24.02.001 changelog

24.02.001

Released on 14 February, 2024.

Server

Fixes

  • Fixed some additional cases in which the bowtie-server process would crash when restarting, causing server daemon instability.

Features

  • Operators may opt-in to pre-release builds of Controllers. To do so, either pass the --prerelease flag to the update command-line utility or set the BOWTIE_PRERELEASE environment variable if updating Controllers via automatic updates (for example, by including the line BOWTIE_PRERELEASE=1 in /etc/default/update).
  • Bowtie now provides Controller network appliance images for Google Compute Engine (GCE) with EFI support.
  • “Last Seen Version” is displayed on the Devices page of the web GUI.

Enhancements

  • The foundational operating system for Controllers has been updated from NixOS 23.05 to 23.11.

    This update includes the following noteworthy version changes. If you rely on any of these packages for downstream integrations (such as observability metrics from opentelemetry-collector-contrib), ensure that the updated versions are compatible with your existing configuration (and update those configurations if necessary).

    Package Old Version New Version
    Linux kernel 6.1.38 6.1.75
    cloud-init 23.1.2 23.3.3
    grafana 9.x 10.x
    jq 1.6 1.7
    loki 2.8.6 2.9.4
    openssh 9.3p2 9.5p1
    opentelemetry-collector-contrib 0.77.0 0.87.0
    prometheus 2.44.0 2.49.0
    prometheus node_exporter 1.5.0 1.7.0
    promtail 2.8.6 2.9.4
    python 3.10.13 3.11.6
    tempo 2.1.1 2.3.0

Client

Features

  • Bowtie on MacOS has gained the ability to operate on a port other than the standard DNS port of 53. To change ports, set the local_dns_listen_port option to an otherwise unused port in the configuration file in /etc/bowtie/configuration/.

    When this option is set to a value different than 53, Bowtie installs some pf firewall rules to redirect DNS queries from port 53 to the new port.

    Some of the applications that can claim port 53 and cause Bowtie to fail are Cirrus Labs’ Tart VM, old versions of Docker and the Internet Sharing facility of MacOS.

  • On MacOS, Bowtie has gained the ability to auto-select the DNS port. If the configuration parameter local_dns_listen_port is set to 0, the port will be auto-selected. Port 53 will be chosen if it is available, otherwise a random port will be chosen. If a port other than 53 is selected manually or automatically, the MacOS firewall (pf) will be used to direct DNS traffic from port 53 to the chosen port.

    The default for local_dns_listen_port has been changed to 0. Set local_dns_listen_port to 53 to fail instead of using a firewall redirect if port 53 is unavailable.

Fixes

  • The Default MTU for the VPN tunnel has been changed to 1280 on MacOS, matching the previous behavior on Linux.