v0.28.1

What's Changed

• Fix windows route zones by @lixmal in #2164
• Fix dns route retrieval condition by @lixmal in #2165

Full Changelog: v0.28.0...v0.28.1

v0.28.0

Release notes

This release brings support to new and exiting features like DNS routes, enhancements that simplify site-2-site configurations, bug fixes and a deprecation notice.

We are deprecating FileStore engine support and users should update their backup scripts as this new version will automatically migrate the data to the new SQLite engine.

New features

DNS routes

This new functionality enables NetBird users to configure routes using domain names instead of IP ranges. This enhancement is particularly beneficial for routing traffic to load balancers, managed databases, and maintaining security for restricted sites behind CDNs with ease and precision.

Learn more at DNS routes

Process posture check

Process posture check is a new feature that allows users to define a set of processes that must be running on a device before connecting to the network. This feature is useful when you want to control access based on the processes running on a device. For example, you can disable a connection to a routing peer when a specific process is not running.

Learn more at Process check

Initial support of FreeBSD

We are happy to present an experimental support release for the FreeBSD operating system. This feature, made possible by a valuable community contribution from member @skillcoder, aims to introduce early functionality for FreeBSD. Please note that this version is still in its initial stages and may contain bugs or incomplete elements.

Official builded binaries are coming in the next releases.

Enhancements:

Network monitor is enable by default for new Windows and macOS clients

The network monitor watches for changes on the peers' network interfaces and restarts the connection when necessary. This is useful when roaming between networks where your default gateway changes frequently. Existing Windows, macOS and Linux users can enable this feature by adding the -N flag to the netbird up command:

netbird down
netbird up -N

Use 0.0.0.0/0 as source for network routes firewall rules

Previously routing peers would add the NetBird address as source in the network routes firewall rules, making site-2-site configurations more complex since administrators would need to add new firewall rules to connect their internal networks via a pair of routing peers. With this enhancement, the routing peers will use 0.0.0.0/0 as source in the network routes firewall rules, simplifying the configuration process by leaving only internal routers to be configured.

Add GUI client configuration options

We have added new configuration options to the client UI to allow users to configure the client without the need to edit the configuration file or CLI commands. This enhancement is particularly useful for users who prefer to use the client UI to configure the client.

Systray:

Advanced settings window:

Deprecations:

FileStore engine support removed

The FileStore engine support has been deprecated in this release. When upgrading to 0.28.0, the service will automatically migrate the data to the new SQLite engine.
Users that backup the store.json file directly should update their scripts to use the new SQLite store file store.db.

If you prefer to evaluate performance prior upgrading to 0.28.0, please review the manual migrations steps from the Management SQLite store page.

What's Changed

• Add FindExistingPostureCheck (#2075)
• Fix PKCE auth html (#2079)
• Improve login performance (#2061)
• Fill the UI version info in system meta on Android (#2077)
• Prevent using expired ctx when sending metrics (#2088)
• Ignore candidates whose IP falls into a routed network (#2084)
• Add missing openid scope when requesting JWT token in Zitadel (#2089)
• Remove unused variables from peer conn (#2074)
• Respect env for debug and routes sub commands (#2026)
• Do not use SO_MARK in case of netstack mode. (#2104)
• Use forked go-netroute (#2115)
• Add basic signal metrics (#2107)
• Optimize JWT Group Sync (#2108)
• Prevent building test code for client (#2125)
• Deprecate FileStore engine support (#2119)
• compile client under freebsd (#1620)
• Add DNS routes (#1943)
• Add process posture check (#1693)
• Fix checkFileAndProcess function on FreeBSD (#2128)
• Enable network monitoring for Windows and macOS clients (#2126)
• Add freebsd test workflow (#2127)
• fix network monitor ref check (#2133)
• Allow candidates on local routes if more specific than vpn routes (#2097)
• Trim new line char from Android version (#2147)
• Fix capacity of slice (#2148)
• Fix store migration on empty string (#2149)
• Use any as source for the firewall for routed networks (#2134)
• Update configuration options for client UI (#2139)
• Process routes before peers (#2105)
• Remove whitespace at the end of a line (#2152)

Big thanks to our community contributors

• @glaeqen made their first contribution in (#2089)
• @Yxnt made their first contribution in (#2152)
• @evgenii made their first contribution in (#1620)
• @juliaroesschen made their first contribution in netbirdio/docs#198
• @scudelletti made their first contribution in netbirdio/docs#194
• @vladislav-kuznetsov-newhomesmate made their first contribution in netbirdio/docs#189

Full Changelog: v0.27.10...v0.28.0

v0.27.10

What's Changed

• Use info log-level for firewall manager discover by @mlsmaycon in #2045
• Restore netbird state and log level after debug by @lixmal in #2047
• Extend integrated validator with error handling by @pappz in #2044
• Remove extra error mapping by @mlsmaycon in #2050
• fix a typo in CODE_OF_CONDUCT.md by @mlsmaycon in #2048
• Refactor firewall manager check by @mlsmaycon in #2054
• Upgrade gRPC and OpenTelemetry packages for compatibility by @bcmmbaga in #2003
• Don't allow delete group from peer groups by @mlsmaycon in #2055
• Add extra logs for account not found, peer login and getAccount by @mlsmaycon in #2053

Full Changelog: v0.27.9...v0.27.10

v0.27.9

What's Changed

• Revert "Accept any XDG_ environment variable to determine desktop" by @mlsmaycon in #2042

Full Changelog: v0.27.8...v0.27.9

v0.27.8

What's Changed

• CentOS installations might have "apt" as "annotation processing tool"… by @thorleifjacobsen in #1955
• Add installer support for Synology by @bcmmbaga in #1984
• Implement PostgreSQL store support by @bcmmbaga in #1939
• Refactor network monitor to wait for stop by @lixmal in #1992
• Enable nameserver deactivation if unresponsive on iOS by @pascal-fischer in #1982
• Increase garbage collection on ios by @pascal-fischer in #1981
• Update the GUI status when the daemon is unavailable by @mlsmaycon in #2012
• Gracefully conn worker shutdown by @pappz in #2022
• Store location information in peer event meta by @mlsmaycon in #1994
• Add dummy ipv6 to macos interface by @lixmal in #2025
• use the next available port for Wireguard by @mattkasun in #2024
• Increase the status checks timeout by @mlsmaycon in #2033
• Accept any XDG_ environment variable to determine desktop by @mlsmaycon in #2037
• Fix the initial daemon retry interval by @mlsmaycon in #2036
• Return the proper error when a peer is deleted by @mlsmaycon in #2035
• Enhance firewall manager checks to detect unsupported iptables by @mlsmaycon in #2038
• Log global lock acquisition per user by @mlsmaycon in #2039

New Contributors

• @thorleifjacobsen made their first contribution in #1955
• @mattkasun made their first contribution in #2024

Full Changelog: v0.27.7...v0.27.8

v0.27.7

Fixes an issue with Linux nodes that had to use relay with eBPF for connectivity where reconnections caused the proxy to stop forwarding packets.

What's Changed

• Don't cancel proxy context on conn close by @lixmal in #1986

Full Changelog: v0.27.6...v0.27.7

v0.27.6

What's Changed

• Fix typo in systemd .service files by @ishanarora in #1972
• Fix lost root zone handler by @mlsmaycon in #1975

New Contributors

• @ishanarora made their first contribution in #1972

Full Changelog: v0.27.5...v0.27.6

v0.27.5

What's Changed

• Update the check interval for new geo db and change log level by @mlsmaycon in #1908
• Fix best route selection by @pascal-fischer in #1903
• Ignore cloned routes on bsd by @lixmal in #1915
• Refactor Route IDs by @lixmal in #1891
• Return system serial on a peer HTTP API call by @braginini in #1929
• Fix removeAllowedIP by @hurricanehrndz in #1913
• Fix resolv.conf repairer logic by @pappz in #1931
• Remove comments from iptables commands by @pappz in #1928
• Fix a panic when management is behind an invalid proxy by @mlsmaycon in #1930
• Retry reading routing table (bsd) by @hurricanehrndz in #1914
• Feature/exit node Android by @pappz in #1916
• Migrate blob net ip fields to json serializer by @bcmmbaga in #1906
• Improve Sync performance by @pascal-fischer in #1901
• Monitor network changes by @lixmal in #1904
• unify Config generation, loading and updating by @nazarewk in #1586
• Fix windows route exec path by @bcmmbaga in #1946
• Add route selection to iOS by @pascal-fischer in #1944

Full Changelog: v0.27.4...v0.27.5

v0.27.4

What's Changed

• Pass integrated validator for API by @pappz in #1814
• Use fixed activity codes by @lixmal in #1846
• Fix ICE endpoint remote port in status by @lixmal in #1851
• Migrate serializer:gob fields to serializer:json by @lixmal in #1855
• Use a better way to insert data in batches by @braginini in #1874
• Copy client binary to a directory in path by @mlsmaycon in #1842
• Update README.md by @braginini in #1821
• Redeem invite only when incoming user was invited by @mlsmaycon in #1861
• Add support for GUI app to display error by @mlsmaycon in #1844
• Fix DNS not found query response by @mlsmaycon in #1877
• Bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #1867
• Feature/route selection by @lixmal in #1865
• Add account locks to getAccountWithAuthorizationClaims method by @pascal-fischer in #1847
• Support exit nodes on iOS by @pascal-fischer in #1878
• Add retry to IdP cache lookup by @pascal-fischer in #1882
• Support rosenpass on iOS by @pascal-fischer in #1879
• Fix incorrect response content-type header by @bcmmbaga in #1887
• Replace powershell with route command by @lixmal in #1880
• Add client debug features by @lixmal in #1884
• Check if channel exist before sending network map by @mlsmaycon in #1894
• Fix route selection IDs by @lixmal in #1890

Full Changelog: v0.27.3...v0.27.4

v0.27.3

What's Changed

• Allow owners that did not create the account to delete it by @mlsmaycon in #1825
• Rename variable by @pappz in #1829
• Don't use the custom dialer as non-root by @lixmal in #1823
• Routes is a map, employing safe read/writes ops by @hurricanehrndz in #1760
• Use route active store by @lixmal in #1834
• Use fixed prefs by @lixmal in #1836
• Allow disabling custom routing by @lixmal in #1840
• Add sysctl opts to prevent reverse path filtering from dropping fwmark packets by @lixmal in #1839

New Contributors

• @hurricanehrndz made their first contribution in #1760

Full Changelog: v0.27.2...v0.27.3