ff24332e23
feat(web): add OIDC SSO login support ( #1943 )
2026-03-03 18:23:31 +08:00
cd2cf56358
refactor: handle quic proxy internally instead of use external udp port ( #1743 )
...
* deprecate quic_listen_port, add disable_relay_quic and enable_relay_foreign_network_quic
* add set_src_modified to TcpProxyForWrappedSrcTrait
* prioritize quic over kcp
2026-02-02 11:53:40 +08:00
cdedaf3f63
refactor(quic): remove quinn encryption ( #1831 )
...
* use quinn-plaintext
* remove server_cert in QUICTunnelListener
* remove some customized transport config
* leave max_concurrent_bidi_streams as default
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-30 10:21:59 +08:00
977e502150
feat(cli): add column truncation controls ( #1838 )
...
- drop low-priority columns when tables exceed terminal width
- truncate optional columns to fit remaining width
- add --no-trunc flag to disable truncation
- compute column widths using unicode display width
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-28 14:50:14 +08:00
101f416268
Introduce secure mode (part 1) ( #1808 )
...
Use noise protocol on handshake. Check peer's public key if needed. Also support rekey and replay attack prevention.
E2EE and temporary password will be implemented based on this.
2026-01-25 20:16:51 +08:00
005b321f62
allow open rpc port in gui normal mode ( #1795 )
...
* allow open rpc port for gui normal mode
* downgrade dev tool console
2026-01-16 11:12:32 +08:00
53264f67bf
fix peer establish direct conn with subnet proxy to one of local interface ( #1782 )
...
* fix peer establish direct conn with subnet proxy to one of local interface
* fix peer mgr ref loop
2026-01-15 01:00:32 +08:00
bd8f01fb26
Add Nushell completion script generation support ( #1756 )
...
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
2026-01-11 18:41:02 +08:00
39b056c87a
bump version to v2.5.0 ( #1715 )
2025-12-28 23:19:30 +08:00
ca9b4c58b1
fix windivert cause stack overflow ( #1711 )
2025-12-27 19:31:42 +08:00
28cd6da502
Add fake tcp tunnel (experimental) ( #1673 )
...
support faketcp to avoid tcp-over-tcp problem.
linux/macos/windows are supported.
better to be used in internet env, the maximum
performance is majorly limited by windivert/raw socket.
2025-12-25 00:10:32 +08:00
838b6101b9
Make ospf route more effiencient ( #1512 )
...
Avoid iterate all peer info and conn list when building sync request.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-08 13:14:47 +08:00
2a656d6a0c
fix(core): Fix sleep-wake reconnect by resetting alive_conn_urls ( #1593 )
...
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-12-05 14:31:08 +08:00
53f279f5ff
feat(core): Support environment variable parsing in config files ( #1640 )
2025-12-02 17:54:31 +08:00
1f2517c731
feat(gui): add service and remote mode support ( #1578 )
...
This PR fundamentally restructures the EasyTier GUI, introducing support for service mode and remote mode, transforming it from a simple desktop application into a powerful network management terminal. This change allows users to persistently run the EasyTier core as a background service or remotely manage multiple EasyTier instances, greatly improving deployment flexibility and manageability.
2025-11-25 13:59:27 +08:00
b50744690e
easytier-web and uptime use mimalloc as allocator ( #1559 )
2025-11-08 11:07:33 +08:00
eba9504fc2
refactor(gui): refactor gui to use RemoteClient trait and RemoteManagement component ( #1489 )
...
* refactor(gui): refactor gui to use RemoteClient trait and RemoteManagement component
* feat(gui): Add network config saving and refactor RemoteManagement
2025-10-20 22:07:01 +08:00
3ffa6214ca
fix subnet proxy deadloop ( #1492 )
...
* use LPM to determine subnet proxy dst.
* never allow subnet proxy traffic sending to self.
2025-10-19 15:46:51 +08:00
f10b45a67c
[easytier-uptime] support tag in node list ( #1487 )
2025-10-18 23:19:53 +08:00
cc8f35787e
release dashmap memory ( #1485 )
2025-10-18 12:48:04 +08:00
70dddeace3
Fix support for Chinese domain names ( #1462 )
2025-10-15 21:00:05 +08:00
c0d2045e52
bump version to v2.4.5
2025-09-26 00:48:10 +08:00
1a1be8138a
bump version to v2.4.4 ( #1386 )
2025-09-18 19:49:10 +08:00
e06e8a9e8a
allow enable log with cli, limit log size ( #1384 )
...
* impl logger rpc
* use size based appender
* add log args
2025-09-18 16:35:12 +08:00
5c90431876
fix smoltcp attempt to subtract sequence numbers with underflow ( #1360 )
2025-09-13 15:03:04 +08:00
b750faa66f
add android jni ( #1340 )
2025-09-06 13:49:42 +08:00
719a1fe7cf
bump version to 2.4.3 ( #1296 )
2025-08-26 12:22:08 +08:00
5b7384fddd
disable nat4 hole punch ( #1277 )
2025-08-22 23:33:21 +08:00
08a92a53c3
feat(acl): add group-based ACL rules and related structures ( #1265 )
...
* feat(acl): add group-based ACL rules and related structures
* refactor(acl): optimize group handling with Arc and improve cache management
* refactor(acl): clippy
* feat(tests): add performance tests for generate_with_proof and verify methods
* feat: update group_trust_map to use HashMap for more secure group proofs
* refactor: refactor the logic of the trusted group getting and setting
* feat(acl): support kcp/quic use group acl
* feat(proxy): optimize group retrieval by IP in Kcp and Quic proxy handlers
* feat(tests): add group-based ACL tree node test
* always allow quic proxy traffic
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-08-22 22:25:00 +08:00
df7eb47593
Support tokio-console ( #1259 )
2025-08-21 11:41:42 +08:00
e6ec7f405c
introduce uptime monitor for easytier public nodes ( #1250 )
2025-08-20 22:59:44 +08:00
1eec27b5ff
bump version to 2.4.2 ( #1218 )
2025-08-11 09:03:13 +08:00
0087ac3ffc
feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. ( #1186 )
...
Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support.
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
2025-08-09 18:53:55 +08:00
d0a6c93c2c
fix ipv6 packet routing and avoid route looping
...
properly handle ipv6 link local address and exit node.
2025-08-03 18:10:27 +08:00
43b9e6e6e9
fix macos elevate ( #1177 )
2025-08-01 09:36:10 +08:00
b1b2421561
fix: compiling with socket2::Type::RAW not found on macOS #1168 ( #1169 )
2025-07-30 00:33:38 +08:00
1f6a715939
releases/v2.4.0 ( #1145 )
...
* bump version to v2.4.0
* update tauri.
* allow try direct connect to public server
2025-07-25 00:16:15 +08:00
8e7a8de5e5
Implement ACL ( #1140 )
...
1. get acl stats
```
./easytier-cli acl stats
AclStats:
Global:
CacheHits: 4
CacheMaxSize: 10000
CacheSize: 5
DefaultAllows: 3
InboundPacketsAllowed: 2
InboundPacketsTotal: 2
OutboundPacketsAllowed: 7
OutboundPacketsTotal: 7
PacketsAllowed: 9
PacketsTotal: 9
RuleMatches: 2
ConnTrack:
[src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
Rules:
[name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]
```
2. use tcp/udp whitelist to block unexpected traffic.
`sudo ./easytier-core -d --tcp-whitelist 1000`
3. use complete acl ability with config file:
```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2
[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true
```
2025-07-24 22:13:45 +08:00
4f53fccd25
fix bugs ( #1138 )
...
1. avoid dns query hangs the thread
2. avoid deadloop when stun query failed because of no ipv4 addr.
3. make quic input error non-fatal.
4. remove ring tunnel from connection map to avoid mem leak.
5. limit listener retry count.
2025-07-21 23:18:38 +08:00
876d550f68
reduce memory usage ( #1133 )
...
Large memory usage comes from:
Mimalloc hold large thread cache, causing abort 13M+ usage.
QUIC endpoint occupy 3M when GRO is enabled.
Smoltcp 64 tcp listener use 2MB.
2025-07-20 19:15:28 +08:00
0b729b99e7
add options to generate completions ( #1103 )
...
* add options to generate completions
use clap-complete crate to generate completions scripts: easytier-core --generate fish > ~/.config/fish/completions/easytier-core.fish
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
2025-07-17 20:35:49 +08:00
0025973453
fix: cannot start gui on linux ( #1090 )
2025-07-07 22:59:11 +08:00
139f6b3c4c
exclude ohos from workspace ( #1080 )
2025-07-05 18:44:37 +08:00
a4bb555fac
use winapi to config ip and route (remove dep on netsh) ( #1079 )
...
On some windows machines can not execut netsh.
Also this avoid black cmd window when using gui.
2025-07-05 16:50:09 +08:00
d0cfc49806
Add support for IPv6 within VPN ( #1061 )
...
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk
---------
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-07-04 23:43:30 +08:00
01e491ec07
support ohos ( #974 )
...
* support ohos
---------
Co-authored-by: FrankHan <2777926911@qq.com >
2025-07-02 09:44:45 +08:00
4fd0253e99
fix cargo install failure ( #1054 )
2025-06-25 21:55:44 +08:00
ebab70ca3b
add geo info for in web device list ( #1052 )
2025-06-25 09:03:47 +08:00
40601bd05b
add bps limiter ( #1015 )
...
* add token bucket
* remove quinn-proto
2025-06-19 21:15:04 +08:00
72d5ed908e
quic uses the bbr congestion control algorithm ( #1010 )
2025-06-18 23:17:52 +08:00
Mg Pig