github NHAS/wag v1.4.1

latest releases: v8.0.1, v8.0.0, v8.0.0-beta17...
2 years ago

A large release of wag that changes multiple aspects of the program.

This release changes the configuration file for wag, WgDevName has been moved into a new configuration structure Wireguard and is now called DevName.
Please review the example configuration.

Most notably adds:

  • hot upgrades, allowing you to upgrade the golang portions of the VPN without interrupting users
  • wag management of the underlying wireguard device, which removes dependency on things like wg-quick.
  • database migrations

It is important that the systemd service file is updated to the current version in the repository.

(This releases binary has been upgraded to 1.4.2 due to numerous breaking bugs)

Features:

  • Database migrations will first perform a database backup
  • v1.3.2-pre-release Netlink interoperability allows wag to setup/teardown a wireguard device
  • v1.3.2-pre-release Hot upgrading, the VPN now does not need to be fully stopped in order to upgrade the golang components of wag this is added with the ./wag upgrade command
  • v1.3.2-pre-release Improved control package, now every action can be done using it
  • v1.3.2-pre-release Add a minimum time to registration request completion to stop timing attacks (now will take ~1 second)

Bug Fixes:

  • v1.3.2-pre-release Fix firewall list command not outputting data

  • v1.3.2-pre-release -config is now no longer required for every cli command

  • v1.4.0-pre-release After hot upgrade the wireguard endpoint watcher no longer automatically de-authenticate all users as wireguard device creation sets device endpoints to their previous value

Changes:

  • v1.3.2-pre-release WgDevName has been moved into a new configuration structure Wireguard and is now called DevName
  • v1.3.2-pre-release wag will now create and populate a wireguard device using netlink, when the device specified by DevName is not present
  • v1.3.2-pre-release wag no longer relies on wg-quick configuration for peers
  • v1.3.2-pre-release When a user exceeds the lockout number of attempts the error message they now get is "account locked"
  • v1.3.2-pre-release Wags XDP component is now more obviously labeled as wag in tools such as bpftool
  • v1.3.2-pre-release The wag socket now allows whatever process group wag is in to read/write (allows for better integrations)
  • v1.3.2-pre-release No longer use the default http mux for the control mux just in case it becomes exposed
  • v1.3.2-pre-release Once a TOTP code is used, it cannot be reused within the 30 second time period
  • v1.4.0-pre-release make upgrade message a bit clearer to differentiate when a binary needs to be manually copied or is automatically copied
  • v1.4.0-pre-release wag now stores the last user device endpoint in the SQLite3 database
  • v1.4.0-pre-release wag can now automatically upgrade its own database

Don't miss a new wag release

NewReleases is sending notifications on new releases.