24.01.001
Released on 25 January, 2024.
Server
Features
- Controller events like updates are now recorded and displayed under the System Messages page of the control plane interface. Release notes are also provided on this page to quickly summarize changes. Consult the user documentation for additional information.
- Added ability to force device re-authentication after N number of minutes. Off by default. Go to the /settings page or update the org configuration API to activate.
- Individual resources may now be deleted when managing policies in the Control Plane web interface.
Client
Features
- Linux clients have gained the option dns_supervisor,
(--dns-supervisor on the command line). The default value is
Systemd, the old behavior may be obtained through the value
BowtieService.
The main functional difference between these two options is that the bowtie-dns logs are separated into the bowtie-dns journal with the Systemd option, rather than appearing in the bowtie-service journal.
Behind the scenes the Systemd option creates a bowtie-dns systemd service, and bowtie-service starts and stops this new service when appropriate. With BowtieService as the option, bowtie-dns is forked from bowtie-service.
- The OS-specific Wireguard providers have been split into two separate Wireguard and routing providers. This is provided by the new command line option --routing-provider (routing_provider in configuration files) in addition to the previous option --wireguard-provider (wireguard_provider).
- bowtie-service has gained the option --dry-run
(dry_run = true in configuration files). If set, bowtie-service
will log the commands it would at the INFO level rather than actually
run them. See –verbose/–silent for more information on log levels.
This is only effective for providers that use command line commands. On MacOS, the default boringtun provider does not use command line commands. --dry-run should be coupled with --wireguard-provider=wireguard-go or --wireguard-provider=boringtun-cli.
- A new button was added to the “Help” screen in the Bowtie tray
application to trigger collection of Bowtie logs and diagnostic
information. This creates a zip or tar file that can be then sent in to
assist support.
On MacOS or Linux, this diagnostic file may be generated manually by running bowtie-ctl inspect.
Deprecations
- On MacOS the option --wireguard-provider=boringtun-hybrid
(wireguard_provider="BoringtunHybrid") is now gone. Use
--wireguard-provider=boringtun (wireguard_provider="Boringtun")
and --routing-provider=route-cli (routing_provider="RouteCli")
instead. These are the defaults and recommended, so alternatively the
CLI arguments or configuration file options may be removed. All the
other wireguard providers (wireguard-go, boringtun,
boringtun-cli) are still available and now gain the ability to
specify a different routing provider.
On MacOS the alternative routing provider is --routing-provider=route-socket (routing_provider=RouteSocket). This provider currently is in an alpha state, has known issues and is not recommended.
- On Windows, the option --local-dns-provider (aka local_dns_provider in configuration files), the default value net-powershell (aka NetPowershell) has been renamed to registry-injector (aka RegistryInjector).
Documentation
Features
- JSON-formatted changelogs are now available on the user documentation site under the /changelog.json URL.
- Release notes and changelogs are now available as feeds from the user documentation site. See the documentation for additional information.