hakansa
0125cd97d8
[client] use embedded root CA if system certpool is empty ( #3272 )
...
* Implement custom TLS certificate handling with fallback to embedded roots
2025-02-04 18:17:59 +03:00
Zoltan Papp
f930ef2ee6
Cleanup magiconair usage from repo ( #3276 )
2025-02-03 17:54:35 +01:00
Viktor Liu
a7ddb8f1f8
[client] Replace engine probes with direct calls ( #3195 )
2025-01-28 12:25:45 +01:00
Viktor Liu
a32ec97911
[client] Use dynamic dns route resolution on iOS ( #3243 )
2025-01-27 18:13:10 +01:00
Viktor Liu
5c05131a94
[client] Support port ranges in peer ACLs ( #3232 )
2025-01-27 13:51:57 +01:00
Viktor Liu
790a9ed7df
[client] Match more specific dns handler first ( #3226 )
2025-01-23 18:00:05 +01:00
Viktor Liu
2e61ce006d
[client] Back up corrupted state files and present them in the debug bundle ( #3227 )
2025-01-23 17:59:44 +01:00
Maycon Santos
9f4db0a953
[client] Close ice agent only if not nil ( #3210 )
2025-01-18 00:18:59 +01:00
Viktor Liu
bc7b2c6ba3
[client] Report client system flags to management server on login ( #3187 )
2025-01-16 13:58:00 +01:00
Viktor Liu
992a6c79b4
[client] Flush macOS DNS cache after changes ( #3185 )
2025-01-15 23:26:31 +01:00
Viktor Liu
78795a4a73
[client] Add block lan access flag for routers ( #3171 )
2025-01-15 17:39:47 +01:00
Viktor Liu
5a82477d48
[client] Remove outbound chains ( #3157 )
2025-01-15 16:57:41 +01:00
Viktor Liu
b34887a920
[client] Fix a panic on shutdown if dns host manager failed to initialize ( #3182 )
2025-01-15 13:14:46 +01:00
Viktor Liu
b9efda3ce8
[client] Disable DNS host manager for netstack mode ( #3183 )
2025-01-15 13:14:13 +01:00
Viktor Liu
15f0a665f8
[client] Allow ssh server on freebsd ( #3170 )
...
* Enable ssh server on freebsd
* Fix listening in netstack mode
* Fix panic if login cmd fails
* Tidy up go mod
2025-01-14 12:43:13 +01:00
Viktor Liu
9b5b632ff9
[client] Support non-openresolv for DNS on Linux ( #3176 )
2025-01-14 10:39:37 +01:00
Krzysztof Nazarewski (kdn)
522dd44bfa
[client] make /var/lib/netbird paths configurable ( #3084 )
...
- NB_STATE_DIR
- NB_UNCLEAN_SHUTDOWN_RESOLV_FILE
- NB_DNS_STATE_FILE
2025-01-13 10:15:01 +01:00
Viktor Liu
f48e33b395
[client] Don't fail on v6 ops when disabled via kernel params ( #3165 )
2025-01-10 18:16:21 +01:00
Viktor Liu
93f3e1b14b
[client] Prevent local routes in status from being overridden by updates ( #3166 )
2025-01-10 11:02:05 +01:00
Viktor Liu
d9905d1a57
[client] Add disable system flags ( #3153 )
2025-01-07 20:38:18 +01:00
Viktor Liu
6848e1e128
[client] Add rootless container and fix client routes in netstack mode ( #3150 )
2025-01-06 14:16:31 +01:00
Viktor Liu
f08605a7f1
[client] Enable network map persistence by default ( #3152 )
2025-01-06 14:11:43 +01:00
Viktor Liu
abbdf20f65
[client] Allow inbound rosenpass port ( #3109 )
2024-12-31 14:08:48 +01:00
Viktor Liu
43ef64cf67
[client] Ignore case when matching domains in handler chain ( #3133 )
2024-12-31 14:07:21 +01:00
Viktor Liu
b48cf1bf65
[client] Reduce DNS handler chain lock contention ( #3099 )
2024-12-21 15:56:52 +01:00
Zoltan Papp
82b4e58ad0
Do not start DNS forwarder on client side ( #3094 )
2024-12-20 16:20:50 +01:00
Viktor Liu
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com>
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
2024-12-20 11:30:28 +01:00
Jesse R Codling
3844516aa7
[client] fix: reformat IPv6 ICE addresses when punching ( #3050 )
...
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
2024-12-16 09:58:54 +01:00
Maycon Santos
2147bf75eb
[client] Add peer conn init limit ( #3001 )
...
Limit the peer connection initialization to 200 peers at the same time
2024-12-09 17:10:31 +01:00
Pascal Fischer
e40a29ba17
[client] Add support for state manager on iOS ( #2996 )
2024-12-06 16:51:42 +01:00
Maycon Santos
e67fe89adb
Reduce max wait time to initialize peer connections ( #2984 )
...
* Reduce max wait time to initialize peer connections
setting rand time range to 100-300ms instead of 100-800ms
* remove min wait time
2024-12-05 13:03:11 +01:00
Viktor Liu
6cfbb1f320
[client] Init route selector early ( #2989 )
2024-12-05 12:41:12 +01:00
Viktor Liu
c853011a32
[client] Don't return error in rule removal if protocol is not supported ( #2990 )
2024-12-05 12:28:35 +01:00
Maycon Santos
b50b89ba14
[client] Cleanup status resources on engine stop ( #2981 )
...
cleanup leftovers from status recorder when stopping the engine
2024-12-04 14:09:04 +01:00
Viktor Liu
e5d42bc963
[client] Add state handling cmdline options ( #2821 )
2024-12-03 16:07:18 +01:00
Viktor Liu
8866394eb6
[client] Don't choke on non-existent interface in route updates ( #2922 )
2024-12-03 15:33:41 +01:00
Viktor Liu
17c20b45ce
[client] Add network map to debug bundle ( #2966 )
2024-12-03 14:50:12 +01:00
Zoltan Papp
a0bf0bdcc0
Pass IP instead of net to Rosenpass ( #2975 )
2024-12-03 10:13:27 +01:00
Viktor Liu
5142dc52c1
[client] Persist route selection ( #2810 )
2024-12-02 17:55:02 +01:00
Zoltan Papp
9203690033
[client] Code cleaning in net pkg and fix exit node feature on Android( #2932 )
...
Code cleaning around the util/net package. The goal was to write a more understandable source code but modify nothing on the logic.
Protect the WireGuard UDP listeners with marks.
The implementation can support the VPN permission revocation events in thread safe way. It will be important if we start to support the running time route and DNS update features.
- uniformize the file name convention: [struct_name] _ [functions] _ [os].go
- code cleaning in net_linux.go
- move env variables to env.go file
2024-11-26 23:34:27 +01:00
Viktor Liu
9810386937
[client] Allow routing to fallback to exclusion routes if rules are not supported ( #2909 )
2024-11-25 15:19:56 +01:00
Viktor Liu
f1625b32bd
[client] Set up sysctl and routing table name only if routing rules are available ( #2933 )
2024-11-25 15:12:16 +01:00
Zoltan Papp
2a5cb16494
[relay] Refactor initial Relay connection ( #2800 )
...
Can support firewalls with restricted WS rules
allow to run engine without Relay servers
keep up to date Relay address changes
2024-11-22 18:12:34 +01:00
Krzysztof Nazarewski (kdn)
eb5d0569ae
[client] Add NB_SKIP_SOCKET_MARK & fix crash instead of returing an error ( #2899 )
...
* dialer: fix crash instead of returning error
* add NB_SKIP_SOCKET_MARK
2024-11-19 14:14:58 +01:00
Maycon Santos
65a94f695f
use google domain for tests ( #2902 )
2024-11-18 12:55:02 +01:00
Viktor Liu
a7d5c52203
Fix error state race on mgmt connection error ( #2892 )
2024-11-15 22:59:49 +01:00
Viktor Liu
582bb58714
Move state updates outside the refcounter ( #2897 )
2024-11-15 22:55:33 +01:00
Viktor Liu
121dfda915
[client] Fix state manager race conditions ( #2890 )
2024-11-15 20:05:26 +01:00
Pascal Fischer
4aee3c9e33
[client/management] add peer lock to peer meta update and fix isEqual func ( #2840 )
2024-11-15 16:59:03 +01:00
Viktor Liu
be78efbd42
[client] Handle panic on nil wg interface ( #2891 )
2024-11-14 20:15:16 +01:00