25.03.001 changelog

25.03.001

Released on 18 March, 2025.

Client

Fixes

  • Allow the DNS service to run as a single process.
  • Add an option to run the service as a Windows service directly, instead of using the winsw wrapper.

    See the changelog in crates/bowtie_service for details.

  • Windows: logs are now limited to 50MB per file, with a maximum of 5 files per service.
  • Obey the shutdown signal in the block list task of the main service.

    This improves graceful shutdown behavior but does not totally fix it, sometimes there is still a timeout.

  • 25.03.001 changes the service management approach on windows.

    This will improve reliability at the point of upgrades by using native windows service control management and reduce an erroneous dialog in the MSI subsystem.

  • In Windows, reading interface statistics on certain interfaces has occasional failures. Earlier versions of Bowtie reset the interface on a single read error. Bowtie now defaults to 3 consecutive read errors and this can be tuned with the interface-error-reset-count flag.
  • Fixes the “The setup was unable to automatically close all requested applications.” dialog box on Windows.
  • Bowtie will now reopen the login tab if a session expires or is forcibly disassociated.
  • Close the tray application after StopServices in the MSI.

    If we close the tray application while the main service is still running, the main service’s UI supervisor feature may restart the tray application, causing the installer to see bowtie.exe as locked and prompt for a system reboot.

    Closing the tray application after the service is stopped should ensure that it stays closed during the update.

Features

  • Toast notifications on Windows are now clickable.
  • The default tunnel_rebuild_strategy is now RebuildOnAllUnreachable. This will reset the connection on certain connectivity issues.
  • A new client configuration option has been added, allow-route-conflict-override.

    Bowtie does not install IP routes that shadow existing system routes. For example, if you have set up a Bowtie Site with a range of 192.168.5.0/24 but the user’s device already has a route of 192.168.4.0/22, Bowtie will not install the 192.168.5.0/24 route because that may break the user’s local network. Previously, the only way that users with this conflict could access the 192.168.5.0/24 site network was by using NAT64 translation.

    This new option allows this behavior to be overridden. In the above example, you can add 192.168.4.0/22 to allow-route-conflict-override to allow installation of the 192.168.5.0/24 route.

    This default value of this option is “10.0.0.0/8”. To return to previous behavior, set this client configuration option to an empty string.

    The format of this is a comma separated list of IP address ranges.

  • Bowtie may now be configured to ask users for a reason when they pause. The user’s responses are collected and periodically uploaded to the controller, where they can be viewed by the Bowtie administrator.

Deprecations

  • Previously Verisign and Hurricane Electric public DNS servers were configured as fallback options for both IPv4 and IPv6 to prevent certain local failure modes. Now dns_fallback_ipv6 will default to empty values, to prevent issues in split-horizon DNS environments.

Meta Control Plane

Fixes

  • Updated the list of Windows and macOS versions to reflect more accurate client support coverage.