In this release, we are adding support to the PKCE authentication flow for NetBird's client software. Most identity providers support this flow, effectively bringing SSO support to Azure AD and Google Workspace deployments. You can review the updated configuration for these providers at https://docs.netbird.io/selfhosted/identity-providers
Another highlight of this release is using eBPF to reduce the number of ports used in the proxy between the kernel Wireguard interface and our ICE agent for relayed connections. This is an initial step towards using more efficient resource utilization.
To use eBPF proxy in more restricted environments like docker containers or Nix OS, we need to add the following permissions:
--cap-add=SYS_ADMINand--cap-add=SYS_RESOURCE.
If client don't have these permissions, it will fallback to the previous proxy mode with one port listener per relay connection.
Lastly, a better DNS handling is included for file resolver and macOS DNS, now we are failing over to existing local DNS addresses when there is a connectivity issue.
Management
- Add PKCE authorization flow support (#1012)
Client
- Add eBPF proxy for relayed connections (#911)
- Add PKCE authorization flow support (#1012)
- Keep system nameservers as DNS fallback (#1036)
Full Changelog: v0.21.11...v0.22.0