v0.14.2

Advisory

If upgrading the netclient from 0.14.1 to 0.14.2 using the package manager, the client will be uninstalled and reinstalled, meaning it will be removed from any networks it is currently in. To avoid this, download and replace the binary directly, using the binaries from this release page.

Important Upgrade Notes:

• Default Compose File is now Traefik (docker-compose.traefik.yml)
• You can upgrade an existing Caddy-based installation to Traefik using the new docker-compose.traefik.yml
• You can also keep your existing Caddy-based installation/docker-compose and just change the image versions from 0.14.1 to 0.14.2
• If you do change to Traefik, you must wait a few minutes on clients to generate proper certs, as port changes to 443

What's new?

• Default proxy is now Traefik
• MQ public port is configurable and can run on 443 via Traefik
• Traefik removes port 80 and port 8883 dependencies
• Send server version to clients to detect if they are on the wrong version
• MQ address removed from access token
• added onfailure restart to Windows service

What's fixed?

• removed duplicate publishes from client
• minor fixes to peer logic
• failover for retrieving correct MQ address via API
• use interface as hostctl profile to avoid confilcts in DNS
• delete WireGuard interfaces on shutdown of docker netclient

Known Issues

• Windows Service: The old netclient Windows Service does not get uninstalled during upgrade. It also does not restart automatically on failure, which is absolutely necessary to function. If you're running an older Windows netclient, you must go to Windows Services, search for netclient, and change the settings so that it will "restart on failure"
• Problems with relay logic: if you update a relayed node's address, it will become un-relayed
• setting and unsetting the server as a relay will turn ON UDP HOLE PUNCHING + break network
  • workaround: set udpholepunch off

v0.14.1

Important Notes:

• Update your server before the clients
• Client packages are not version specific 'apt update' will move client to 0.14.1
• Clients should be updated either via package management, or replacing the existing binary with the one from releases page

What's new?

• Set Endpoint and Port as static/dynamic separately
• Added a couple cool projects to the README
• New README gif

What's fixed?

• netclient gui in releases
• GUI displays correct status
• removed resolvectl dependency (fixes issues with Ubuntu 22.04)
• removed macaddress validation
• re-added userspace docker netclient

Known Issues

• service does not start on boot on Linux (currently working to resolve. Out of tree)
• mac routing does not work for ipv6
• takes about 1 minute to update endpoint if network changes
• update for windows requires uninstall via Add/Remove programs
  • OR manual replacement of netclient binary

v0.14.0

Important Note: As of 0.14.0, the daemon is installed outside of the "netclient join" process. The new, expected flow is to first install the netclient service (see https://docs.netmaker.org/netclient.html#install). This will start the daemon. Then, you join a network.

If you would like to use the binary from the releases to join a network, without installing the daemon first, please run with ./netclient join --daemon=install. Otherwise, the daemon will not be installed and the client will not receive the updates necessary to run.

What's New

• Netclient GUI, able to join, leave, pull and uninstall using a User Interface!
• Packages for Apt, RPM, Arch, Brew (mac), msi (Windows)
• Freebsd can be ingress/egress gateway

What's Fixed

• Roaming Endpoint changes trigger peer updates
• All DNS entries are sent to peers, fixes relayed nodes not getting DNS entries
• Uncaught panic handled better with netclient + netmaker on same machine
• IPv6 forwarding on gateways
• IPv6 Range updates trigger node updates
• Docs updated
• nm-quick now creates network "netmaker" rather than "default"
• ICMP no longer required on server
• Other small bugs

Known Issues

• IPv6 routing still not working Mac, works fine with ipv4 network
• If you turn off udp hole punching on a node and then turn it to isstatic, it becomes unreachable
• Docs not completely updated
• run netclient uninstall before running remove for linux packages as linux packages (i.e. apt remove netclient) do not completely remove netclient yet
• logs could be more detailed
• Netclient GUI:
  • Displays "WARNING" status despite being healthy on server
  • still displays network after leave. Need to quit and re-open
  • not displayed on client
• Admin UI:
  • Node statuses do not automatically refresh sometimes, need to refresh manually
• Egress Gateway
  • Cannot reach from Windows, route not created
  • (works on FreeBSD and Linux)

MQ: If you experience issues with client installs hanging or erroring out, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

v0.13.1

What's New

• Instant DNS propogation

What's Fixed

• IPv6 forwarding working from ext clients to nodes
• netclient list displays peer info again
• Fixed indefinite hang on netclient join, attempts to pull certificates

Known Issues

MQ: If you experience issues with client installs hanging or erroring out, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

Upgrades: If upgrading from 0.12, please refer to this gist:
https://gist.github.com/afeiszli/f53f34eb4c5654d4e16da2919540d0eb

• Egress with IPv6 may have issues
• Mac IPv6 routes not resolved
• Windows install script not fixed

v0.13.0

What's New

• IPv6 only networks
• Dualstack on networks/nodes deprecated
• Ext clients + nodes get IPv6 addresses
• Better handling of ports with UDP hole punching
• Better handling of node connections resetting on server restart
• No more comms net
• MQ connections now rely on certificates
• UI Create Network form auto fills IPv6/4 if toggled on

What's Fixed

• stability issues around server
• IPv6 handled better
• Local WG Ports collected to handle UDP hole punching better
• Docker-composes updated to reflect updated architecture

Known Issues

• MQ: If you experience the following issues, refer to this gist: https://gist.github.com/mattkasun/face2a7c1f32031a2126ff7243caad12

  • netclient installation hangs on "[netclient] certificate/key saved"
  • netclient installation hangs on "starting wireguard...."
  • errors in MQ logs

• Windows: installs can be unreliable - Recommendation: if running into issues with the powershell install script, download the netclient.exe manually and run "netclient.exe join -t " (must already have WireGuard installed) or Use an ext client config, since mesh nodes can now communicate with ext clients.

• Mac IPv6 static routes not added properly for IPv6, if IPv6 on mac is required, please use standard WireGuard + Ext Client conf

• Upgrades are still difficult, instructions from v0.12+ provided in discord

Compatibility

• Netmaker v0.13.0 requires some manual effort client side to be compatible with server
  Gist of upgrade: https://gist.github.com/afeiszli/f53f34eb4c5654d4e16da2919540d0eb

v0.12.2

What's New

• Ext Clients are now reachable from other nodes connected to the ingress gateways
• Node IDs present in the Netclient list command
• Custom DNS entries are propagated to clients once again
• Upgraded Go Version
• Added verbosity (specified with -v, -vv, -vvv) i.e. ./netclient join -t <token> -vvv
• Specify config path with -c on Netmaker server
• Dark mode on UI

What's Fixed

• repetitive IPtables issue
• stability issues around ext clients

Known Issues

• Windows: installs can be unreliable - Recommendation: if running into issues with the powershell install script, download the netclient.exe manually and run "netclient.exe join -t " (must already have WireGuard installed) or Use an ext client config, since mesh nodes can now communicate with ext clients.

Compatibility

• Netmaker v0.12.2 works with v0.11+ clients

v0.12.1

What's New

• Set default node ACL (enabled or disabled) on network create
• run iptables forwarding regularly to ensure MQ comms
• allow setting "0" keepalive
• docs moved to gravitl/netmaker-docs
• server routes added on ext clients
• set mtu on ext clients

What's Fixed

• comms network creation should be enforced
• keepalives now being sent
• egress gateway routes should be set on server now
• dns settings should be more reliable
• access keys more secure
• SQLite database reliability enhanced (avoids conflicting calls by locking DB)

Known Issues

• Windows: installs can be unreliable - Recommendation: if running into issues with the powershell install script, download the netclient.exe manually and run "netclient.exe join -t " (must already have WireGuard installed)

• Server reliability: On a subset of installs, even though server appears healthy and clients join successfully, clients are unable to communicate with each other. We are investigating the root cause and have been unable to replicate. If you encounter this issue, please provide notes about your installation in this issue: #945

Compatibility

• Netmaker v0.12.1 works with v0.11+ clients

v0.12.0

What's New

• Node ACLs, Ability to disallow and allow connections between nodes on the same network at will
• Ext Client Disabling/Enabling
• UI Reflects these changes
• Client Versions are displayed for nodes in UI
• Packages for RPM, Deb and Pacman
• New Logo

What's Fixed

• Windows client now receives Node Updates once again
• Minor Bug fixes around backend, client and UI
• Correct DNS propogation based on allowed peers

Known Issues

• Stability of Peer Updates may vary on connection to server
• Windows joining bug to be hotfixed

Compatibility

• Netmaker v0.12.0 works with v0.11+ clients

A workflow test release

DO NOT USE

v0.11.1

What's New:
- DNS: Should now be functional on Windows, Mac, FreeBSD, and Linux

Fixed issues:

• Windows join issue fixed
• UI rendering issues resolved
• Minor patches to install scripts
• Additional gateway logic (iptables) to return traffic consistently
• Removed CGO from client builds (no longer dependent on system C libraries)
• Fixed logic with IsHub

Known issues

1. Windows has a few bugs to sort out, reliability is not consistent
2. Docker netclient updates are not reliable