Increased the default send timeout from 2 to 5
Added a max of 4 retries
with an increased timeout after the second attempt
using the grpc client context and
checking the error value for canceled context
- wireguard/windows version update to 0.5.3
- follow up forked wireguard-go MTU related changes
- fix MTU settings on Windows
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
in some cases an IDP device flow expiration time might be shorter than 90s
we should check if the cancel context was set before using it
We will need a follow-up to identify and document the IDP with lower defaults.
fixes#890
* Avoid storing account if no peer meta or expiration change
* remove extra log
* Update management/server/peer.go
Co-authored-by: Misha Bragin <bangvalo@gmail.com>
* Clarify why we need to skip account update
---------
Co-authored-by: Misha Bragin <bangvalo@gmail.com>
The new functionality allows blocking a user in the Management service.
Blocked users lose access to the Dashboard, aren't able to modify the network map,
and all of their connected devices disconnect and are set to the "login expired" state.
Technically all above was achieved with the updated PUT /api/users endpoint,
that was extended with the is_blocked field.
Adds functionality to support Identity Provider (IdP) managers
that do not support a complete verification URI in the
device authentication flow.
In cases where the verification_uri_complete field is empty,
the user will be prompted with their user_code,
and the verification_uri field will be used as a fallback
This PR brings support of a shared port between stun (ICE agent) and
the kernel WireGuard
It implements a single port mode for execution with kernel WireGuard
interface using a raw socket listener.
BPF filters ensure that only STUN packets hit the NetBird userspace app
Removed a lot of the proxy logic and direct mode exchange.
Now we are doing an extra hole punch to the remote WireGuard
port for best-effort cases and support to old client's direct mode.
