legacy routing if ip rule functionality is not available
* Ignore exclusion route errors if host has no route
* Exclude iOS from route manager
* Also retrieve IPv6 routes
* Ignore loopback addresses not being in the main table
* Ignore "not supported" errors on cleanup
* Fix regression in ListenUDP not using fwmarks
2024-04-03 18:04:22 +02:00
7938295190
Feature/exit nodes - Windows and macOS support ( #1726 )
2024-04-03 11:11:46 +02:00
9af532fe71
Get scope from endpoint url instead of hardcoding ( #1770 )
2024-04-02 13:43:57 +02:00
23a1473797
Fix grammar in readme ( #1778 )
2024-04-02 10:08:58 +02:00
9c2dc05df1
Eval/higher timeouts ( #1776 )
2024-03-31 19:39:52 +02:00
40d56e5d29
Update network security image ( #1765 )
2024-03-28 18:43:32 +01:00
fd23d0c28f
Don't block on failed routing setup ( #1768 )
2024-03-28 18:12:25 +01:00
4fff93a1f2
Ignore unsupported address families ( #1766 )
2024-03-28 13:06:54 +01:00
22beac1b1b
Fix invalid token due to the cache race ( #1763 )
2024-03-28 12:33:56 +01:00
bd7a65d798
support to configure extra blacklist of iface in "up" command ( #1734 )
...
Support to configure extra blacklist of iface in "up" command
2024-03-28 09:56:41 +01:00
2d76b058fc
Feature/peer validator ( #1553 )
...
Follow up management-integrations changes
move groups to separated packages to avoid circle dependencies
save location information in Login action
2024-03-27 18:48:48 +01:00
ea2d060f93
Add limited dashboard view ( #1738 )
2024-03-27 16:11:45 +01:00
68b377a28c
Collect chassis.serial ( #1748 )
2024-03-26 15:33:01 +01:00
af50eb350f
Change log level for JWT override message of single account mode ( #1747 )
2024-03-25 14:25:26 +01:00
2727680123
Merge branch 'main' into add-process-posture-check
2024-03-21 21:30:40 +03:00
2475473227
Support client default routes for Linux ( #1667 )
...
All routes are now installed in a custom netbird routing table.
Management and wireguard traffic is now marked with a custom fwmark.
When the mark is present the traffic is routed via the main routing table, bypassing the VPN.
When the mark is absent the traffic is routed via the netbird routing table, if:
- there's no match in the main routing table
- it would match the default route in the routing table
IPv6 traffic is blocked when a default route IPv4 route is configured to avoid leakage.
2024-03-21 16:49:28 +01:00
846871913d
Add latency checks to peer connection and status output ( #1725 )
...
* adding peer healthcheck
* generate proto file
* fix return in udp mux and replace with continue
* use ice agent for latency checks
* fix status output
* remove some logs
* fix status test
* revert bind and ebpf code
* fix error handling on binding response callback
* extend error handling on binding response callback
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-03-20 11:18:34 +01:00
6cba9c0818
Remove context niling ( #1729 )
2024-03-19 12:32:07 +01:00
9dcaa51b68
Merge branch 'main' into add-process-posture-check
2024-03-18 18:41:38 +03:00
f0672b87bc
Add missing dns domain to tests to avoid verbose test logs ( #1724 )
2024-03-18 12:25:01 +01:00
9b0fe2c8e5
Validate authentik issuer url ( #1723 )
...
* Validate authentik issuer url
* test issuer
* adjust test times on windows
2024-03-18 10:12:46 +01:00
abd57d1191
Avoid creating duplicate groups with the same name ( #1579 )
...
Avoid creating groups with the same name via API calls.
JWT and integrations still allowed to register groups with duplicated names
2024-03-17 11:13:39 +01:00
416f04c27a
Unblock ACL apply filtering because of dns probes ( #1711 )
...
moved the e.dnsServer.ProbeAvailability() to run after ACL apply filtering
run the probes in parallel
2024-03-15 18:57:18 +01:00
fc7c1e397f
Disable force jsonfile variable ( #1611 )
...
This enables windows management tests
Added another DNS server to the dns server tests
2024-03-15 10:50:02 +01:00
52a3ac6b06
Add support for inviting/deleting users via Zitadel ( #1572 )
...
This fixes the "Invite User" button in Dashboard v2.0.0
and enables the usage of the --user-delete-from-idp flag for Zitadel.
Unlike the NetBird SaaS solution, we rely on Zitadel to send
the emails on our behalf.
2024-03-15 10:32:51 +01:00
0b3b50c705
Remove deprecated Rules API endpoints ( #1523 )
2024-03-14 21:31:21 +01:00
180f5a122e
Refactor posture check validations ( #1705 )
...
* Add posture checks validation
* Refactor code to incorporate posture checks validation directly into management.
* Add posture checks validation for geolocation, OS version, network, process, and NB-version
* Fix tests
2024-03-14 20:16:50 +00:00
042141db06
Update account attributes only when there is a domain ( #1701 )
...
add log for when a domain is not present
2024-03-14 14:17:22 +01:00
90ab2f7c89
Fix linters
2024-03-14 16:06:50 +03:00
4ab993c933
Fix tests
2024-03-14 15:52:15 +03:00
1a5d59be1d
Refactor
2024-03-14 14:35:21 +03:00
9db450d599
Add single Unix/Windows path check in process tests
2024-03-14 14:32:55 +03:00
cc60df7805
Allow set of single unix or windows path check
2024-03-14 14:32:40 +03:00
60f9f08ecb
fix tests
2024-03-13 11:02:47 +03:00
4a1aee1ae0
Add routes and dns servers to status command ( #1680 )
...
* Add routes (client and server) to status command
* Add DNS servers to status output
2024-03-12 19:06:16 +01:00
ba33572ec9
add --service/-s flag for specifying system service name ( #1691 )
2024-03-12 18:29:19 +01:00
9d213e0b54
Add fallback retry to daemon ( #1690 )
...
This change adds a fallback retry to the daemon service.
this retry has a larger interval with a shorter max retry run time
then others retries
2024-03-12 18:05:41 +01:00
41348bb39b
Add process validation for peer metadata
2024-03-12 19:24:08 +03:00
e66e39cc70
Extend peer metadata with processes
2024-03-12 19:23:57 +03:00
9f41a1f20f
add process posture check to posture checks handlers
2024-03-12 15:20:00 +03:00
5f0eec0add
wip: add process check posture
2024-03-12 15:19:22 +03:00
5dde044fa5
Check for record not found when searching the store ( #1686 )
...
This change returns status.NotFound only on gorm.ErrRecordNotFound and status.Internal on every other DB error
2024-03-10 19:09:45 +01:00
5a3d9e401f
Send terminal notification on peer session expiry ( #1660 )
...
Send notification through terminal on user session expiration in Linux and macOS,
unless UI application is installed to handle it instead.
2024-03-08 18:28:13 +01:00
fde1a2196c
add ansible collections contributions ( #1675 )
2024-03-06 23:30:16 +01:00
0aeb87742a
Return 1s when next expiration is too low ( #1672 )
...
using the login expired issue could cause problems with ticker used in the scheduler
This change makes 1s the minimum number returned when rescheduling the peer expiration task
2024-03-06 15:18:53 +01:00
6d747b2f83
Do not fail on virtualized windows systems ( #1669 )
...
this handles virtualized systems without Win32_ComputerSystemProduct entries by returning 'unknown' for system product name
Co-authored-by: Bjoern Brauer <zaubernerd@zaubernerd.de >
2024-03-06 14:32:34 +01:00
199bf73103
Remove usage stats ( #1665 )
2024-03-05 09:45:32 +01:00
