Commit Graph

1736 Commits

Author SHA1 Message Date
ed1872560f Use the client network for log errors (#455) v0.9.1 2022-09-07 18:26:59 +02:00
de898899a4 update slack invite tittle 2022-09-05 18:44:04 +02:00
b63ec71aed Check if login stream was canceled before printing warn (#451) v0.9.0 2022-09-05 17:44:26 +02:00
1012172f04 Add routing peer support (#441)
Handle routes updates from management

Manage routing firewall rules

Manage peer RIB table

Add get peer and get notification channel from the status recorder

Update interface peers allowed IPs
2022-09-05 09:06:35 +02:00
788bb00ef1 Fix service install when sysV service bin exists (#450) v0.8.12 2022-09-05 08:56:07 +02:00
4e5ee70b3d Load WgPort from config file and exchange via signal (#449)
Added additional common blacklisted interfaces

Updated the signal protocol to pass the peer port and netbird version

Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
f1c00ae543 Update service library with rcS init system support (#447) v0.8.11 2022-09-02 14:03:02 +02:00
553a13588b Free up gRPC client resources on errors (#448) 2022-09-01 18:28:45 +02:00
586c0f5c3d Log remote address when not registered (#445) 2022-08-27 17:55:05 +02:00
c13f0b9f07 Use select for turn credentials and peers update (#443)
Also, prevent peer update when SSH is the same
2022-08-27 12:57:03 +02:00
dd4ff61b51 Do not autoload authissuer for the IDPManager config (#442) 2022-08-25 09:24:24 +02:00
e3657610bc Avoid pulling in management code in client (#437)
Avoid management code import for the legacy port value, hardcoding it
instead (it's literally spelled out in a comment below as well).
v0.8.10
2022-08-24 16:30:40 +02:00
e8733a37af Update scripts for the self-hosted Oauth 2.0 Device Auth Grant support (#439)
Support Oauth 2.0 Device Auth Grant in the
self-hosted scripts.
2022-08-24 14:37:18 +02:00
3def84b111 Support Generic OAuth 2.0 Device Authorization Grant (#433)
Support Generic OAuth 2.0 Device Authorization Grant
as per RFC specification https://www.rfc-editor.org/rfc/rfc8628.
The previous version supported only Auth0 as an IDP backend.
This implementation enables the Interactive SSO Login feature 
for any IDP compatible with the specification, e.g., Keycloak.
2022-08-23 15:46:12 +02:00
47add9a9c3 Don't create index if peer is empty (#435)
When checking for existing prefix routes
Return nil if peer is empty
2022-08-23 11:09:56 +02:00
09312b3e6d Add Network ID and rename Prefix to Network (#432)
Adding network ID will allow us to group

Renaming Prefix with Network
will keep things more clear and Consistent
v0.8.9
2022-08-22 14:10:24 +02:00
762a26dcea Fix Register/Deregister race on Signal (#431)
This PR fixes a race condition that happens
when agents connect to a Signal stream, multiple
times within a short amount of time. Common on
slow and unstable internet connections.
Every time an agent establishes a new connection
to Signal, Signal creates a Stream and writes an entry
to the registry of connected peers storing the stream.
Every time an agent disconnects, Signal removes the
stream from the registry.
Due to unstable connections, the agent could detect
a broken connection, and attempt to reconnect to Signal.
Signal will override the stream, but it might detect
the old broken connection later, causing peer deregistration.
It will deregister the peer leaving the client thinking
it is still connected, rejecting any messages.
2022-08-22 12:21:19 +02:00
000ea72aec Add routing Rest API support (#428)
Routing API will allow us to list, create, update, and delete routes.
2022-08-20 19:11:54 +02:00
4b34a6d6df Add routing support to management service (#424)
Management will receive and store routes that are associated with a peer ID.
The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
c39cd2f7b0 Support new properties for OIDC auth (#426)
This PR updates infrastructure_scripts to support
self-hosted setup with a generic OIDC provider.
v0.8.8
2022-08-17 21:44:20 +02:00
6dc3e8ca90 Enable HTTP/2 when loading TLS config from file (#423)
When creating TLSConfig from provided certificate file, the HTTP/2 support is not enabled.
It works with Certmanager because it adds h2 support.
We enable it the same way when creating TLSConfig from files.
v0.8.7
2022-08-15 19:36:00 +02:00
245863cd51 Update docker-compose to reflect new ports (#411) v0.8.6 2022-08-05 22:41:57 +02:00
14e322d3f7 Handle CORS requests before authentication (#413)
This helps our FE to get proper request responses
2022-08-05 22:41:04 +02:00
1be8c16e34 Decrease log level on peer status remove (#410) 2022-08-01 17:52:22 +02:00
851de3fd4e Output NetBird daemon and CLI versions on status command (#408) 2022-08-01 12:42:45 +02:00
c13288781f Fix checksum conflict and version injection (#409)
custom name_template for darwin ui release checksum file

fix darwin ui version injection to correct path
2022-08-01 12:20:30 +02:00
e34e0ccd12 Check and update Agent's Management URL if is legacy (#406)
All the existing agents by default connect to port 33073 of the
Management service. This value is also stored in the local config.
All the agents won't switch to the new port 443
unless explicitly specified in the config.
We want the transition to be smooth for our users, therefore
this PR adds logic to check whether the old port 33073 can be
changed to 443 and updates the config automatically.
v0.8.5
2022-07-30 19:17:18 +02:00
95dc9cc16c Split goreleaser for UI and parallelized workflow (#405)
decouple goreleaser ui might help us
parallelize workflow and run local tests

dividing the release workflow for each goreleaser
and making trigger sign a different job them
when small issues with sign happen
2022-07-30 14:44:01 +02:00
d1c2b3d703 Use unix.Uname to get Darwin system info (#404)
This prevents the client from needing to use command line tools
2022-07-30 11:31:27 +02:00
966661fe91 Serve Management gRPC and HTTP on a single 80/443 port (#400)
This PR is a part of an effort to use standard ports (443 or 80) that are usually allowed by default in most of the environments.

Right now Management Service runs the Let'sEncrypt manager on port 443, HTTP API server on port 33071,
and a gRPC server on port 33073. There are three separate listeners.
This PR combines these listeners into one.
With this change, the HTTP and gRPC server runs on either 443 with TLS or 80 without TLS
by default (no --port specified).
Let's Encrypt manager always runs on port 443 if enabled.
The backward compatibility server runs on port 33073 (with TLS or without).
HTTP port 33071 is obsolete and not used anymore.

Newly installed agents will connect to port 443 by default instead of port 33073 if not specified otherwise.
2022-07-29 20:37:09 +02:00
67ddaade58 Go mod tidy (#401)
Check git status after go mod tidy
v0.8.4
2022-07-27 20:19:55 +02:00
138cf35e00 Sync go mod (#399) 2022-07-27 18:57:18 +02:00
2555a6c3e8 Use proxy when any candidate is relay (#398)
We should use relayed port when remote or local
candidate is of the relay type
2022-07-27 18:12:39 +02:00
86a66c6202 Make Signal Service listen on a standard 443/80 port instead of 10000 (#396)
Right now Signal Service runs the Let'sEncrypt manager on port 80
and a gRPC server on port 10000. There are two separate listeners.
This PR combines these listeners into one with a cmux lib.
The gRPC server runs on either 443 with TLS or 80 without TLS.
Let's Encrypt manager always runs on port 80.
2022-07-25 19:55:38 +02:00
275d364df6 Fix TURN credentials renewal (#394)
Update conn config with new TURN credentials

Updated Signal connection timeout to 5s
v0.8.3
2022-07-21 22:07:38 +02:00
a3c5fa1307 Add PATH to client Dockerfile (#389)
Useful when SSH to client containers
2022-07-12 15:35:51 +02:00
75a69ca26b Write the Admin URL when creating new config (#388) 2022-07-12 15:02:51 +02:00
ae8e3ad6fe Enable SSH Login for docker (#385) v0.8.2 2022-07-07 16:33:16 +02:00
ff729f6755 Use id command for user lookup on MacOS (#384)
When building client without CGO, user.Lookup
attempts to get user from /etc/passwd
Which doesn't have the user as MacOS uses
opendirectoryd as user directory
2022-07-07 16:13:46 +02:00
7e1b20da5d Always initialize status recorder (#383)
Always initialize the status recorder

Utilize proto methods to get pbFullStatus values.
2022-07-07 13:54:47 +02:00
d4a3ee9d87 Load user profile when SSH (#380)
This PR fixes issues with the terminal when
running netbird ssh to a remote agent.
Every session looks up a user and loads its
profile. If no user is found, the connection is rejected.
The default user is root.
v0.8.1
2022-07-07 11:24:38 +02:00
49e9113e0f Enhance status command (#382)
Print peer status from the package

Added --detail flag for detailed status output
2022-07-05 19:47:50 +02:00
3bdfa3cc8e Introduce larger retries for the agent (#379)
The Management client will try reconnecting in case.
of network issues or non-permanent errors.
If the device was off-boarded, then the client will stop retrying.
2022-07-02 20:38:16 +02:00
8c953c5a2c Add client status collection (#368) 2022-07-02 12:02:17 +02:00
e95f0f7acb Support 32 bit (#374)
Add build for 32 bits linux

improved windows test time
2022-07-01 10:42:38 +02:00
fa7b413fe7 Fix SSH command on Docker (#377) 2022-06-29 14:03:30 +02:00
295f0c755a Add Router nodes feature to the coming soon list 2022-06-27 08:57:06 +03:00
a98f6f840a Add Easy SSH to the features list 2022-06-27 08:55:32 +03:00
faad5a1e98 Add Easy SSH banner 2022-06-27 08:50:34 +03:00
e8caa562b0 Send netmask from account network (#369)
* Send netmask from account network

Added the GetPeerNetwork method to account manager

Pass a copy of the network to the toPeerConfig function
to retrieve the netmask from the network instead of constant

updated methods and added test

* check if the network is the same for 2 peers

* Use expect with BeEquivalentTo
v0.8.0
2022-06-24 21:30:51 +02:00