Version 0.14.6

Whats New

• new toggle to disable NAT for egress gateways
• netclient.exe and MSI are now signed (no longer comes from "Unknown Publisher")
• randomized letsencrypt email for quick installer
• gravitl logo removed from scripts/executables

Whats Fixed

• ip6 ranges for systems without wg-quick
• vpn ranges
• lockfile for /etc/hosts -- prevents corruption of /etc/hosts if accidently run multiple instance of netclient

Known Issues

• Relayed Ingress gateways
• VPN ranges on iOS
• Client version in UI after upgrade may display old version

v0.14.5

What's New

• OIDC Oauth2 Connector, Able to connect to Dex, Auth0, Okta, etc..
• Tooltips in UI for network/node editable fields
• Able to connect to Remote MQ broker from server securely (optional to still use local connection)
• Official MacOS installer
• Removed ability to create networks with "." in the name
• Gravitl removed from startup logo

What's Fixed?

• Egress on server functions
• Reduced number of peer updates
• Timeouts on API connections from clients
• Better client message caching
• HA mode should function again
• K8s templates updated

Known Issues

• VPN egress can mess up server routing: If you put in 172.x.x.x as a egress range, as is recommended for creating an "internet" VPN here, the server will be unable to reach MQ over the local network, which breaks the server. For now, we are recommending users not to create "internet" VPNs using the 172 address range, or to remove those ranges from the list.
• MQ behind a load-balancer may cause timeouts

New Contributors

• @capric98 made their first contribution in #1249

Full Changelog: v0.14.4...release_v0.14.5

Version 0.14.4

What's New

• netclient install command - installs the daemon if not present
• external client ip address displayed on graph details
• table sorting (UI)

What's Fixed?

• ipv6 on macos
• UI tables more mobile friendly
• Point to Site network fixes

Known Issues

• Cannot egress behind a relay server
• HA setup not working

New Contributors

• @calebgasser made their first contribution in #1241

Full Changelog: v0.14.3...v0.14.4

v0.14.3

Advisory

If you are running into connectivity issues after upgrade, run "netclient pull" on your clients. The recommended upgrade process is to first upgrade the server, and then the clients.

If you are experiencing issues on initial setup, please check out the MQ troubleshooting doc. This is the most common issue for a first time setup: For MQ issues (most common first place to look), please reference this Gist before opening an issue: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

What's new?

• Zombie Node Deletion: If a duplicate node is created (zombie), it will be added to a quarantine list. Nodes are listed as zombies if they are not "checking in", and have the same mac address as a functioning node. Zombies are deleted after 10 minutes.
• Sort nodes by address or name in UI

What's fixed?

• Relay logic: several issues with relay addresses were fixed.
• add traffic keys during node update to avoid info getting wiped
• external client cleanup of ingress gateway

Known Issues

• Windows Service: The old netclient Windows Service does not get uninstalled during upgrade. It also does not restart automatically on failure, which is absolutely necessary to function. If you're running an older Windows netclient, you must go to Windows Services, search for netclient, and change the settings so that it will "restart on failure"
• downtime during a relay peer update - takes about 30 seconds for an updated node to become reachable
• sometimes, p2p connection can only be established using a ping
• rarely, node update causes wireguard interface to disappear - workaround: run "netclient pull"
• you can update a node to a duplicate ip address (same as another node)
• sometimes, ping to peer froze after upgrade. - workaround: run "netclient pull"

v0.14.2

Advisory

If upgrading the netclient from 0.14.1 to 0.14.2 using the package manager, the client will be uninstalled and reinstalled, meaning it will be removed from any networks it is currently in. To avoid this, download and replace the binary directly, using the binaries from this release page.

Important Upgrade Notes:

• Default Compose File is now Traefik (docker-compose.traefik.yml)
• You can upgrade an existing Caddy-based installation to Traefik using the new docker-compose.traefik.yml
• You can also keep your existing Caddy-based installation/docker-compose and just change the image versions from 0.14.1 to 0.14.2
• If you do change to Traefik, you must wait a few minutes on clients to generate proper certs, as port changes to 443

What's new?

• Default proxy is now Traefik
• MQ public port is configurable and can run on 443 via Traefik
• Traefik removes port 80 and port 8883 dependencies
• Send server version to clients to detect if they are on the wrong version
• MQ address removed from access token
• added onfailure restart to Windows service

What's fixed?

• removed duplicate publishes from client
• minor fixes to peer logic
• failover for retrieving correct MQ address via API
• use interface as hostctl profile to avoid confilcts in DNS
• delete WireGuard interfaces on shutdown of docker netclient

Known Issues

• Windows Service: The old netclient Windows Service does not get uninstalled during upgrade. It also does not restart automatically on failure, which is absolutely necessary to function. If you're running an older Windows netclient, you must go to Windows Services, search for netclient, and change the settings so that it will "restart on failure"
• Problems with relay logic: if you update a relayed node's address, it will become un-relayed
• setting and unsetting the server as a relay will turn ON UDP HOLE PUNCHING + break network
  • workaround: set udpholepunch off

v0.14.1

Important Notes:

• Update your server before the clients
• Client packages are not version specific 'apt update' will move client to 0.14.1
• Clients should be updated either via package management, or replacing the existing binary with the one from releases page

What's new?

• Set Endpoint and Port as static/dynamic separately
• Added a couple cool projects to the README
• New README gif

What's fixed?

• netclient gui in releases
• GUI displays correct status
• removed resolvectl dependency (fixes issues with Ubuntu 22.04)
• removed macaddress validation
• re-added userspace docker netclient

Known Issues

• service does not start on boot on Linux (currently working to resolve. Out of tree)
• mac routing does not work for ipv6
• takes about 1 minute to update endpoint if network changes
• update for windows requires uninstall via Add/Remove programs
  • OR manual replacement of netclient binary

v0.14.0

Important Note: As of 0.14.0, the daemon is installed outside of the "netclient join" process. The new, expected flow is to first install the netclient service (see https://docs.netmaker.org/netclient.html#install). This will start the daemon. Then, you join a network.

If you would like to use the binary from the releases to join a network, without installing the daemon first, please run with ./netclient join --daemon=install. Otherwise, the daemon will not be installed and the client will not receive the updates necessary to run.

What's New

• Netclient GUI, able to join, leave, pull and uninstall using a User Interface!
• Packages for Apt, RPM, Arch, Brew (mac), msi (Windows)
• Freebsd can be ingress/egress gateway

What's Fixed

• Roaming Endpoint changes trigger peer updates
• All DNS entries are sent to peers, fixes relayed nodes not getting DNS entries
• Uncaught panic handled better with netclient + netmaker on same machine
• IPv6 forwarding on gateways
• IPv6 Range updates trigger node updates
• Docs updated
• nm-quick now creates network "netmaker" rather than "default"
• ICMP no longer required on server
• Other small bugs

Known Issues

• IPv6 routing still not working Mac, works fine with ipv4 network
• If you turn off udp hole punching on a node and then turn it to isstatic, it becomes unreachable
• Docs not completely updated
• run netclient uninstall before running remove for linux packages as linux packages (i.e. apt remove netclient) do not completely remove netclient yet
• logs could be more detailed
• Netclient GUI:
  • Displays "WARNING" status despite being healthy on server
  • still displays network after leave. Need to quit and re-open
  • not displayed on client
• Admin UI:
  • Node statuses do not automatically refresh sometimes, need to refresh manually
• Egress Gateway
  • Cannot reach from Windows, route not created
  • (works on FreeBSD and Linux)

MQ: If you experience issues with client installs hanging or erroring out, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

v0.13.1

What's New

• Instant DNS propogation

What's Fixed

• IPv6 forwarding working from ext clients to nodes
• netclient list displays peer info again
• Fixed indefinite hang on netclient join, attempts to pull certificates

Known Issues

MQ: If you experience issues with client installs hanging or erroring out, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

Upgrades: If upgrading from 0.12, please refer to this gist:
https://gist.github.com/afeiszli/f53f34eb4c5654d4e16da2919540d0eb

• Egress with IPv6 may have issues
• Mac IPv6 routes not resolved
• Windows install script not fixed

v0.13.0

What's New

• IPv6 only networks
• Dualstack on networks/nodes deprecated
• Ext clients + nodes get IPv6 addresses
• Better handling of ports with UDP hole punching
• Better handling of node connections resetting on server restart
• No more comms net
• MQ connections now rely on certificates
• UI Create Network form auto fills IPv6/4 if toggled on

What's Fixed

• stability issues around server
• IPv6 handled better
• Local WG Ports collected to handle UDP hole punching better
• Docker-composes updated to reflect updated architecture

Known Issues

• MQ: If you experience the following issues, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

  • netclient installation hangs on "[netclient] certificate/key saved"
  • netclient installation hangs on "starting wireguard...."
  • errors in MQ logs

• Windows: installs can be unreliable - Recommendation: if running into issues with the powershell install script, download the netclient.exe manually and run "netclient.exe join -t " (must already have WireGuard installed) or Use an ext client config, since mesh nodes can now communicate with ext clients.

• Mac IPv6 static routes not added properly for IPv6, if IPv6 on mac is required, please use standard WireGuard + Ext Client conf

• Upgrades are still difficult, instructions from v0.12+ provided in discord

Compatibility

• Netmaker v0.13.0 requires some manual effort client side to be compatible with server
  Gist of upgrade: https://gist.github.com/afeiszli/f53f34eb4c5654d4e16da2919540d0eb

v0.12.2

What's New

• Ext Clients are now reachable from other nodes connected to the ingress gateways
• Node IDs present in the Netclient list command
• Custom DNS entries are propagated to clients once again
• Upgraded Go Version
• Added verbosity (specified with -v, -vv, -vvv) i.e. ./netclient join -t <token> -vvv
• Specify config path with -c on Netmaker server
• Dark mode on UI

What's Fixed

• repetitive IPtables issue
• stability issues around ext clients

Known Issues

• Windows: installs can be unreliable - Recommendation: if running into issues with the powershell install script, download the netclient.exe manually and run "netclient.exe join -t " (must already have WireGuard installed) or Use an ext client config, since mesh nodes can now communicate with ext clients.

Compatibility

• Netmaker v0.12.2 works with v0.11+ clients