mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
b33e8fd04e
Bumps [futures-bounded](https://github.com/libp2p/rust-libp2p) from 0.2.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/libp2p/rust-libp2p/releases">futures-bounded's releases</a>.</em></p> <blockquote> <h2>libp2p-v0.53.0</h2> <p>The most ergonomic version of rust-libp2p yet!</p> <p>We've been busy again, with over <a href="https://github.com/libp2p/rust-libp2p/compare/libp2p-v0.52.0...master">250</a> PRs being merged into <code>master</code> since <code>v0.52.0</code> (excluding dependency updates).</p> <h2>Backwards-compatible features</h2> <p>Numerous improvements landed as patch releases since the <code>v0.52.0</code> release, for example a new, type-safe <a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4120"><code>SwarmBuilder</code></a> that also encompasses the most common transport protocols:</p> <pre lang="rust"><code>let mut swarm = libp2p::SwarmBuilder::with_new_identity() .with_tokio() .with_tcp( tcp::Config::default().port_reuse(true).nodelay(true), noise::Config::new, yamux::Config::default, )? .with_quic() .with_dns()? .with_relay_client(noise::Config::new, yamux::Config::default)? .with_behaviour(|keypair, relay_client| Behaviour { relay_client, ping: ping::Behaviour::default(), dcutr: dcutr::Behaviour::new(keypair.public().to_peer_id()), })? .build(); </code></pre> <p>The new builder makes heavy use of the type-system to guide you towards a correct composition of all transports. For example, it is important to compose the DNS transport as a wrapper around all other transports but before the relay transport. Luckily, you no longer need to worry about these details as the builder takes care of that for you! Have a look yourself if you dare <a href="https://github.com/libp2p/rust-libp2p/tree/master/libp2p/src/builder">here</a> but be warned, the internals are a bit wild :)</p> <p>Some more features that we were able to ship in <code>v0.52.X</code> patch-releases include:</p> <ul> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4325">stable QUIC implementation</a></li> <li>for rust-libp2p compiled to WASM running in the browser <ul> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4015">WebTransport support</a></li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4248">WebRTC support</a></li> </ul> </li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4156">UPnP implementation to automatically configure port-forwarding with ones gateway</a></li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4281">option to limit connections based on available memory</a></li> </ul> <p>We always try to ship as many features as possible in a backwards-compatible way to get them to you faster. Often times, these come with deprecations to give you a heads-up about what will change in a future version. We advise updating to each intermediate version rather than skipping directly to the most recent one, to avoid missing any crucial deprecation warnings. We highly recommend you stay up-to-date with the latest version to make upgrades as smooth as possible.</p> <p>Some improvments we unfortunately cannot ship in a way that Rust considers a non-breaking change but with every release, we attempt to smoothen the way for future upgrades.</p> <h2><code>#[non_exhaustive]</code> on key enums</h2> <p>We've identified that adding a new "message" to the <code>ToSwarm</code> enum is a common cause for breaking changes. This enum is used by plugins (i.e. <code>NetworkBehaviour</code>s) to communicate with the <code>Swarm</code>. Similarly, the <code>FromSwarm</code> enum is used to inform plugins about state changes. By adding <code>#[non_exhaustive]</code> to these and other enums we enable future additions to be non-breaking changes.</p> <p>For example, <a href="https://redirect.github.com/libp2p/rust-libp2p/issues/4302">we plan</a> to allow <code>NetworkBehaviour</code>s to share addresses of peers they've discovered with each other. Previously, we had to queue this feature until the next breaking change whereas now, we can simply ship it as soon as it is ready!</p> <p>Thanks to <a href="https://github.com/dhuseby"><code>@dhuseby</code></a> for getting the ball rolling on this one. See <a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4581">PR 4581</a> for details.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="74e315719c"><code>74e3157</code></a> chore: prepare v0.53.0</li> <li><a href="402212cf79"><code>402212c</code></a> fix(swarm): implement <code>ConnectionHandler::poll_close</code> for combinators</li> <li><a href="32c945ccc0"><code>32c945c</code></a> chore: add changelog entry of backport</li> <li><a href="0ef6feb397"><code>0ef6feb</code></a> feat(swarm): don't have <code>ConnectionHandler</code>s close connections</li> <li><a href="e6905fe5c0"><code>e6905fe</code></a> deps: migrate to <code>hickory-dns</code></li> <li><a href="a428ffdb7d"><code>a428ffd</code></a> feat(swarm): add <code>#[non_exhaustive]</code> to key enums</li> <li><a href="e2e9179fd7"><code>e2e9179</code></a> feat: introduce tracing</li> <li><a href="fab920500d"><code>fab9205</code></a> feat(core): remove <code>upgrade::transfer</code> module</li> <li><a href="d05d836159"><code>d05d836</code></a> refactor(autonat): use <code>quick-protobuf-codec</code></li> <li><a href="ac2848866a"><code>ac28488</code></a> fix(relay): close stream once done sending</li> <li>Additional commits viewable in <a href="https://github.com/libp2p/rust-libp2p/compare/v0.2.0...futures-bounded-v0.2.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
A modern alternative to legacy VPNs.
Note: 🚧 The main branch is undergoing major restructuring in preparation
for the release of Firezone 1.x 🚧.
See the legacy branch to
track the latest changes to Firezone 0.7.
Read the 1.0 announcement for more.
Overview
Firezone is an open source platform to securely manage remote access for any-sized organization. Unlike most VPNs, Firezone takes a granular, least-privileged approach to access management with group-based policies that control access to individual applications, entire subnets, and everything in between.
Features
Firezone is:
- Fast: Built on WireGuard® to be 3-4 times faster than OpenVPN.
- Scalable: Deploy two or more gateways for automatic load balancing and failover.
- Private: Peer-to-peer, end-to-end encrypted tunnels prevent packets from routing through our infrastructure.
- Secure: Zero attack surface thanks to Firezone's holepunching tech which establishes tunnels on-the-fly at the time of access.
- Flexible: Authenticate users via email, Google Workspace, or OIDC and sync users and groups automatically.
- Simple: Deploy gateways and configure access in minutes with a snappy admin UI.
Firezone is not:
- A tool for creating bi-directional mesh networks
- A full-featured router or firewall
- An IPSec or OpenVPN server
Contents of this repository
This is a monorepo containing the full Firezone product, marketing website, and product documentation, organized as follows:
- elixir: Control plane and internal Elixir libraries:
- elixir/apps/web: Admin UI
- elixir/apps/api: API for Clients, Relays and Gateways.
- rust/: Data plane and internal Rust libraries:
- rust/gateway: Gateway - Tunnel server based on WireGuard and deployed to your infrastructure.
- rust/relay: Relay - STUN/TURN server to facilitate holepunching.
- rust/linux-client: Linux client.
- swift/: macOS / iOS clients.
- kotlin/: Android / ChromeOS clients.
- website/: Marketing website and product documentation.
- terraform/: Terraform files for our cloud infrastructure:
- terraform/modules/gateway-google-cloud-compute: Example Terraform module for deploying a Gateway to a Google Compute Regional Instance Group.
Quickstart
Firezone 1.x is currently accepting early access signups for closed testing. Fill out the early access form to request access and we'll be in touch!
Frequently asked questions (FAQ)
Can I self-host Firezone?
Our license won't stop you from self-hosting the entire Firezone product top to bottom, but we can't commit the resources to make this a smooth experience and therefore don't support self-hosting the control plane at this time.
If you have a business case requiring an on-prem installation of Firezone please get in touch.
If you're feeling especially adventurous and want to self-host Firezone for educational or recreational purposes, you'll want to build and distribute the clients from source to ensure they remain locked to a version compatible with your self-hosted control plane. Unfortunately, the following clients must be distributed through proprietary app stores due to restrictions imposed by Apple and Google:
- macOS
- iOS
- Android / ChromeOS
Because it's impossible to select which client version to install from a particular app store, building and distributing Firezone from source is the only to way self-host Firezone at this time.
Otherwise, if you're hobbyist or developer and are looking to spin it up locally to contribute or experiment with, see CONTRIBUTING.md.
How do I upgrade from 0.7?
Unfortunately, you can't. The good news is Firezone 1.x is much easier to setup and manage than 0.x and so you probably don't need to.
How long will 0.7 be supported until?
Firezone 0.7 is currently end-of-life and will stop receiving updates after January 31st, 2024.
Documentation
Additional documentation on general usage, troubleshooting, and configuration can be found at https://docs.firezone.dev.
Get Help
If you're looking for help installing, configuring, or using Firezone, check our community support options:
- Discussion Forums: Ask questions, report bugs, and suggest features.
- Public Slack Group: Join live discussions, meet other users, and get to know the contributors.
- Open a PR: Contribute a bugfix or make a contribution to Firezone.
Star History
Developing and Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md.
License
Portions of this software are licensed as follows:
- All content residing under the "elixir/" directory of this repository, if that directory exists, is licensed under the "Elastic License 2.0" license defined in "elixir/LICENSE".
- All third party components incorporated into the Firezone Software are licensed under the original license provided by the owner of the applicable component.
- Content outside of the above mentioned directories or restrictions above is available under the "Apache 2.0 License" license as defined in "LICENSE".
WireGuard® is a registered trademark of Jason A. Donenfeld.