netbird

This release brings Always-on VPN connectivity to the android app. To enable always for the NetBird app, you first need to go to your Network & Internet settings -> Advanced -> Check the gear icon for the NetBird app and enable always-on VPN.

A new dashboard version has been released with support for group management and quick group update for peers, users, and setup-keys.

Now you can edit groups for all resources from the main view:

You can remove groups that are not in use by other resources in the settings view:

What's Changed

• Fix/always on boot by @pappz in https://github.com/netbirdio/netbird/pull/1062
• Route manager error handling by @pappz in https://github.com/netbirdio/netbird/pull/1073
• Update client Dockerfile to use Alpine as base image by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1078

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.22.3...v0.22.4

What's Changed

• Fix/ebpf free by @pappz in https://github.com/netbirdio/netbird/pull/1057
• Autopropagate peers by JWT groups by @gigovich in https://github.com/netbirdio/netbird/pull/1037
• Rename eBPF program to reflect better to NetBird by @pappz in https://github.com/netbirdio/netbird/pull/1063
• Fix input reading for NetBird domain in getting-started-with-zitadel.sh by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1064

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.22.2...v0.22.3

What's Changed

• Handle conn store in thread safe way by @pappz in https://github.com/netbirdio/netbird/pull/1047
• Add getting started script with Zitadel by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1005
• Fix error handling in iptables initialization by @pappz in https://github.com/netbirdio/netbird/pull/1051
• Update getting started docs by @braginini in https://github.com/netbirdio/netbird/pull/1049
• Add features links to the features table in README by @braginini in https://github.com/netbirdio/netbird/pull/1052
• After add listener automatically trigger peer list change event by @pappz in https://github.com/netbirdio/netbird/pull/1044
• Validate input of expiration time for setup-keys by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1053

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.22.1...v0.22.2

What's Changed

• Update setup key auto_groups description by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1042
• Revert changes for systemd by @pascal-fischer in https://github.com/netbirdio/netbird/pull/1046

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.22.0...v0.22.1

In this release, we are adding support to the PKCE authentication flow for NetBird's client software. Most identity providers support this flow, effectively bringing SSO support to Azure AD and Google Workspace deployments. You can review the updated configuration for these providers at https://docs.netbird.io/selfhosted/identity-providers

Another highlight of this release is using eBPF to reduce the number of ports used in the proxy between the kernel Wireguard interface and our ICE agent for relayed connections. This is an initial step towards using more efficient resource utilization.

To use eBPF proxy in more restricted environments like docker containers or Nix OS, we need to add the following permissions: --cap-add=SYS_ADMIN and --cap-add=SYS_RESOURCE .
If client don't have these permissions, it will fallback to the previous proxy mode with one port listener per relay connection.

Lastly, a better DNS handling is included for file resolver and macOS DNS, now we are failing over to existing local DNS addresses when there is a connectivity issue.

Management

• Add PKCE authorization flow support (#1012)

Client

• Add eBPF proxy for relayed connections (#911)
• Add PKCE authorization flow support (#1012)
• Keep system nameservers as DNS fallback (#1036)

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.11...v0.22.0

What's Changed

• Fix DefaultAccountManager GetGroupsFromTheToken false positive tests by @surik in https://github.com/netbirdio/netbird/pull/1019
• Use error level for JWT parsing error logs by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1026
• Add default forward rule by @pappz in https://github.com/netbirdio/netbird/pull/1021
• Record idp manager type by @mlsmaycon in https://github.com/netbirdio/netbird/pull/1027
• Feat optimize acl performance iptables by @gigovich in https://github.com/netbirdio/netbird/pull/1025

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.10...v0.21.11

What's Changed

• Fix nfset not binds to the rule by @gigovich in https://github.com/netbirdio/netbird/pull/1024

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.9...v0.21.10

What's Changed

• Fix broken links in README.md by @surik in https://github.com/netbirdio/netbird/pull/992
• Add API Endpoint for Resending User Invitations in Auth0 by @bcmmbaga in https://github.com/netbirdio/netbird/pull/989
• Remove unused netbird UI dependencies by @bcmmbaga in https://github.com/netbirdio/netbird/pull/1007
• Improve userspace filter performance by @pascal-fischer in https://github.com/netbirdio/netbird/pull/991
• Fix pre-shared key not persistent by @bcmmbaga in https://github.com/netbirdio/netbird/pull/1011
• FIx error on ip6tables not available by @pascal-fischer in https://github.com/netbirdio/netbird/pull/999
• Check links of groups before delete it by @pappz in https://github.com/netbirdio/netbird/pull/1010
• Feature/permanent dns by @pappz in https://github.com/netbirdio/netbird/pull/967
• Optimize ACL performance by @gigovich in https://github.com/netbirdio/netbird/pull/994
• Sync the iptables/nftables usage with acl logic by @pappz in https://github.com/netbirdio/netbird/pull/1017
• Do not persist filestore when deleting indices by @surik in https://github.com/netbirdio/netbird/pull/1016
• Fix Okta IDP device authorization by @bcmmbaga in https://github.com/netbirdio/netbird/pull/1023

New Contributors

• @surik made their first contribution in https://github.com/netbirdio/netbird/pull/992

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.8...v0.21.9

This release brings improvements to the Network Routes UI/UX simplifying the visualization and routes creation.

You can also add route from the peer details view

And easily configure network routes high availability

What's Changed

• Refactor: Configurable supported scopes by @mlsmaycon in https://github.com/netbirdio/netbird/pull/985
• Automatically add groups from JWT by @gigovich in https://github.com/netbirdio/netbird/pull/966
• Don't create setup keys on new account by @braginini in https://github.com/netbirdio/netbird/pull/972
• Fix ssh connection freeze by @pascal-fischer in https://github.com/netbirdio/netbird/pull/983
• Prevent sending nameserver configuration when peer is set as NS by @mlsmaycon in https://github.com/netbirdio/netbird/pull/962

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.7...v0.21.8

What's Changed

• Fix use wrapped device in windows by @gigovich in https://github.com/netbirdio/netbird/pull/981

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.6...v0.21.7

What's Changed

• Fix disabled DNS resolver fail by @gigovich in https://github.com/netbirdio/netbird/pull/978

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.5...v0.21.6

This release improves the network routes features, a new IDP provider, and bug fixes.

Before this release, if you had a local peer range like 192.168.0.0/16 and a network route with 192.168.0.0/24, the NetBird client (agent) wouldn't apply it to the as it couldn't verify if the existing range matched the incoming route. Now the agent validates that and is able to configure this route, it also checks if the peer's default gateway is not part of the incoming route, to avoid any disconnection.

Another highlight is the integration with Google Workspace IDP; Now, you can directly use Google's Oauth2 with our management system. See docs at https://docs.netbird.io/selfhosted/identity-providers#google-workspace

Changelog summary

Management

• Add Google Workspace IdP by @bcmmbaga in https://github.com/netbirdio/netbird/pull/949

Client

• Refactor check logic when adding routes (#945)
• Reduce the peer status notifications (#956)
• ACL firewall manager fix/improvement (#970)

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.4...v0.21.5

What's Changed

• Fix/dns initialization by @pappz in https://github.com/netbirdio/netbird/pull/954
• Update the API description with the correct API state by @mlsmaycon in https://github.com/netbirdio/netbird/pull/958
• Fix: Skip state notification should use a copy of the previous peer state by @mlsmaycon in https://github.com/netbirdio/netbird/pull/960

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.3...v0.21.4

What's Changed

• Fix for https://github.com/netbirdio/netbird/issues/951. Use different initialize order for DNS resolver in android/nonandroid… by @gigovich in https://github.com/netbirdio/netbird/pull/952

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.2...v0.21.3

What's Changed

• Feat fake dns address by @gigovich in https://github.com/netbirdio/netbird/pull/902
• Eliminate default trace log level on mobile by @pappz in https://github.com/netbirdio/netbird/pull/942
• Remove the number of status notifications on disconnected peers by @mlsmaycon in https://github.com/netbirdio/netbird/pull/946
• Add app restart to brew installer by @pascal-fischer in https://github.com/netbirdio/netbird/pull/944
• Feature/android dns by @pappz in https://github.com/netbirdio/netbird/pull/943
• Decouple docs generation by @pascal-fischer in https://github.com/netbirdio/netbird/pull/941

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.1...v0.21.2

What's Changed

• Struct Engine has methods on both value by @pappz in https://github.com/netbirdio/netbird/pull/934
• Import go mobile bind at the android package level by @mlsmaycon in https://github.com/netbirdio/netbird/pull/935
• Add trigger for docs generation to release workflow by @pascal-fischer in https://github.com/netbirdio/netbird/pull/931
• Fix validation for ACL policy rules ports by @gigovich in https://github.com/netbirdio/netbird/pull/938
• Stop macOS app and service on update with pkg and brew by @pascal-fischer in https://github.com/netbirdio/netbird/pull/937
• Remove unused field from peer state by @pappz in https://github.com/netbirdio/netbird/pull/939
• Fix routes allow acl rule by @gigovich in https://github.com/netbirdio/netbird/pull/940
• Support authentication with client_secret by @bcmmbaga in https://github.com/netbirdio/netbird/pull/936

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.21.0...v0.21.1

Release Notes

The new version introduces source port and protocol Access control, integration with different Identity Providers, and refactored the Setup-keys dashboard screen. We are changing setup-keys' behavior by displaying them only at creation time.

In previous weeks we released a new version of our documentation website, which included our public API docs.

Source port and protocol access control

You can add access control rules based on the source port and protocol. This feature is useful when you want to access a specific port or protocol; for example, you can allow access to port 80 (HTTP) only from a specific group of peers.

Currently, directional rules (source to destination) are available only to UDP and TCP protocols.

The feature is available on all platforms, read more at https://docs.netbird.io/how-to/manage-network-access#managing-rules

Identity Providers

We have added better integration with various IDP providers, now you will have a map between user IDs and email address from your IDP of choice. This feature is useful when you want to manage an auto-grouping or role of a specific user.

Currently, we support the following IDPs:

• Azure AD
• Okta
• Keycloak
• Authentik
• Zitadel
• Auth0

See the documentation for more information.

Google support is in the works and will be available soon.

Setup-keys

New setup-key popup:

Display once setup-key:

New setup-keys view:

New Documentation website and API docs live

In case you missed it, we have released a new version of our documentation site (https://docs.netbird.io), which includes a new design, with dark mode support, search bar and our public API documentation (https://docs.netbird.io/api).

Happy hacking the API!

Changelog summary

Management

• Refactor IdP Config Structure (#879)
• Add Authentik IdP (#897)
• Add Okta IdP (#859)
• Support IDP manager configuration with configure.sh (#843)

Client

• Add force relay conn env var for debug purpose (#904)
• Fix connection listener (#777)
• Feat firewall support (#805)
• Feature/android route notification (#868)
• Add selfhosted metrics for PATs and service users (#913)

Dashboard

• Add pkg installer to MacOS Popup (https://github.com/netbirdio/dashboard/pull/188)
• Access control rules with source port and protocol support (https://github.com/netbirdio/dashboard/pull/163)
• update setup key edit layout (https://github.com/netbirdio/dashboard/pull/190)
• Show setupkey once on creation (https://github.com/netbirdio/dashboard/pull/191)

Misc

• Fix Github release dependency for MacOS (#908)
• Added nginx template proxy (#867)

Big thanks to our new contributors

• @TomRomeo made their first contribution in (#867)
• @saroojbkhari made their first contribution in (https://github.com/netbirdio/dashboard/pull/190)

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.20.7...v0.21.0

• Prevent peer updates if the status is not changing from disconnected to connected and vice versa.
• Fixed route score calculation, added tests and changed the log message
• Fixed installer /usr/local/bin creation

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.20.7...v0.20.8

Fix the wrong installer log path

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.20.5...v0.20.7

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.20.5...v0.20.6