Skip to content

Release history

netmaker releases

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Back to tool Latest release

All releases

2 shown

v1.5.1 Breaking risk
Breaking changes
  • Legacy ACLs fully removed
Notable features
  • Traffic Logs Beta with domain tagging
  • Peer update debouncer
  • Pagination APIs for Users/Hosts
Full changelog

Netmaker v1.5.1 Release Notes 🚀

🚀 What’s New

🔁 Traffic Logs (Beta)

Traffic Logs have now moved into Beta.

  • Traffic Logs are now enriched with relevant domain tagging, making network activity easier to audit and investigate.

🧰 Improvements & Fixes

  • Scalability & Reliability Improvements
    Introduced a peer update debouncer that coalesces rapid-fire PublishPeerUpdate calls into a single broadcast — a 500ms resettable debounce window capped by a 3s max-wait deadline ensures back-to-back operations (bulk node updates, gateway changes, host deletions) produce one peer update instead of dozens, drastically reducing CPU and MQTT pressure on the control plane

    Pre-warms peer update caches after each debounced broadcast so pull requests from hosts are served instantly from cache instead of triggering expensive on-demand computation

    Batched metrics export to netmaker exporter via periodic ticker instead of publishing on every individual MQTT metrics message, reducing continuous CPU pressure from Prometheus scraping

  • Database Schema Migration
    Added schema migrations for the Users, Groups, Roles, Networks, and Hosts tables.

  • Deprecated Legacy ACLs
    Legacy ACLs have been fully removed as part of the platform’s transition to the updated access control model.

  • Paginated APIs
    Introduced pagination support for Users and Hosts APIs.

  • DNS
    Added native Active Directory support.

  • Posture Checks
    Nodes can now skip the auto-update check during join, improving join reliability in controlled environments.

  • IDP Sync
    Improved identity provider sync behavior:

    • Synced IDP groups are now denied access by default until explicitly granted.
    • Okta-specific settings are now reset when an IDP integration is removed.

  • HA Setup
    Streamlined high availability (HA) setup and operational workflows.

  • Install Script
    Added on-demand Monitoring Stack installation support via:
    ./nm-quick.sh -m

  • Monitoring Stack
    Updated the monitoring stack to use the official Prometheus and Grafana images.

  • HA Gateways
    Reset Auto Assigned gw when it is disconnected from the network.

🐞 Known Issues

  • IPv6-only machines
    Netclients cannot currently auto-upgrade on IPv6-only systems.

  • Multi-network join performance
    Multi-network netclient joins using an enrollment key still require optimization.

  • systemd-resolved DNS limitation
    On systems using systemd-resolved in uplink mode, only the first 3 entries in resolv.conf are honored; additional entries are ignored. This may cause DNS resolution issues. Stub mode is recommended.

  • Windows Desktop App + mixed gateway modes
    When the Windows Desktop App is connected to both:

    • a Full Tunnel Gateway, and
    • a Split Tunnel Gateway

    the gateway monitoring component may disconnect from the Split Tunnel Gateway.

View release on GitHub
v1.5.0 New feature
Notable features
  • Just-In-Time Access (beta): time-limited network access with automatic request/approval workflow
  • Overlapping Egress Ranges (beta): virtual NAT mode allowing multiple egress routers to share overlapping IP ranges
  • Gateway Monitoring: desktop app auto-failover to healthy gateway hubs
Full changelog

Netmaker v1.5.0 Release Notes 🚀

🚀 What’s New

🔓 Just-In-Time Access (beta)

  • Time-limited, on-demand network access: users request access, admins approve or deny, and grants expire automatically.

  • Request/approval workflow with configurable grant duration; admins retain full control over who accesses which networks and when.

🔁 Overlapping Egress Ranges (beta)

  • Virtual NAT mode enables multiple egress routers to share overlapping IP ranges by assigning each egress a virtual range from a configurable pool.
  • Configurable per-network IPv4 pool and site prefix length for virtual range allocation.
  • Eliminates routing conflicts when multiple sites need to egress the same destination CIDRs (e.g., multiple offices routing to the same cloud VPC).
  • Supports both direct NAT and virtual NAT modes for flexible egress configurations.

🌍 Gateway Monitoring

  • Desktop App connections automatically fail over to healthy gateway hubs when the primary becomes unavailable.
  • Gateway health is monitored via connectivity checks and last-seen metrics; only online gateways are used for new connections.

🧰 Improvements & Fixes

  • IP Detection Interval User can now choose the Device Endpoint IP detection interval based on their requirements.

  • User Migration: Optimized user migration logic to reduce server startup time.

  • DNS: Use Global Nameservers only if no match-all nameservers are configured, added fallback nameserver configuration.

  • Darwin: Netclients on macOS can now use internet gateway.

  • GeoLocation: Consolidate IP location API usage with fallbacks

Known Issues 🐞

  • netclients cannot auto-upgrade on ipv6-only machines.

  • Need to optimize multi-network netclient join with enrollment key

  • On systems using systemd-resolved in uplink mode, the first 3 entries in resolv.conf are used and rest are ignored. So it might cause DNS issues. Stub mode is preferred.

  • When a Windows desktop app is connected to a Full Tunnel Gateway, and a Split Tunnel Gateway at the same time,
    the gateway monitoring component would disconnect from the split tunnel gateway.

View release on GitHub

Beta — feedback welcome: [email protected]