Nebula v1.2.0 Release Notes
Release Date: 2020-04-08 // about 4 years ago-
โ Added
โ Add
logging.timestamp_format
config option. The primary purpose of this
๐ change is to allow logging timestamps with millisecond precision. (#187)๐ Support
unsafe_routes
on Windows. (#184)๐ Add
lighthouse.remote_allow_list
to filter which subnets we will use to
๐ handshake with other hosts. See the example config for more details. (#217)๐ Add
lighthouse.local_allow_list
to filter which local IP addresses and/or
๐ interfaces we advertise to the lighthouses. See the example config for more
details. (#217)๐ Wireshark dissector plugin. Add this file in
dist/wireshark
to your
๐ Wireshark plugins folder to see Nebula packet headers decoded. (#216)systemd unit for Arch, so it can be built entirely from this repo. (#216)
๐ Changed
โ Added a delay to punching via lighthouse signal to deal with race conditions
๐ง in some linux conntrack implementations. (#210)๐ See deprecated, this also adds a new
punchy.delay
option that defaults to1s
.Validate all
lighthouse.hosts
andstatic_host_map
VPN IPs are in the
subnet defined in our cert. Exit with a fatal error if they are not in our
๐ง subnet, as this is an invalid configuration (we will not have the proper
routes set up to communicate with these hosts). (#170)๐ Use absolute paths to system binaries on macOS and Windows. (#191)
โ Add configuration options for
handshakes
. This includes options to tweak
try_interval
,retries
andwait_rotation
. See example config for
descriptions. (#179)๐ Allow
-config
file to not end in.yaml
oryml
. Useful when using
โ-test
and automated tools like Ansible that create temporary files without
๐ suffixes. (#189)โ The config test mode,
-test
, is now more thorough and catches more parsing
issues. (#177)๐ Various documentation and example fixes. (#196)
๐ Improved log messages. (#181, #200)
โก๏ธ Dependencies updated. (#188)
๐ Deprecated
๐ง
punchy
,punch_back
configuration options have been collapsed under the
now top levelpunchy
config directive. (#210)punchy.punch
- This is the oldpunchy
option. Should we perform NAT hole
0๏ธโฃ punching (default false)?punchy.respond
- This is the oldpunch_back
option. Should we respond to
0๏ธโฃ hole punching by hole punching back (default false)?๐ Fixed
โฌ๏ธ Reduce memory allocations when not using
unsafe_routes
. (#198)Ignore packets from self to self. (#192)
๐ MTU fixed for
unsafe_routes
. (#209)