Wade Simmons
448f06a378
Merge remote-tracking branch 'origin/master' into multiport
2026-05-27 22:24:53 -04:00
Nate Brown
696903d6d9
Add a way to set the network type on windows + tests ( #1710 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / freebsd-amd64 (push) Failing after 2s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 3s
smoke-extra / netbsd-amd64 (push) Failing after 3s
smoke-extra / openbsd-amd64 (push) Failing after 3s
smoke-extra / linux-386 (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
smoke-extra / Run windows smoke test (push) Has been cancelled
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-07 20:17:38 -05:00
Nate Brown
213dd46588
Stop leaking goroutines past Control.Stop, consolidate punching in Punchy ( #1708 )
2026-05-06 16:21:16 -05:00
Wade Simmons
2f50b3c54f
Merge remote-tracking branch 'origin/master' into multiport
2026-05-06 14:26:49 -04:00
Nate Brown
1ab1f71dba
Make stats a server we can reconfigure and start/stop ( #1670 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-04-27 12:25:24 -05:00
Nate Brown
d0f02ba873
Switch to slog, remove logrus ( #1672 )
2026-04-27 09:41:47 -05:00
Jay R. Wren
f8587956ba
add sshd.sandbox_dir config option ( #1622 )
...
* add sshd.sandbox_dir config option
Sanitize SSH profile paths (ssh.go:514,683,719) — restrict os.Create(a[0]) to a safe directory.
Add a config option in the config file to specify the sandbox directory. For backwards compatibility, if the config is not specified, keep the current behavior.
* update default and example
* use os.TempDir() for sshd.sandbox_dir default
* split sandbox path validation into separate conditionals
Separate the combined && check in sshSanitizeFilePath into two distinct
conditionals with specific error messages: one for paths resolving to the
sandbox directory itself, and one for paths outside the sandbox.
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com >
* fix: trim leading zeros from p256 signature swap result
bigmod.Nat.Bytes() returns fixed-size 32-byte slices, but ASN.1 INTEGER
parsing strips leading zeros. This caused a flaky test failure (~1/256
chance) when the S value's high byte was zero.
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com >
---------
Co-authored-by: Claude <svc-devxp-claude@slack-corp.com >
2026-04-03 09:37:18 -04:00
Jack Doan
353ad1f271
firewall: icmp no longer requires a port spec ( #1609 )
2026-02-13 11:10:40 -06:00
Wade Simmons
0824035906
Merge remote-tracking branch 'origin/master' into multiport
2026-01-21 10:58:11 -05:00
Nate Brown
1283ff0db4
Add option to control accepting recv_error ( #1569 )
2026-01-13 00:00:27 -06:00
Wade Simmons
510a8912a9
Merge remote-tracking branch 'origin/master' into multiport
2025-12-04 15:22:14 -05:00
Nate Brown
64f202fa17
Make 0.0.0.0/0 and ::/0 not mean any address family, add any for that ( #1538 )
gofmt / Run gofmt (push) Failing after 13s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-11-21 13:46:36 -06:00
Wade Simmons
ae9de47dd9
Merge remote-tracking branch 'origin/master' into multiport
2025-07-11 12:57:52 -04:00
Nate Brown
52623820c2
Drop inactive tunnels ( #1427 )
2025-07-03 09:58:37 -05:00
maggie44
8536c57645
Allow configuration of logger and build version in gvisor service library ( #1239 )
gofmt / Run gofmt (push) Successful in 11s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m23s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m26s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m30s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m35s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-04-21 13:45:59 -04:00
Andriyanov Nikita
e5ce8966d6
add netlink options ( #1326 )
...
* add netlink options
* force use buffer
* fix namings and add config examples
* fix linter
2025-04-21 13:44:33 -04:00
John Maguire
d4a7df3083
Rename pki.default_version to pki.initiating_version ( #1381 )
gofmt / Run gofmt (push) Successful in 9s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m26s
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m13s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m19s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-04-07 18:08:29 -04:00
John Maguire
e136d1d47a
Update example config with default_local_cidr_any changes ( #1373 )
2025-04-01 16:08:03 -05:00
dioss-Machiel
f86953ca56
Implement ECMP for unsafe_routes ( #1332 )
gofmt / Run gofmt (push) Successful in 27s
smoke-extra / Run extra smoke tests (push) Failing after 18s
smoke / Run multi node smoke test (push) Failing after 1m26s
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m43s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m45s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m59s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-24 17:15:59 -05:00
Caleb Jasik
50473bd2a8
Update example config to listen on :: by default ( #1351 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 19s
smoke / Run multi node smoke test (push) Failing after 1m27s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m16s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m41s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m56s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-12 22:53:16 -05:00
jampe
1d3c85338c
add so_mark sockopt support ( #1331 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m29s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m23s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m45s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3m39s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-12 09:35:33 -05:00
Wade Simmons
f36db374ac
Merge remote-tracking branch 'origin/master' into multiport
2025-03-06 16:11:32 -05:00
Nate Brown
d97ed57a19
V2 certificate format ( #1216 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
Co-authored-by: Jack Doan <jackdoan@rivian.com >
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
Co-authored-by: Jack Doan <me@jackdoan.com >
2025-03-06 11:28:26 -06:00
Wade Simmons
dabce8a1b4
Merge tag 'v1.9.4' into multiport
...
1.9.4 Release
2024-09-13 10:17:59 -04:00
Jack Doan
3dc56e1184
Support UDP dialling with gvisor ( #1181 )
2024-08-26 12:38:32 -05:00
Wade Simmons
b445d14ddb
Merge remote-tracking branch 'origin/master' into multiport
2024-05-08 11:22:19 -04:00
Wade Simmons
50b24c102e
v1.9.0 ( #1137 )
...
Update CHANGELOG for Nebula v1.9.0
Co-authored-by: John Maguire <john@defined.net >
2024-05-08 10:31:24 -04:00
John Maguire
f31bab5f1a
Add support for SSH CAs ( #1098 )
...
- Accept certs signed by trusted CAs
- Username must match the cert principal if set
- Any username can be used if cert principal is empty
- Don't allow removed pubkeys/CAs to be used after reload
2024-04-30 10:50:17 -04:00
John Maguire
f7db0eb5cc
Remove Vagrant example ( #1129 )
2024-04-30 09:40:24 -05:00
Andrew Kraut
df78158cfa
Create service script for open-rc ( #711 )
2024-04-30 09:53:00 -04:00
Nate Brown
a99618e95c
Don't log invalid certificates ( #1116 )
2024-04-29 15:21:00 -05:00
Nate Brown
cc8b3cc961
Add config option for local_cidr control
2024-02-15 11:46:45 -06:00
Nate Brown
f346cf4109
At the end
2024-02-05 10:23:10 -06:00
Wade Simmons
659d7fece6
Merge tag 'v1.8.2' into multiport
...
1.8.2 Release
2024-01-26 10:45:15 -05:00
Nate Brown
072edd56b3
Fix re-entrant GetOrHandshake issues ( #1044 )
2023-12-19 11:58:31 -06:00
Tristan Rice
1083279a45
add gvisor based service library ( #965 )
...
* add service/ library
2023-11-21 11:50:18 -05:00
Nate Brown
3356e03d85
Default pki.disconnect_invalid to true and make it reloadable ( #859 )
2023-11-13 12:39:38 -06:00
Wade Simmons
f2aef0d6eb
Merge remote-tracking branch 'origin/master' into multiport
2023-10-27 08:48:13 -04:00
John Maguire
87b628ba24
Fix truncated comment in config.yml ( #999 )
2023-10-27 08:39:34 -04:00
c0repwn3r
03e70210a5
Add support for NetBSD ( #916 )
2023-07-27 13:44:47 -05:00
Nate Brown
1e3c155896
Attempt to notify systemd of service readiness on linux ( #929 )
2023-07-24 11:30:18 -05:00
John Maguire
7e380bde7e
Document new DNS config options ( #879 )
2023-07-10 15:19:05 -04:00
John Maguire
8ba5d64dbc
Add support for naming FreeBSD tun devices ( #903 )
2023-06-22 12:13:31 -04:00
Wade Simmons
0e593ad582
Merge branch 'master' into multiport
2023-05-09 15:37:30 -04:00
Ilya Lukyanov
1701087035
Add destination CIDR checking ( #507 )
2023-05-09 10:37:23 -05:00
Nate Brown
a9cb2e06f4
Add ability to respect the system route table for unsafe route on linux ( #839 )
2023-05-09 10:36:55 -05:00
Wade Simmons
28ecfcbc03
Merge remote-tracking branch 'origin/master' into multiport
2023-05-03 10:50:06 -04:00
Nate Brown
397fe5f879
Add ability to skip installing unsafe routes on the os routing table ( #831 )
2023-04-10 12:32:37 -05:00
Nate Brown
3cb4e0ef57
Allow listen.host to contain names ( #825 )
2023-04-05 11:29:26 -05:00
Wade Simmons
e71059a410
Merge remote-tracking branch 'origin/master' into multiport
2023-04-03 11:30:41 -04:00