Nate Brown
a06977bbd5
Track connections by local index id instead of vpn ip ( #807 )
2023-02-13 14:41:05 -06:00
John Maguire
5bd8712946
Immediately forward packets from self to self on FreeBSD ( #808 )
2023-01-23 15:51:54 -06:00
Tricia
0fc4d8192f
log network as String to match the other log event in interface.go that emits network ( #811 )
...
Co-authored-by: Tricia Bogen <tbogen@slack-corp.com>
2023-01-23 14:05:35 -05:00
Nate Brown
5278b6f926
Generic timerwheel ( #804 )
2023-01-18 10:56:42 -06:00
Nate Brown
c177126ed0
Fix possible panic in the timerwheels ( #802 )
2023-01-11 19:35:19 -06:00
John Maguire
c44da3abee
Make DNS queries case insensitive ( #793 )
2022-12-20 16:59:11 -05:00
John Maguire
b7e73da943
Add note indicating modes have usage text ( #794 )
2022-12-20 16:53:56 -05:00
John Maguire
ff54bfd9f3
Add nebula-cert.exe and cert files to .gitignore ( #722 )
2022-12-20 16:52:51 -05:00
John Maguire
b5a85a6eb8
Update example config with IPv6 note for allow lists ( #742 )
2022-12-20 16:50:02 -05:00
Fabio Alessandro Locati
3ae242fa5f
Add nss-lookup to the systemd wants ( #791 )
...
* Add nss-lookup to the systemd wants to ensure DNS is running before starting nebula
* Add Ansible & example service scripts
* Fix #797
* Align Ansible scripts and examples
Co-authored-by: John Maguire <contact@johnmaguire.me>
2022-12-19 14:42:07 -05:00
Fabio Alessandro Locati
cb2ec861ea
Nebula is now in Fedora official repositories ( #719 )
2022-12-19 14:40:53 -05:00
John Maguire
a3e6edf9c7
Use config.yml consistently (not config.yaml) ( #789 )
2022-12-19 11:45:15 -06:00
John Maguire
ad7222509d
Add a link to mobile nebula in the new issue form ( #790 )
2022-12-19 11:28:49 -06:00
Caleb Jasik
12dbbd3dd3
Fix typos found by https://github.com/crate-ci/typos ( #735 )
2022-12-19 11:28:27 -06:00
John Maguire
ec48298fe8
Update config to show aes cipher instead of chacha ( #788 )
2022-12-07 11:38:56 -06:00
Ian VanSchooten
77769de1e6
Docs: Update doc links ( #751 )
...
* Update documentation links
* Update links
2022-11-29 11:32:43 -05:00
Alexander Averyanov
022ae83a4a
Fix typo: my -> may ( #758 )
2022-11-28 13:59:57 -05:00
Wade Simmons
d4f9500ca5
Update dependencies (2022-11) ( #780 )
...
* update dependencies
Update to latest dependencies on Nov 21, 2022.
Here are the diffs for deps that actually end up in the binaries (based
on `go version -m`)
Updated github.com/imdario/mergo https://github.com/imdario/mergo/compare/v0.3.12...v0.3.13
Updated github.com/matttproud/golang_protobuf_extensions https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.1...v1.0.4
Updated github.com/miekg/dns https://github.com/miekg/dns/compare/v1.1.48...v1.1.50
Updated github.com/prometheus/client_golang https://github.com/prometheus/client_golang/compare/v1.12.1...v1.14.0
Updated github.com/prometheus/client_model https://github.com/prometheus/client_model/compare/v0.2.0...v0.3.0
Updated github.com/prometheus/common https://github.com/prometheus/common/compare/v0.33.0...v0.37.0
Updated github.com/prometheus/procfs https://github.com/prometheus/procfs/compare/v0.7.3...v0.8.0
Updated github.com/sirupsen/logrus https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0
Updated github.com/vishvananda/netns https://github.com/vishvananda/netns/compare/50045581ed74...v0.0.1
Updated golang.org/x/crypto https://github.com/golang/crypto/compare/ae2d96664a29...v0.3.0
Updated golang.org/x/net https://github.com/golang/net/compare/749bd193bc2b...v0.2.0
Updated golang.org/x/sys https://github.com/golang/sys/compare/289d7a0edf71...v0.2.0
Updated golang.org/x/term https://github.com/golang/term/compare/03fcf44c2211...v0.2.0
Updated google.golang.org/protobuf v1.28.0...v1.28.1
* test that mergo merges like we expect
2022-11-23 10:46:41 -05:00
brad-defined
9a8892c526
Fix 756 SSH command line parsing error to write to user instead of stderr ( #757 )
2022-11-22 20:55:27 -06:00
brad-defined
813b64ffb1
Remove unused variables from connection manager ( #677 )
2022-11-15 20:33:09 -06:00
John Maguire
85f5849d0b
Fix a hang when shutting down Android ( #772 )
2022-11-11 10:18:43 -06:00
Wade Simmons
9af242dc47
switch to new sync/atomic helpers in go1.19 ( #728 )
...
These new helpers make the code a lot cleaner. I confirmed that the
simple helpers like `atomic.Int64` don't add any extra overhead as they
get inlined by the compiler. `atomic.Pointer` adds an extra method call
as it no longer gets inlined, but we aren't using these on the hot path
so it is probably okay.
2022-10-31 13:37:41 -04:00
Wade Simmons
a800a48857
v1.6.1 ( #752 )
...
Update CHANGELOG for Nebula v1.6.1
2022-09-26 13:38:18 -04:00
Nate Brown
4c0ae3df5e
Refuse to process double encrypted packets ( #741 )
2022-09-19 12:47:48 -05:00
Nate Brown
feb3e1317f
Add a simple benchmark to e2e tests ( #739 )
2022-09-01 09:44:58 -05:00
Jon Rafkind
c2259f14a7
explicitly reload config from ssh command ( #725 )
2022-08-08 12:44:09 -05:00
Nate Brown
b1eeb5f3b8
Support unsafe_routes on mobile again ( #729 )
2022-08-05 09:58:10 -05:00
Nate Brown
2adf0ca1d1
Use issue templates to improve bug reports ( #726 )
2022-07-29 12:57:05 -05:00
Nate Brown
92dfccf01a
v1.6.0 ( #701 )
...
Update CHANGELOG for Nebula v1.6.0
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com>
2022-06-30 16:15:18 -04:00
brad-defined
38e495e0d2
Remove EXPERIMENTAL text from routines example config. ( #702 )
2022-06-30 11:20:41 -04:00
brad-defined
78a0255c91
typeos ( #700 )
2022-06-29 11:19:20 -04:00
brad-defined
169cdbbd35
Immediately forward packets received on the nebula TUN device from self to self ( #501 )
...
* Immediately forward packets received on the nebula TUN device with a destination of our Nebula VPN IP right back out that same TUN device on MacOS.
2022-06-27 14:36:10 -04:00
Nate Brown
0d1ee4214a
Add relay e2e tests and output some mermaid sequence diagrams ( #691 )
2022-06-27 12:33:29 -05:00
Wade Simmons
7b9287709c
add listen.send_recv_error config option ( #670 )
...
By default, Nebula replies to packets it has no tunnel for with a `recv_error` packet. This packet helps speed up re-connection
in the case that Nebula on either side did not shut down cleanly. This response can be abused as a way to discover if Nebula is running
on a host though. This option lets you configure if you want to send `recv_error` packets always, never, or only to private network remotes.
valid values: always, never, private
This setting is reloadable with SIGHUP.
2022-06-27 12:37:54 -04:00
Wade Simmons
85ec807b7e
reserve NebulaHandshakeDetails fields for multiport ( #674 )
...
We are currently testing changes for multiport (related to #497 ) that
use fields 6 and 7 in the protobuf. Reserved these fields so that when
we eventually open the PR we are backwards compatible with any future
changes.
2022-06-27 12:07:05 -04:00
John Maguire
a0b280621d
Remove firewall.conntrack.max_connections from examples ( #684 )
2022-06-23 10:29:54 -05:00
Caleb Jasik
527f953c2c
Remove x509 config loading code ( #685 )
2022-06-23 10:27:34 -05:00
brad-defined
1a7c575011
Relay ( #678 )
...
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
2022-06-21 13:35:23 -05:00
Don Stephan
332fa2b825
fix panic in handleInvalidCertificate ( #675 )
...
* fix panic in handleInvalidCertificate
when HandleMonitorTick fires, the hostmap can be nil which causes a panic to occur when trying to clean up the hostmap in handleInvalidCertificate. This fix just stops the invalidation from continuing if the hostmap doesn't exist.
* removed conditional for disconnectInvalid in HandleDeletionTick
2022-05-16 13:29:57 -04:00
Wade Simmons
45d1d2b6c6
Update dependencies - 2022-04 ( #664 )
...
Updated github.com/kardianos/service https://github.com/kardianos/service/compare/v1.2.0...v1.2.1
Updated github.com/miekg/dns https://github.com/miekg/dns/compare/v1.1.43...v1.1.48
Updated github.com/prometheus/client_golang https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1
Updated github.com/prometheus/common https://github.com/prometheus/common/compare/v0.32.1...v0.33.0
Updated github.com/stretchr/testify https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1
Updated golang.org/x/crypto 5770296d90...ae2d96664a
Updated golang.org/x/net 69e39bad7d...749bd193bc
Updated golang.org/x/sys 7861aae155...289d7a0edf
Updated golang.zx2c4.com/wireguard/windows v0.5.1...v0.5.3
Updated google.golang.org/protobuf v1.27.1...v1.28.0
2022-04-18 12:12:25 -04:00
Wade Simmons
3913062c43
build and test with go1.18 ( #656 )
...
- https://go.dev/doc/go1.18
2022-04-05 17:08:00 -04:00
Wade Simmons
b38bd36766
fix connection manager check when disconnect_invalid set ( #658 )
...
This restores the hostMap.QueryVpnIP block to how it looked before #370
was merged. I'm not sure why the patch from #370 wanted to continue on
if there was no match found in the hostmap, since there isn't anything
to do at that point (the tunnel has already been closed).
This was causing a crash because the handleInvalidCertificate check
expects the hostinfo to be passed in (but it is nil since there was no
hostinfo in the hostmap).
Fixes : #657
2022-04-04 13:38:36 -04:00
Nate Brown
d85e24f49f
Allow for self reported ips to the lighthouse ( #650 )
2022-04-04 12:35:23 -05:00
bitshop
7672c7087a
Add to build all windows-arm64 / bin-windows-arm64 build option ( #638 )
...
* Add to build all windows-arm64 / bin-winarm64 builds
* update release to build for windows-arm64
* cleanup
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
2022-03-18 13:23:10 -04:00
Caleb Jasik
730a5c4a23
Update link to nebula docs ( #655 )
2022-03-18 11:15:16 -04:00
brad-defined
03498a0cb2
Make nebula advertise its dynamic port to lighthouses ( #653 )
2022-03-15 18:03:56 -05:00
Nate Brown
312a01dc09
Lighthouse reload support ( #649 )
...
Co-authored-by: John Maguire <contact@johnmaguire.me>
2022-03-14 12:35:13 -05:00
Nate Brown
bbe0a032bb
Fix windows unsafe_routes regression ( #648 )
2022-03-09 13:23:29 -06:00
Wade Simmons
b5b9d33ee7
v1.5.2 ( #612 )
...
Update CHANGELOG for Nebula v1.5.2
2021-12-14 16:48:56 -05:00
Wade Simmons
e434ba6523
fix unsafe routes darwin ( #610 )
...
With Nebula 1.4.0, if you create an unsafe_route that has a collision with an existing route on the system, the unsafe_route will be silently dropped (and the existing system route remains).
With Nebula 1.5.0, this same situation will cause Nebula to fail to start with an error (EEXIST).
This change restores the Nebula 1.4.0 behavior (but with a WARN log as well).
2021-12-14 11:52:49 -05:00