What's Changed
- Add port firewalling for Private Resources by @oschwartz10612 in #2087
- Add option to disable icmp packets over private resources by @oschwartz10612 in #2097
- Add option to pull client relay port from config by @oschwartz10612 in #2098
- Add option to make the 21820 port configurable by @oschwartz10612 in #2102
- Add wildcard alias resources by @oschwartz10612 in #2103
- Add OIDC authentication error response support by @buggystick in #2033
- Add login page customization (EE) by @Fredkiss3 in #1846
- Allow changing site on private resources by @oschwartz10612 in #2112
- Add ASN-based resource rule matching by @WildeTechSolutions in #2095
- Fix: filter dates evaluated at module load time by @depado in #2116
- Refactor: save button positionning by @Fredkiss3 in #1989
- Fix: Adding the blueprints list/get access via API by @huzky-v in #2104
- Refactor: Update
<DomainPicker />to accept default values by @Fredkiss3 in #2034 - Fix: Extend Basic Auth compatibility with browsers #1698 by @jln-brtn in #1951
- Add maintenance screen support (EE) by @oschwartz10612 in #2128
- Fix: Prevent cache memory leak with maxKeys limit and conditional caching by @djcrafts in #2133
- Fix: Support public-resources and private-resources in Docker blueprint labels by @djcrafts in #2132
- Fix: Add missing gnupg utility during Docker installation by @mgruszkiewicz in #2068
- ci: parallelize test workflow by @water-sucks in #2084
- feat(setup): allow declaring a server setup token through env variable by @water-sucks in #2080
- Small UI Improvements
New Contributors
- @mgruszkiewicz made their first contribution in #2068
- @buggystick made their first contribution in #2033
- @depado made their first contribution in #2116
- @huzky-v made their first contribution in #2104
- @WildeTechSolutions made their first contribution in #2095
- @djcrafts made their first contribution in #2133
Full Changelog: 1.13.1...1.14.0
Recommended Versions
Pangolin is backward compatible with older versions of its components. However, access to new features requires that all components be updated to their latest versions. We strongly recommend keeping everything up to date to ensure you benefit from the newest functionality, improvements, and fixes.
- Pangolin 1.14.0+
- Badger 1.3.1+
- Gerbil 1.3.0+
- Olm 1.3.0+
- Note: If you're using a client for macOS, Windows, or Pangolin CLI, simply update to the latest versions.
- Newt 1.8.0+
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Badger Supports Real IP with Cloudflare Proxy
Badger 1.3.0 supports pulling the real IP when behind the Cloudflare Proxy. Support for this is enabled by default. Read more in the Badger release notes.
Port Firewalling and ICMP Ping Support in Private Resources
Private resources now support more granular access controls for ports and protocols. For TCP and UDP traffic, you can choose to allow all ports, block all ports, or define a specific set of allowed ports and port ranges.
In addition, private resources now support ICMP ping. Previously, ICMP traffic was always blocked, preventing you from using tools like ping to test connectivity. With this update, ICMP ping is enabled by default and can also be disabled at any time through the resource’s firewall settings.
Wildcard Alias
Private resources now support wildcard DNS aliases. Instead of defining a single, explicit alias, you can now use a wildcard like *.vpn.internal, which will resolve all matching subdomains to the destination host.
This is useful, for example, when running a reverse proxy (such as Traefik) alongside the site connector (Newt). Multiple services can be routed by hostname and served over HTTPS with valid certificates, while remaining accessible only privately over the tunnel.
Use Private DNS Servers with Pangolin Clients
Pangolin clients on Windows, macOS, and Linux now support routing DNS queries through the secure tunnel. This allows you to configure a self-hosted or private DNS server that the client will use whenever it is connected.
When this feature is enabled, all DNS resolution is performed over the tunnel instead of the local network. As long as you have a private resource configured that grants the client access to the DNS server, queries will be securely resolved within your private infrastructure.
To use this feature, please update your client to the latest available versions.