This release contains a significant change to how wag does route restrictions, it is highly likely you will need to review your configurations.
Breaking Changes:
- Wag now uses the most specific route to determine if a route is restricted behind MFA or Public. For example:
"Policies": {
"*": {
"Mfa": [
"10.0.1.0/24"
],
"Allow": [
"10.0.1.2/32"
]
}
}
While this policy has a blanket restriction to force everything under /24
to require MFA, the single route 10.0.1.2/32
is available to any user without authorisation, as it is more specific.
Features:
- The wag management UI will now check for updates from github and give a notification if a new version of wag is available. This can be enabled/disabled with
CheckUpdates
in the config.json, defaultly off.