v0.29.1

This release improves the relay with better authentication messages. To ensure your system is working properly, you should upgrade your relay and management servers before upgrading your clients.

What's Changed

• [client] Don't overwrite allowed IPs when updating the wg peer's endpoint address by @lixmal in #2578
• [relay] Improve relay messages by @lixmal in #2574
• [relay] change log levels by @pappz in #2580
• Remove pre-release step from workflow by @mlsmaycon in #2583
• [client] Update service package version by @mlsmaycon in #2582

Full Changelog: v0.29.0...v0.29.1

v0.29.0

Release Notes for v0.29.0

What's New

Relay Feature Integration

We are moving away from the TURN relay (coturn) to our own relay implementation based on WebSocket. This new system will ensure that all relayed connections utilize a single TCP port instead of allocating one port per connection as before. It enables the client to attempt a P2P connection in the background while using the Relay for a fast connection between nodes during bootstrap.

We've created an open thread to discuss the new implementation. Feel free to reach out here: #2566

Relay change notes:

• The Advanced Infrastructure scripts and Getting Started scripts have been updated to include support for the new relay.
• Your clients need to be running the updated client versions to take full advantage of the new relay, but don’t worry—these new agents are fully compatible with older nodes.
• Cloud support for the new relay feature is coming soon*.
• iOS and Android support are coming soon.

To deploy the new relay on existing installations, you can follow the steps below:

1. Run a backup of your deployment as documented here: Advanced guide - Backup or Quickstart guide - backup
2. Update your docker-compose.yml, by adding the new service as follows:

  # Relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    environment:
    - NB_LOG_LEVEL=info
    - NB_LISTEN_ADDRESS=:<PORT>
    - NB_EXPOSED_ADDRESS=<DOMAIN>:<PORT>
    - NB_AUTH_SECRET=<AUTH_SECRET>
    ports:
      - <PORT>:<PORT>
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

Replace PORT and DOMAIN according to your deployment. For AUTH_SECRET we recommend using a unique key, you can use a command like openssl rand -base64 32 | sed 's/=//g' to generate it.

3. Update your management.json with the new configuration below:

    "Relay": {
        "Addresses": ["rel://<DOMAIN>:<PORT>"],
        "CredentialsTTL": "24h",
        "Secret": "<AUTH_SECRET>"
    },

Update PORT, DOMAIN and AUTH_SECRET with the same values configured in your docker-compose.yml file.

4. Update your environment and redeploy:

docker compose pull
docker compose up -d --force-recreate

Improvements

• Auto Update Geolite: Added automatic updates for Geolite data. #2297
  @benniekiss made this amazing contribution that allows the management service to update the geolocation databases when starting up.

In case you are running NetBird management in restricted locations like China, you can use add the flag --disable-geolite-update to the management command flags to disable the update.

• Support for ECDSA Public Keys: Added support for ECDSA public keys in management. #2461
  @HarryKodden made their first contribution in this change to support ECDSA public keys.

• RPM-Ostree Support: Added installation script support for rpm-ostree-based distros. #2508
  @M0Rf30 made their first contribution in this change to support installations for rpm-ostree-based distros.

• Signal Dispatcher: Introduced signal dispatcher for better signaling. #2373

• PostgreSQL Store Test: Improved test infrastructure for files generation using PostgreSQL store. #2478

• X-Frame-Options Header: Updated dashboard to use X-Frame-Options with the sameorigin header. #2547

• Retry on TUN Creation for Darwin: Improved client handling by retrying TUN creation for Darwin systems. #2564

• Security Upgrade: Upgraded Alpine version from 3.19 to 3.20 to address security concerns. #2548

Bug Fixes

• Fix Deadlock on Auto Connect: Avoided deadlock in client auto-connect with early exit handling. #2528
• Destroy WG Interface on Timeout: Addressed issue where WireGuard interface wasn't destroyed on down timeout. #2435
• Fix Service Down: Corrected the service-down issue in the client. #2519
• Prevent Client Panic: Fixed client panic when there was no connection. #2541
• Error Handling in OpenConnVia: Improved error handling in the openConnVia function. #2560
• Fix Lock on Down: Fixed a lock issue when the service was brought down. #2546

Documentation

• Route API Docs: Updated route API documentation with a new maximum domain number. #2516

Other Changes

• Test Log Reduction: Reduced test log verbosity. #2550
• Update Slack URL: Updated Slack URL in documentation. #2544
• TestRecreation Test: Added TestRecreation unit test in the client. #2558

New Contributors

• @HarryKodden made their first contribution in #2461
• @M0Rf30 made their first contribution in #2508

Full Changelog: v0.28.9...v0.29.0

v0.28.9

What's Changed

• [management] Rename request buffer and update default interval by @pascal-fischer in #2459
• [client] Add test for SetFlagsFromEnvVars by @mlsmaycon in #2460
• [client] Refactor free port function by @mlsmaycon in #2455
• [misc] Bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible by @dependabot in #2426
• [misc] Add support for NETBIRD_STORE_ENGINE_POSTGRES_DSN environment variable in setup.env by @arosberg in #2462
• [management] Refactor HTTP metrics by @bcmmbaga in #2476

New Contributors

• @arosberg made their first contribution in #2462

Full Changelog: v0.28.8...v0.28.9

v0.28.8

What's Changed

• [misc] Use docker compose command by @mlsmaycon in #2382
• [client] change default config location on freebsd by @skillcoder in #2388
• [client] Offer only Device Code Flow on FreeBSD by @skillcoder in #2389
• [client] Fix windows binary version by @mlsmaycon in #2390
• [client] On iOS add error handling for getRouteselector by @pascal-fischer in #2394
• [management] Skip network map check if not regular user by @mlsmaycon in #2402
• [management] Improve mgmt sync performance by @lixmal in #2363
• [client] Update dependencies and switch systray library by @bcmmbaga in #2309
• [management] Add batch delete for groups and users by @bcmmbaga in #2370
• [client] Allow setup keys to be provided in a file by @moosetheory in #2337
• [misc] Update bug-issue-report.md to include netbird debug cmd by @lixmal in #2413
• [client] Parse data from setup key by @mlsmaycon in #2411
• [misc] Update bug-issue-report.md to include anon flag by @lixmal in #2412
• [management] Prevent removal of All group from peers during user groups propagation by @bcmmbaga in #2410
• [client] Upgrade fyne version to fix freezing routes window by @mlsmaycon in #2417
• [client] Mtls support by @Foosec in #2188
• [client] Update PNG systray disconnected icon by @lixmal in #2428
• [misc] Fix linting Issues by @bcmmbaga in #2427
• [misc] Update Slack invite link by @mlsmaycon in #2445
• [management] Split DB calls in peer login by @pascal-fischer in #2439
• [misc] Loading tun module for synology in install.sh by @pascal-fischer in #2423
• [misc] Use clearer wording on issue template by @lixmal in #2443
• [client] Replace windows network monitor implementation by @lixmal in #2450
• [management] Fix logging out peers on deletion by @lixmal in #2453
• [management] Add buffering for getAccount requests during login by @pascal-fischer in #2449

New Contributors

• @moosetheory made their first contribution in #2337
• @Foosec made their first contribution in #2188

Full Changelog: v0.28.7...v0.28.8

v0.28.7

What's Changed

• Fix error handling by @pappz in #2316
• add save peer status test for connected peers by @mlsmaycon in #2321
• Add SavePeer method to prevent a possible account inconsistency by @mlsmaycon in #2296
• Fix race in set listener by @pappz in #2332
• Save daemon address on service install by @mlsmaycon in #2328
• Remove redundant check for empty JWT groups by @bcmmbaga in #2323
• Refactor login with store.SavePeer by @mlsmaycon in #2334
• fix(tests): freebsd should be red on error by @skillcoder in #2346
• Add write lock for peer when saving its connection status by @mlsmaycon in #2359
• Save account on saving users and groups by @bcmmbaga in #2362
• Move write peer lock by @mlsmaycon in #2364
• Freebsd test all root component by @skillcoder in #2361
• Use accountID retrieved from the sync call to acquire read lock sooner by @mlsmaycon in #2369
• Handling invalid UTF-8 character in sys info by @pappz in #2360
• When creating new setup key, "revoked" field doesn't do anything by @pappz in #2357
• Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #2356
• fix(util): syslog output contains duplicated timestamp by @mrl5 in #2292
• Allow route updates even if some domains failed resolution by @lixmal in #2368
• Adding geolocation download log message. by @keac in #2085
• Add extra auth audience field on HttpConfig for automation user to authorize via zitadel by @dfry in #2350
• Extend client debug bundle by @lixmal in #2341
• Move Bundle to before netbird down by @mlsmaycon in #2377
• Fix Windows file version by @mlsmaycon in #2380
• Remove Codacy badge as it is broken by @braginini in #2379
• Fix DNS resolution for routes on iOS by @pascal-fischer in #2378
• Add sonar badge by @pascal-fischer in #2381

New Contributors

• @keac made their first contribution in #2085
• @dfry made their first contribution in #2350

Full Changelog: v0.28.6...v0.28.7

v0.28.6

What's Changed

• Minor fix local dns search domain by @hurricanehrndz in #2287
• Remove default allow for UDP on unmatched packet by @mlsmaycon in #2300
• Retry management connection only on context canceled by @mlsmaycon in #2301
• Ignore network monitor checks for software interfaces by @mlsmaycon in #2302

Full Changelog: v0.28.5...v0.28.6

v0.28.5

What's Changed

• Sort routes by ID and remove DNS routes from overlapping list by @mlsmaycon in #2234
• Fix issue with canceled context before pushing metrics and decreasing pushing interval by @mlsmaycon in #2235
• Avoid empty domain overwrite by @pascal-fischer in #2252
• Add release version to windows binaries and update sign pipeline version by @mlsmaycon in #2256
• Get client ui locale on windows natively by @lixmal in #2251
• Bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #2248
• Fix parameter limit issue for Postgres store by @mlsmaycon in #2261
• Support DNS routes on iOS by @pascal-fischer in #2254
• fix 2260: fallback serial to Board by @EdouardVanbelle in #2263
• Add logging option for WG device by @pappz in #2271
• Limit GUI process execution to one per UID by @mlsmaycon in #2267
• Add batch save/update for groups and users by @bcmmbaga in #2245
• fix forwarded metrics by @mlsmaycon in #2273
• Ignore non unique route updates by @hurricanehrndz in #2266
• feat(client): send logs to syslog by @mrl5 in #2259
• refactor(util): fix sonarcube issues by @mrl5 in #2276
• Add get_registration_delay_milliseconds metric by @mlsmaycon in #2275
• Fix metric label typo by @mlsmaycon in #2278
• fix: save peer status correctly in sqlstore by @ctrl-zzz in #2262
• Support custom SSL certificates for the signal service by @benniekiss in #2257
• Wait on daemon down by @pascal-fischer in #2279
• Don't add exclusion routes for IPs that are part of connected networks by @lixmal in #2258
• Add faster availability DNS probe and update test domain to .com by @mlsmaycon in #2280
• Check if route interface is a Microsoft ISATAP device by @mlsmaycon in #2282
• Remove copy functions from signal by @mlsmaycon in #2285
• Refactor macOS system DNS configuration by @hurricanehrndz in #2284
• Fix macOS DNS unclean shutdown restore call on startup by @mlsmaycon in #2286

New Contributors

• @EdouardVanbelle made their first contribution in #2263
• @mrl5 made their first contribution in #2259
• @ctrl-zzz made their first contribution in #2262
• @benniekiss made their first contribution in #2257

Full Changelog: v0.28.4...v0.28.5

v0.28.4

What's Changed

• Add multiple tabs for route selection by @mlsmaycon in #2198
• Remove DNSSEC parameters and configure AuthenticatedData by @mlsmaycon in #2208
• add MACOSX_DEPLOYMENT_TARGET environment to control GUI build target by @mlsmaycon in #2221
• [Snyk] Security upgrade alpine from 3.18.5 to 3.19 by @mlsmaycon in #2220
• Client UI Multiple language support by @Yxnt in #2192
• Add stack trace when saving empty domains by @mlsmaycon in #2228
• Remove interface network monitor checks by @lixmal in #2223
• Bump golang.org/x/image from 0.10.0 to 0.18.0 by @dependabot in #2205
• Fix linux serial number retrieval by @bcmmbaga in #2206
• Debounce network monitor restarts by @lixmal in #2225
• Fix nil pointer exception in case of error by @pappz in #2230
• Add context to throughout the project and update logging by @pascal-fischer in #2209

Full Changelog: v0.28.3...v0.28.4

v0.28.3

What's Changed

• Update Zitadel and CockroachDB Container Image Version by @r0b2g1t in #2169
• Do not use eBPF proxy in case of USP mode by @pappz in #2180
• Optimize process checks database read by @bcmmbaga in #2182
• Lower retry interval on dns resolve failure by @lixmal in #2176
• Use selector to display dns routes in GUI by @mlsmaycon in #2185
• Using macOS-latest to build GUI by @mlsmaycon in #2189
• Add loopback ignore rule to nat chains by @lixmal in #2190
• Improve windows network monitor by @lixmal in #2184
• Feature/Use Zitadel Postgres Integration by default by @r0b2g1t in #2181
• Add log config and removed domain by @mlsmaycon in #2194
• Set EDNS0 when no extra options are set by the dns client by @mlsmaycon in #2195

New Contributors

• @r0b2g1t made their first contribution in #2169

Full Changelog: v0.28.2...v0.28.3

v0.28.2

What's Changed

• Fix windows network monitor next hop ip log by @lixmal in #2168
• Automatically migrate older management store engine to SQLite by @bcmmbaga in #2170

Full Changelog: v0.28.1...v0.28.2