v8.0.0-beta Clustering
Pre-releaseThis is a huge release that contains a number of fundamental changes to the inner workings of Wag to allow for high availability and clustering.
Additionally it also includes changes to the eBPF interactions which drastically increase the speed of changing firewall rules (#84).
It is highly likely that due to the large number of changes that this release contains that there are bugs, broken functionality and other issues. So until this release has been tested it is released as an beta release.
Wag has moved from using sqlite3
and an config.json
file to using etcd
as the backend for storing users and managing rules. This allows multiple Wag instances to be deployed and managed as one unit.
This release will attempt to perform a migration from sqlite3
into etcd
on first run.
Features:
- The wireguard peer diagnostics page now shows number of bytes sent/received #94
- Webauthn keys will hopefully no longer prompt for pin code #89
- Add clustering admin UI page for adding wag nodes to cluster #24
wag start
now supports the-join
flag for taking a cluster join tokenServerPersistentKeepAlive
now configures the keep alives set by the server to the client to resolve #64- Wag now has a notifications system for the admin UI that will now node failures, policy apply failures and updates
Changes:
- Improved new wireguard device IP address selection
- Admin UI now has
Debug
mode available in config for development
Bug Fixes:
- Fix
gen-config
returningnull
for a number of values #97 - Rules with a domain name will be skipped if they are unsolvable rather than causing rule parsing to fail #86
- Fix performance issues with moderate number of clients #84
- Fix issue where custom templates/js could not be loaded due to bad path #76
- Fix rendering issue on change password page #79
Security Fixes:
X-Forwarded-For
is now correctly parsed