summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-08-01Merge branch 'master' into android-jniGrant Limberg
2015-07-31VERSION 1.0.4: Stability, LAN, and NAT traversal improvementsAdam Ierymenko
ZeroTier One version 1.0.4 brings several improvements to stability, connectivity between hosts on the same LAN, and NAT traversal. Direct connectivity improvements: - ZeroTier One now opens port mappings using uPnP and/or NAT-PMP if they are available on your network. These are then made available to other (1.0.4 or newer) nodes. This should greatly improve direct connectivity success rates for users on networks that support port mapping. To build with this option, you must include ZT_USE_MINIUPNPC=1 on the make path. Pre-build binaries are included for many common architectures to make this easier. - A new message has been introduced whereby nodes can "push" IP address suggestions to other nodes. This is only done to nodes with whom you have a trust relationship, which right now means they are members of a network you've joined. The IP addresses sent include local interface addresses and possibly uPnP mappings if any are available. When nodes receive pushed IPs, they can attempt connectivity at these addresses. This greatly improves connectivity on local LANs, since the old broadcast mechanism proved too unreliable under many real world scenarios. - IPv6 addresses are also "pushed" via the aforementioned message, allowing direct connectivity over IPv6 if both hosts have an IPv6 address. - Some of the aggressive port-scanning NAT-t behavior has been removed, since this occasionally triggered intrusion alarms on some networks and proved ineffective in the field. uPnP will be a much bigger win, and is less "hacky." - The rate of (tiny) UDP keepalive packet generation was slightly increased. We were as surprised as you to learn that there are many NAT routers in the wild with timeouts as short as 20 seconds even though the RFC stipulates that they should be no shorter than two minutes (120 seconds). All of these connectivity improvements rely upon a new message introduced with 1.0.4, so they'll only work between 1.0.4 nodes. Older methods of connectivity establishment will continue to work with earlier versions. Platform-specific improvements: - Many improvements have been made to Windows support and stability. The NDIS6 driver is now used exclusively. If you have ports that use NDIS5, these will automatically be re-created using the NDIS6 driver. You may see a "select this network's type" notification after 1.0.4 upgrade for this reason. - The dependency on the external "devcon.exe" binary on Windows has been completely removed in favor of internal direct calls to the Windows setup API to add and remove network ports. These are done via dynamically loaded instances of the system setup DLLs to use the most recent setup API code on your system for improved compatibility. - This version is tested with Windows 10 release, and was confirmed to work on a clean install. - The ARM32/Raspbian build is now back to using Debian Wheezy for library backward compatibility (binary build only). - The Mac icon is now a bit smaller to look better in the dock. - The ui/ subfolder is now distributed with the Linux binary installer and packages. This means Linux users can navigate to the UI at http://127.0.0.1:9993/ and enter their authtoken.secret to use the GUI locally. (This port could also be accessed via SSH port forwarding or other mechanisms to administrate graphically from a remote system.) Other improvements: - The new beta SQLite-backed controller microservice found in controller/ and built with the ZT_ENABLE_NETWORK_CONTROLLER=1 make option is now in a much more "working" state. Feel free to give it a try! If you tried it before, delete controller.db before starting the new version. - A few tweaks were made to the path selection logic in the hope of eliminating some flaky network behavior reported by users. The next version of ZeroTier One will focus on performance and memory footprint reduction, and may also include perfect forward security/secrecy (a.k.a. PFS) once our design is finalized and reviewed.
2015-07-31Add security notice to auto-update info in -h output, and fix a missing paren.Adam Ierymenko
2015-07-31Remove a bit of redundant logic, and also announce MULTICAST_LIKEs to ↵Adam Ierymenko
controllers (for future use).
2015-07-31Dead code removal.Adam Ierymenko
2015-07-30Bring back _winPokeAHole() to dynamically allocate firewall exception. ↵Adam Ierymenko
Shouldn't be needed but seems to help on Windows 8.
2015-07-30Because Windows, because Windows. Now it upgrades correctly from 1.0.1, ↵Adam Ierymenko
including automatic driver update from NDIS5 to NDIS6. Also a bit more robust on creating new ports, just in case.
2015-07-30Save enumeration of statically assigned IPs so they will always be ↵Adam Ierymenko
reassigned on device "power cycle."
2015-07-301.0.4 installer GUIDAdam Ierymenko
2015-07-30Suppress icacls output on lockDownFile().Adam Ierymenko
2015-07-30Because Windows.Adam Ierymenko
2015-07-30Kill the devcon.exe dependency by dynamically loading cfgmgr32, newdev, and ↵Adam Ierymenko
setupapi and using these functions directly.
2015-07-29Merge branch 'adamierymenko-dev' into android-jniGrant Limberg
2015-07-291.0.4 release installer changesAdam Ierymenko
2015-07-29Rebuild Mac UI wrapper with smaller icon and a small UI fix.Adam Ierymenko
2015-07-29Add border around Mac icon so it looks better in Finder.Adam Ierymenko
2015-07-29Go ahead and spec out controller DB support for AuthToken -- GitHub issue ↵Adam Ierymenko
#211 -- even though full implementation won't make it into 1.0.4.
2015-07-28Merge branch 'adamierymenko-dev' into android-jniGrant Limberg
2015-07-28docsAdam Ierymenko
2015-07-28Add CLI support for /explicit/urls (automatically outputs JSON in this ↵Adam Ierymenko
case), and some cleanup.
2015-07-28Get rid of -I on Mac and Linux since we include miniupnpc headers by direct ↵Adam Ierymenko
path reference.
2015-07-28Add miniupnpc builds for Windows, fix some Windows build warnings.Adam Ierymenko
2015-07-28Linux x86 libminiupnpc.aAdam Ierymenko
2015-07-24Linux x64 libminiupnpc.aAdam Ierymenko
2015-07-28Linux make support for libminiupnpc.Adam Ierymenko
2015-07-28libminiupnpc.a for arm6lAdam Ierymenko
2015-07-28Add miniupnpc to third party libs.Adam Ierymenko
2015-07-28Add binary build of libminiupnpc for Mac x64.Adam Ierymenko
2015-07-28Merge branch 'adamierymenko-dev' of ↵Adam Ierymenko
http://git.int.zerotier.com/zerotier/zerotierone into adamierymenko-dev
2015-07-28UPNP/NAT-PMP support with libminiupnpc (if built with it) -- GitHub issue #64Adam Ierymenko
2015-07-28docs,cleanupAdam Ierymenko
2015-07-28Cancel NAT-t attempts if peer is no longer "alive"Adam Ierymenko
2015-07-28Kill more kittens.Adam Ierymenko
2015-07-28Revert... no luck with any of that.Adam Ierymenko
2015-07-28Play with NAT-t tweaks some more.Adam Ierymenko
2015-07-28Disable type punning on ARM by ifdef.Adam Ierymenko
2015-07-28Remove some left over debug code, and fix attempt to send to self if we are ↵Adam Ierymenko
an active bridge.
2015-07-28Add TRACE for NAT-t debugging.Adam Ierymenko
2015-07-28Try another NAT traversal improvement.Adam Ierymenko
2015-07-28Nuke some abandoned code.Adam Ierymenko
2015-07-28Enable SO_NO_CHECK if available to skip UDP checksum on packet send for ↵Adam Ierymenko
slight performance improvement. We do our own cryptographically secure authentication so UDP checksum is worthless.
2015-07-28Merge branch 'master' into adamierymenko-devAdam Ierymenko
2015-07-28Merge pull request #215 from nelsonjchen/patch-2Adam Ierymenko
Update Application Mac Menu. Small MacGap leftover.
2015-07-27Fix to NAT escalation sequence.Adam Ierymenko
2015-07-27Fix IP scoping bug, and disable remotely reported surface push... not ↵Adam Ierymenko
helping. :(
2015-07-27Fix infinite loop typo.Adam Ierymenko
2015-07-27Push remote surface as reported by peers along with known interface direct ↵Adam Ierymenko
paths to assist with (some) NAT traversal. (trying this, may back out if not effective)
2015-07-27Eliminate some aggressive port scanning NAT-t behavior that has proven ↵Adam Ierymenko
ineffective.
2015-07-24Fix leaving of networks to actually call Network::destroy().Adam Ierymenko
2015-07-24Apply same Linux compiler-picker logic to Mac.Adam Ierymenko