v0.22.31

Changes

Support using http proxy for outbound connections @scareything (#845)

Outbound connections to controllers, routers and hosted servers can be made through a proxy server.

The proxy for controller and router connections is specified with the -x command line option or the HTTP_PROXY environment variable. The value is a URL of the form type://[user[:pass]@]hostname:port. At this time "http" is the only supported type, and Basic authentication is assumed if credentials are provided.

ziti-edge-tunnel run -I /opt/openziti/etc/identities -x http://user:pass@proxyhost:port

Proxies for hosted server connections can be configured by populating the "proxy" field in the host.v1 service configuration.

{
    "address": "127.0.0.1",
    "listenOptions": {
        "identity": "$tunneler_id.name"
    },
    "port": 22,
    "protocol": "tcp",
    "proxy": {
        "address": "localhost:3128",
        "type": "http"
    }
}

Wait for systemd tun device unit to be active before configuring dns @scareything (#837)

A race condition could lead to systemd resetting the resolver configuration that was applied by ziti-edge-tunnel

v0.22.30

Changes

wait for systemd tun device unit to be active before configuring dns @scareything (#837)

v0.22.29

Changes

get ziti-sdk-c 0.36.11 / tlsuv 0.28.5 @scareything (#836)

check dns response buffer as it is filled, and set truncate flag accordingly @scareything (#831)

Use mingw to build windows-x64 binaries @scareything (#826)

v0.22.28

Changes

get ziti-sdk-c 0.36.10 @scareything (#832)

check dns response buffer as it is filled, and set truncate flag accordingly @scareything (#831)

Use mingw to build windows-x64 binaries @scareything (#826)

v0.22.27

Changes

Use mingw to build windows-x64 binaries @scareything (#826)

v0.22.26

Changes

Handle proxy dns responses correctly @scareything (#827)

There were two issues that prevented proxied dns queries from working:

1. The ziti connection that dns queries are sent over is not established (by design) when the first request is sent with ziti_write. The intent is to rely on ziti_write queueing the message until the connection is established, but there was a problem in ziti-sdk-c that caused crypto hash checks to fail for messages that were sent before the connection was ready. This was fixed with ziti-sdk-c 0.36.9.
2. The write callback associated with sending the dns query to the hosting tunneler was incorrectly treating the "length" parameter as "status", so even when a message was sent successfully, the tsdk responded to the original DNS client with SRVFAIL.

Declare data pointer as const @scareything (#825)

This fixes a build error when using Xcode 15.3

v0.22.25

Changes

Avoid invalid memory access when services with hostname intercept addresses become unavailable. @scareything (#822)

Avoid segvs when processing add command @scareything (#821)

v0.22.24

Changes

get ziti-sdk-c 0.36.7 / tlsuv 0.28.3 @scareything (#820)

tlsuv 0.28.3 fixes a bug that caused partial writes to fail.

install jq in container image @qrkourier (#818)

This enables health checks to parse the output of the tunnel_status command correctly, e.g., this liveness probe idea.

v0.22.23

Changes

get ziti-sdk-c 0.36.6 @scareything (#817)

Fixes transfer rate values in tunnel_status responses.

ci: Add dependabot for github-actions @mjtrangoni (#806)

fix mkdir command that enables clobbering tmp identity in container @qrkourier (#801)

document cross-compiling ZET and DEB @qrkourier (#794)

resolves #792

correct the deb and rpm hooks @qrkourier (#805)

Fixes these install errors on Debian caused by failing to check if the file exists before unblinking, and failing to quote a variable that might be undefined.

Setting up ziti-edge-tunnel (0.22.22) ...
unlink: cannot unlink '/opt/openziti/share/ziti-edge-tunnel.service': No such file or directory
/var/lib/dpkg/info/ziti-edge-tunnel.postinst: 109: [: !=: unexpected operator

v0.22.22

Changes

send dns queries upstream @scareything (#803)

fixes #802

add group ziti to container images @qrkourier (#804)