v0.18.6

Netmaker v0.18.6

Limitations

• Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0:
  0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4

• EE should still be considered pre-release, and we do not recommend upgrading yet.

Follow Upgrade Instructions Carefully - You must upgrade server before netclients

1. You must be on v0.17.1 in order to upgrade
2. SSH to your Netmaker server
3. Run the upgrade script: wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh
4. Follow prompts until the upgrade process on the server is completed.
5. Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")

whats new

• no new features

whats fixed

• a few ext client/ingress issues
  • viewing addresses (UI)
  • when deleting an ingress gateway, ext clients are now removed from peers immediately
  • ext client peers should be populated immediately after creation
  • ext clients no longer reset public key when disabled/enabled
  • can delete an ingress without clients
• removed unnecessary host update
• host nat type is now collected from clients
• fix peer update issue where caclulation was happening to frequently
• nm-quick && nm-upgrade
• EMQX image change && api routes

known issues

• Caddy does not handle netmaker exporter well for EE
• Migration causes a listen port of 0 for some upgraded hosts
• Docker clients can not re-join after deletion
• Innacurate Ext Client Metrics
• Issue with Mac + IPv6 addressing
• Nodes on same local network may not always connect
• List populates egress ranges twice
• If you do NOT set STUN_LIST on server, it could lead to strange behavior on client
• No internet gateways/default routes

v0.18.5

Netmaker v0.18.5

Limitations

• Egress to 0.0.0.0/0 (internet gateways) is currently disabled. Will be re-implemented in a near-future release. If you use or need internet gateways, either stay with 0.17.1, or use the following list of ranges in place of 0.0.0.0/0:
  0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4

• EE should still be considered pre-release, and we do not recommend upgrading yet.

Follow Upgrade Instructions Carefully - You must upgrade server before netclients

1. You must be on v0.17.1 in order to upgrade
2. SSH to your Netmaker server
3. Run the upgrade script: wget https://raw.githubusercontent.com/gravitl/netmaker/release_v0.18.5/scripts/nm-upgrade.sh && chmod +x nm-upgrade.sh && ./nm-upgrade.sh
4. Follow prompts until the upgrade process on the server is completed.
5. Upgrade all netclients using whichever method you prefer. Either download the netclient from the release page or follow the upgrade instructions for your operating system (e.x. "apt-get install netclient")

What's New

• Logic for ext client ACLs (not really usable until new UI is finished)
• Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
  • specify with DEFAULT_PROXY_MODE="on/off/auto"

What's Fixed

• Proxy Peer calculation improvements
• DNS is populated correctly after registration by enrollment key
• Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
• Interface data is sent on netclient register
• Upgrade script
• Latency issue with Node <-> Node Metrics
• Ports set from server for Hosts on register/join are actually used

Known Issues

• Caddy does not handle netmaker exporter well for EE
• Migration causes a listen port of 0 for upgraded hosts
• Docker clients can not re-join after deletion
• Innacurate Ext Client Metrics
• Issue with Mac + IPv6 addressing
• Nodes on same local network may not always connect
• List populates egress ranges twice
• If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.4

Netmaker v0.18.4

Wait till out of pre-release to fully upgrade

whats new

• Logic for ext client ACLs (not really usable until new UI is finished)
• Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default
  • specify with DEFAULT_PROXY_MODE="on/off/auto"

whats fixed

• Proxy Peer calculation improvements
• DNS is populated correctly after registration by enrollment key
• Migrate is functional for Windows/Mac note Ports may be set to 0 after an upgrade, can be adjusted via UI to fix
• Interface data is sent on netclient register
• Upgrade script
• Latency issue with Node <-> Node Metrics
• Ports set from server for Hosts on register/join are actually used

known issues

• Caddy does not handle netmaker exporter well for EE
• Migration causes a listen port of 0 for upgraded hosts
• Docker clients can not re-join after deletion
• Innacurate Ext Client Metrics
• Issue with Mac + IPv6 addressing
• Nodes on same local network may not always connect
• List populates egress ranges twice
• If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.3

Netmaker v0.18.3

Wait till out of pre-release to fully upgrade

whats new

• Forced node deletions, if a host doesn't not receive message to delete a node, you can forcefully remove it by deleting it twice from UI/CLI
  • Allows user to remove orpahned Nodes + Hosts easier
• EMQX ACLs, if using EMQX as broker, ACLs per host will be created, enhancing security around messages
• You can now create ext clients with your own public key, but this feature will not be represented on current UI (new UI on the horizon)
• STUN is now represented as a list including your NM server + 2 we are hosting + 2 of googles (clients will only use 2) for better NAT detection
  • you specify which STUN servers to use with STUN_LIST env variable

whats fixed

• More Peer calculation improvements
• JSON output on list commands for nmctl
• Upgrade script
• Ports set from server for Hosts on register/join are actually used
• CLients
  • More efficient Windows daemon handling
  • Better peer route setting on clients
  • Some commands involving the message queue on client have been fixed
  • NFTables masquerading issue
  • Some logging has been adjusted
  • Migrations on Linux work for 0.17.x - 0.18.3
  • EnrollmentKEys in an HA setup should function fine now
  • Registration by enrollment key on client GUI

known issues

• Network interface routes may be removed after sometime/unintended network update
• Caddy does not handle netmaker exporter well for EE
• Incorrect latency on metrics (EE)
• Swagger docs not up to date
• Lengthy delay when you create an ext client
• issues connecting over IPv6 on Macs
• Nodes on same local network may not always connect
• Netclient GUI shows egress range(s) twice
• DNS entries are not sent after registration with EnrollmentKeys
• If you do NOT set STUN_LIST on server, it could lead to strange behavior on client

v0.18.2

Netmaker v0.18.2

Do not attempt upgrade from 0.17.x quite yet

whats new

• Enrollment Keys, give the ability for an admin to enroll clients into multiple networks, can be unlimited, time, or usage based
• EMQX broker support and better MQTT support in general
  • Now you must specify BROKER_ENDPOINT
  • Also specify SERVER_BROKER_ENDPOINT, if not provided server will connect to broker over BROKER_ENDPOINT
  • Thsi gives ability for user to specify any broker endpoint and use any protocal on clients desired, such as, mqtts://mybroker.com:8083
    (we will still default to wss)

whats fixed

• Fixed default ACL behavior, should work as expected
• Peer calculations enhancement
• main routines share a context and docker stop/ctrl+c give expected results now
• Github workflow edits
• Removed Deprecated Local Network Range from client + server

known issues

• EnrollmentKeys may not function as intended in an HA setup
• If a host does not receive a message to delete a node, it could become orphaned and un-deletable
• Network interface routes may be removed after sometime/unintended network update
• Upgrade script does not handle clients
• Caddy does not handle netmaker exporter well for EE
• Incorrect latency on metrics (EE)
• Swagger docs not up to date

v0.18.1

ATTENTION: Do not attempt to upgrade to 0.18.1. This is for testing purposes only, and will remain in pre-release. Upgrading from a prior version will not succeed. You are welcome to try a fresh install of 0.18.1 for testing purposes, but do not run in production.

What's New

• New Topics in broker for DNS updates

What's Fixed

• Updates to nm-interactive
• Fix to host update endpoint
• Update workflows
• Fixed issue with deleting nodes from default hosts and deleting nodes in general
• nmctl issues around host updates resolved
• pull fixed on netclient
• removed a duplicate peer update
• ext clients have better routing
• ext clients receive egress ranges again
• updates to zombie processing
• logs cleanup
• fixed issue setting correct port for ext clients
• continued work on upgrade script for 0.17 -> 0.18
• more efficient client DNS updates

Known Bugs

• Issues connecting to multiple netmaker servers
• Peer updates sometimes cause disruption in connection
• can not refresh public keys
• can not use 0.0.0.0 egress
• ext clients can not reach an egress range through a relay
• keepalives do not update
• changing mtu has no effect on windows
• peers are not cleared on leaving of last network

v0.18.0

ATTENTION: Do not attempt to upgrade to 0.18.0. This is for testing purposes only, and will remain in pre-release. Upgrading from a prior version will not succeed. You are welcome to try a fresh install of 0.18.0 for testing purposes, but do not run in production.

What's New

• All New Netclient
  • https://github.com/gravitl/netclient
  • Apache 2.0 License
  • Proxy for STUN behind NAT
  • Operates on a single network interface
  • New GUI
  • Automatic client upgrades
    • clients will now track server version
• All New Hosts Functionality
  • Hosts represent machines
  • Nodes represent machines on networks
  • 1 Host --> Many Nodes
  • Hosts can be added to networks via UI
  • Hosts can be made "Default Hosts"
    • Automatically added to any network
    • Relay functionality moved to host level
  • Removed Server Node
  • "Default Host" replaces Server Node functionality
  • Server no longer requires root, wireguard, or special networking permissions
• STUN server on Netmaker
• Ingress and Egress routing now operate without system commands
• Postup/Postdown removed
• Simplified Message Queue
• Removed "Point to Site"
• Health Check endpoint added to server
• Windows installer improved (does not require uninstall)

What's Fixed

• Database Synchronization
• Node expiration works again (set expiration, node deletes)

Known Bugs

• Upgrading to 0.18.0 WILL NOT WORK. Do not attempt it
• If a host becomes a zombie, you cannot delete it
• Local network does not work, will be depricated
• Interface IP disappears sometimes
• Only iptables nodes will work as ingress/egress
• Can't ping ext clients on one Ingress from an ext client on another ingress
• Failover (EE) does not work
• Internet gateway will not work
• GUI doesn't work on linux
• Only AMD architecture is available for FreeBSD
• netclient MSI/exe (Windows) does not default to run as administrator

v0.17.1

Important Note: Upgrade instructions for 0.16.1 --> 0.16.3 and for 0.16.3 -- 0.17.1, can be found here: https://docs.netmaker.org/upgrades.html#upgrade-the-server-after-v0-16-1

Community

What's New

• Just one big item: beta version of nmctl - a CLI tool for Netmaker servers!! Check it out in the release assets below! (Only available for linux-amd64 for now)

What's Fixed

• A lot of code cleanup
• QoL enhancements around different pointers in the code base
• peers are sent more uniformly every update, which should help with netclient caching
• validation for ext-client and node names
• CORS allowed origin issue with default reverse proxy
• A longer netclient daemon startup, which should help netclient not start before DNS services are online in some cases
• an admin can no longer make another admin, a non-admin (but they can delete them still)
• netclients now collect local interfaces and you can select which one to use for your local address via the Admin Dashboard/UI
• removed two unused api endpoints

Known Issues

• unable to ping ext clients from windows
• if node is disconnected via cli and then reconnected via netmaker UI -- peers may take some time to be populated
• IPv6 node public endpoints are not supported
• some users have experienced interrupted connections/packet loss, we are monitoring the situation, but can not replicate currently

EE

What's New

• no additions

What's Fixed

• bug where admin users would change their password in ee and it would make them a non-admin, as a result admins can no longer make other admins non-admins (have to delete them instead)

v0.17.0

Important Note: Upgrade instructions: https://docs.netmaker.org/upgrades.html#upgrade-the-server-after-v0-16-1

Important Note 2: As a result of the switch to Websockets, from mqtt, if you want to stay with traefik as your reverse-proxy of choice, please refer to https://github.com/gravitl/netmaker/blob/5384ff14e2317360fa38ee63cef5ba0809b1f85f/compose/docker-compose.reference.yml and update your compose accordingly!

Community

What's New

• MQ Broker connections are now established via Websockets rather than the MQTT protocol
• Default to Caddy for reverse proxy
• new interactive install script which supports EE installs
• Additional log message if Netmaker fails to connect to DB (thanks @yunginnanet)

What's Fixed

• multiarch release for Netclient docker
• added Netclient support for Mips (thanks @shan100github)
• IPV6 Addressing issue

Known Issues

• unable to ping ext clients from windows
• if node is disconnected via cli and then reconnected via netmaker UI -- peers may take some time to be populated
• IPv6 node public endpoints are not supported

EE

What's New

• no additions

What's Fixed

• moved some controller files into the ee directory in anticipation of license change

v0.16.3

Important Note: Upgrading to 0.16.3 from a release prior to 0.16.1 requires special upgrade instructions.

See here: https://gist.github.com/abhishek9686/287563a848932f59768989f054025b37
Updating from 0.16.1 only requires updating netmaker/netmaker-ui image tags in your docker-compose and installing updated binaries on your clients

Community

What's New

• Everything from v0.16.2 (did not make it out of pre-release)
• Windows GUI search bar (thanks @t4ke0
• better synchronization between broker + netmaker for MQ admin passwords
• support for OpenWrt-mips arch

What's Fixed

• postup command fix
• default postgres username now matches docs
• bug around non-admin user's fetching network data
• bug where making a user an admin would not actually make them an admin

Known Issues

• unable to ping ext clients from windows
• if node is disconnected via cli and then reconnected via netmaker UI -- peers may take some time to be populated

EE

What's New

• no notable EE changes

What's Fixed