VERSION 1.0.4: Stability, LAN, and NAT traversal improvements

Browse Source

ZeroTier One version 1.0.4 brings several improvements to stability,
connectivity between hosts on the same LAN, and NAT traversal.

Direct connectivity improvements:

 - ZeroTier One now opens port mappings using uPnP and/or NAT-PMP
   if they are available on your network. These are then made
   available to other (1.0.4 or newer) nodes. This should greatly
   improve direct connectivity success rates for users on networks
   that support port mapping. To build with this option, you must
   include ZT_USE_MINIUPNPC=1 on the make path. Pre-build binaries
   are included for many common architectures to make this easier.

 - A new message has been introduced whereby nodes can "push" IP
   address suggestions to other nodes. This is only done to nodes
   with whom you have a trust relationship, which right now means
   they are members of a network you've joined. The IP addresses
   sent include local interface addresses and possibly uPnP mappings
   if any are available. When nodes receive pushed IPs, they can
   attempt connectivity at these addresses. This greatly improves
   connectivity on local LANs, since the old broadcast mechanism
   proved too unreliable under many real world scenarios.

 - IPv6 addresses are also "pushed" via the aforementioned message,
   allowing direct connectivity over IPv6 if both hosts have an
   IPv6 address.

 - Some of the aggressive port-scanning NAT-t behavior has been
   removed, since this occasionally triggered intrusion alarms on
   some networks and proved ineffective in the field. uPnP will be
   a much bigger win, and is less "hacky."

 - The rate of (tiny) UDP keepalive packet generation was slightly
   increased. We were as surprised as you to learn that there are
   many NAT routers in the wild with timeouts as short as 20 seconds
   even though the RFC stipulates that they should be no shorter
   than two minutes (120 seconds).

All of these connectivity improvements rely upon a new message
introduced with 1.0.4, so they'll only work between 1.0.4 nodes.
Older methods of connectivity establishment will continue to work
with earlier versions.

Platform-specific improvements:

 - Many improvements have been made to Windows support and stability.
   The NDIS6 driver is now used exclusively. If you have ports that
   use NDIS5, these will automatically be re-created using the NDIS6
   driver. You may see a "select this network's type" notification
   after 1.0.4 upgrade for this reason.

 - The dependency on the external "devcon.exe" binary on Windows has
   been completely removed in favor of internal direct calls to the
   Windows setup API to add and remove network ports. These are done
   via dynamically loaded instances of the system setup DLLs to use
   the most recent setup API code on your system for improved
   compatibility.

 - This version is tested with Windows 10 release, and was confirmed
   to work on a clean install.

 - The ARM32/Raspbian build is now back to using Debian Wheezy for
   library backward compatibility (binary build only).

 - The Mac icon is now a bit smaller to look better in the dock.

 - The ui/ subfolder is now distributed with the Linux binary installer
   and packages. This means Linux users can navigate to the UI at
   http://127.0.0.1:9993/ and enter their authtoken.secret to use
   the GUI locally. (This port could also be accessed via SSH port
   forwarding or other mechanisms to administrate graphically from a
   remote system.)

Other improvements:

 - The new beta SQLite-backed controller microservice found in
   controller/ and built with the ZT_ENABLE_NETWORK_CONTROLLER=1 make
   option is now in a much more "working" state. Feel free to give
   it a try! If you tried it before, delete controller.db before
   starting the new version.

 - A few tweaks were made to the path selection logic in the hope of
   eliminating some flaky network behavior reported by users.

The next version of ZeroTier One will focus on performance and memory
footprint reduction, and may also include perfect forward security/secrecy
(a.k.a. PFS) once our design is finalized and reviewed.

...

This commit is contained in:

Adam Ierymenko 2015-07-31 11:33:52 -07:00

parent facb009a1d

commit bf193dd3cf

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available