Firezone

firezone.dev
Firezone Icon

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source

Firezone Source Code

Author

firezone

Description

WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.

#cloud#devsecops#elixir#elixir-lang#firewall#liveview#network#network-security#networking#phoenix#privacy#rust-lang#security#self-hosted#virtual-network#vpn#vpn-server#wireguard#wireguard-ui#wireguard-vpn

Homepage

https://www.firezone.dev

License

Apache-2.0

Created

22 Apr 20

Last Updated

08 Jun 24

Latest version

1.0.5

Primary Language

Elixir

Size

149,074 KB

Stars

6,335

Forks

266

Watchers

6,335

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Thomas Eizinger (08 Jun 24)

    fix(connlib): reply with `SERVFAIL` on DNS query errors (#5263) Currently, we simply drop a DNS query if we can't fulfill it. Because DNS is based on UDP which is unreliable, a downstream system will re-send a DNS query if it doesn't receive an answer within a certain timeout window. Instead of dropping queries, we now reply with `SERVFAIL`, indicating to the client that we can't fulfill that DNS query. The intent is that this will stop any kind of automated retry-loop and surface an error to the user. Related: #4800. --------- Signed-off-by: Thomas Eizinger <[email protected]> Co-authored-by: Reactor Scram <[email protected]>

  • Reactor Scram (07 Jun 24)

    test(gui-client): remove parts of the test scripts that are redundant (#5280) The post-install script does all this stuff now https://github.com/firezone/firezone/blob/63567b5b33a919e977a7eeaae99599661bfc58c4/rust/gui-client/src-tauri/deb_files/postinst#L9-L15 Ran into this while working on #5279

  • Reactor Scram (07 Jun 24)

    ci(gui-client): remove unused bare exe from CI artifacts (#5277) Closes #5268 With the IPC service, the bare exe isn't useful, just the MSI and deb are used even for testing

  • Jamil (07 Jun 24)

    chore(infra): Allow pentester to sign up (#5278) To allow testing sign up for pentest.

  • Gabi (07 Jun 24)

    fix(connlib): domains can resolve to same IPs on same gateway (#5272) Currently, the same proxy IP can only ever point to one DNS record. Proxy IPs are given out on a per-connection basis. As a result, if two or more domains resolve to the same IP on the same gateway, previous entries to this domain are lost and return an empty record as a result. To fix this issue, we now store the set of resources that resolves to this proxy IP instead of just a single resource. An invariant we have to maintain here is that all of these resources must point to the same gateway. This should always be true because proxy IPs are assigned sequentially across all connections and thus the same IP can always point back to the same proxy IP on the same gateway. Fixes: #5259. --------- Co-authored-by: Thomas Eizinger <[email protected]>

  • dependabot[bot] (07 Jun 24)

    build(deps): Bump ecto_sql from 3.11.1 to 3.11.2 in /elixir (#5176) Bumps [ecto_sql](https://github.com/elixir-ecto/ecto_sql) from 3.11.1 to 3.11.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elixir-ecto/ecto_sql/blob/master/CHANGELOG.md">ecto_sql's changelog</a>.</em></p> <blockquote> <h2>v3.11.2 (2024-05-18)</h2> <h3>Enhancements</h3> <ul> <li>[postgres] Relax <code>postgrex</code> dependency</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elixir-ecto/ecto_sql/commit/da8508aeeeb8f35fc2f28783e0e26a7395016386"><code>da8508a</code></a> Release v3.11.2</li> <li><a href="https://github.com/elixir-ecto/ecto_sql/commit/08bf1753150ffb232525b55ae14b1b4fbe395d43"><code>08bf175</code></a> Relax postgres dependency</li> <li>See full diff in <a href="https://github.com/elixir-ecto/ecto_sql/compare/v3.11.1...v3.11.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecto_sql&package-manager=hex&previous-version=3.11.1&new-version=3.11.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Reactor Scram (06 Jun 24)

    chore(gui-client): improve logging around Client startup and IPC connections (#5216) Closes #3567 (again) Closes #5214 Ready for review ```[tasklist] ### Before merging - [x] The IPC service should report system uptime when it starts. This will tell us whether the computer was rebooted or just the IPC service itself was upgraded / rebooted. - [x] The IPC service should report the PID of itself and the GUI if possible - [x] The GUI should report the PID of the IPC service if possible - [x] Extra logging between `GIT_VERSION = ` and the token loading log line, especially right before and right after the critical Tauri launching step - [x] If a 2nd GUI or IPC service runs and exits due to single-instance, it must log that - [x] Remove redundant DNS deactivation when IPC service starts (I think conectado noticed this in another PR) - [x] Manually test that the GUI logs something on clean shutdown - [x] Logarithmic heartbeat? - [x] If possible, log monotonic time somewhere so NTP syncs don't make the logs unreadable (uptime in the heartbeat should be monotonic, mostly) - [x] Apply the same logging fix to the IPC service - [x] Ensure log zips include GUI crash dumps - [x] ~~Fix #5042~~ (that's a separate issue, I don't want to drag this PR out) - [x] Test IPC service restart (logs as a stop event) - [x] Test IPC service stop - [x] Test IPC service logs during system suspend (Not logged, maybe because we aren't subscribed to power events) - [x] Test IPC service logs during system reboot (Logged as shutdown, we exit gracefully) - [x] Test IPC service logs during system shut down (Logged as a suspend) - [x] Test IPC service upgrade (Logged as a stop) - [x] Log unhandled events from the Windows service controller (Power events like suspend and resume are logged and not handled) ``` --------- Signed-off-by: Reactor Scram <[email protected]>

  • Jamil (06 Jun 24)

    fix(ux): Align filters horizontally on `md` breakpoints and higher (#5265) Fixes #5231 Fixes #5232 <img width="636" alt="Screenshot 2024-06-05 at 7 26 19 PM" src="https://github.com/firezone/firezone/assets/167144/8e40ba37-9757-4f83-98ad-24c61efbad36"> <img width="1792" alt="Screenshot 2024-06-05 at 7 26 11 PM" src="https://github.com/firezone/firezone/assets/167144/eca5084b-ce35-4df6-bb30-474811944ea2"> <img width="720" alt="Screenshot 2024-06-05 at 7 26 03 PM" src="https://github.com/firezone/firezone/assets/167144/c3eccdba-b3c0-467a-91c0-5197e2a74ed6"> <img width="1791" alt="Screenshot 2024-06-05 at 7 32 16 PM" src="https://github.com/firezone/firezone/assets/167144/64d417e3-cf74-4f20-9cf5-22b7c0cd620c"> <img width="748" alt="Screenshot 2024-06-05 at 7 32 07 PM" src="https://github.com/firezone/firezone/assets/167144/11cd2f3a-f8ee-4098-bad9-ab21fd6c000c"> <img width="1792" alt="Screenshot 2024-06-05 at 7 31 50 PM" src="https://github.com/firezone/firezone/assets/167144/c601eec9-956b-4229-a1c4-484c4bca5001"> <img width="1792" alt="Screenshot 2024-06-05 at 7 31 48 PM" src="https://github.com/firezone/firezone/assets/167144/2bd2c61a-e39b-4215-8e76-b7b3835dd5aa"> <img width="1792" alt="Screenshot 2024-06-05 at 7 31 43 PM" src="https://github.com/firezone/firezone/assets/167144/c06d431d-37c1-4ca1-8ab2-67a879cf609b">

  • Jamil (06 Jun 24)

    feat(website): Link to trust center (#5271) - Architecture can be found via Docs - Changes old footer /docs to /kb link Fixes firezone/gtm#295

  • Thomas Eizinger (06 Jun 24)

    refactor(connlib): don't strinify domain name early (#5264) Turning a query's `name` into a `String` as late as possible avoids reparsing it in the tests.

  • dependabot[bot] (06 Jun 24)

    build(deps): Bump ex_cldr_dates_times from 2.17.1 to 2.18.0 in /elixir (#5174) Bumps [ex_cldr_dates_times](https://github.com/elixir-cldr/cldr_dates_times) from 2.17.1 to 2.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/elixir-cldr/cldr_dates_times/releases">ex_cldr_dates_times's releases</a>.</em></p> <blockquote> <h2>Cldr Dates Times version 2.18.0</h2> <h3>Bug Fixes</h3> <ul> <li> <p>Clarify format compiler documentation. Thanks to <a href="https://github.com/tjchambers"><code>@​tjchambers</code></a> for the issue. Closes <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/46">#46</a>.</p> </li> <li> <p>Fix typos. Thanks to <a href="https://github.com/tjchambers"><code>@​tjchambers</code></a> for the PR. Closes <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/47">#47</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elixir-cldr/cldr_dates_times/blob/main/CHANGELOG.md">ex_cldr_dates_times's changelog</a>.</em></p> <blockquote> <h2>Cldr_Dates_Times v2.18.0</h2> <p>This is the changelog for Cldr_Dates_Times v2.18.0 released on May 29th, 2024. For older changelogs please consult the release tag on <a href="https://github.com/elixir-cldr/cldr_cldr_dates_times/tags">GitHub</a></p> <h3>Bug Fixes</h3> <ul> <li> <p>Clarify format compiler documentation. Thanks to <a href="https://github.com/tjchambers"><code>@​tjchambers</code></a> for the issue. Closes <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/46">#46</a>.</p> </li> <li> <p>Fix typos. Thanks to <a href="https://github.com/tjchambers"><code>@​tjchambers</code></a> for the PR. Closes <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/47">#47</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/a67e8bbcb06b2743c995f4c9e661c64e464d9947"><code>a67e8bb</code></a> Fix compiler warnings for Elixir 1.17</li> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/ed25e659d7790219803c8f475f76e9c0da8597f5"><code>ed25e65</code></a> Merge branch 'main' of <a href="https://github.com/elixir-cldr/cldr_dates_times">https://github.com/elixir-cldr/cldr_dates_times</a></li> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/7875302b5fcf3eec9a3906ba67ceba42d9c93c9b"><code>7875302</code></a> Fix typo</li> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/71ed19825a3d06cdb603d8ea68806cd5c0dddd75"><code>71ed198</code></a> Merge pull request <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/47">#47</a> from tjchambers/minimim_typos</li> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/31bf82c20e2a8f6eecf3da6f2ff8b081b4d81214"><code>31bf82c</code></a> Improve compiler docs. Closes <a href="https://redirect.github.com/elixir-cldr/cldr_dates_times/issues/46">#46</a></li> <li><a href="https://github.com/elixir-cldr/cldr_dates_times/commit/c355bdc1a4f56328c22295fba00e24f46c90869b"><code>c355bdc</code></a> Correct typos of &quot;minimim&quot;</li> <li>See full diff in <a href="https://github.com/elixir-cldr/cldr_dates_times/compare/v2.17.1...v2.18.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ex_cldr_dates_times&package-manager=hex&previous-version=2.17.1&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Jamil (06 Jun 24)

    fix(ux): Use icon sizes consistent with text size (#5256) Fixes #5229 <img width="303" alt="Screenshot 2024-06-05 at 9 54 29 AM" src="https://github.com/firezone/firezone/assets/167144/b234ba01-b0e2-4d6b-ab49-48f90933f4de"> <img width="282" alt="Screenshot 2024-06-05 at 9 54 24 AM" src="https://github.com/firezone/firezone/assets/167144/126b35d6-ba39-45a0-b828-48ea50f450f5">

  • Jamil (06 Jun 24)

    fix(ux): Prevent <Enter> from submitting filters forms (#5213) Fixes #5211

  • Jamil (06 Jun 24)

    fix(ux): Remove some padding around vertical_table (#5260) # Before <img width="616" alt="Screenshot 2024-06-05 at 2 08 20 PM" src="https://github.com/firezone/firezone/assets/167144/90935c5e-3e19-499c-afdc-764280b8a306"> # After <img width="522" alt="Screenshot 2024-06-05 at 2 11 58 PM" src="https://github.com/firezone/firezone/assets/167144/8e22b64f-6169-4e98-9408-d796f690f3c8"> Fixes #5228 --------- Signed-off-by: Jamil <[email protected]>

  • Thomas Eizinger (06 Jun 24)

    refactor(connlib): remove DNS mangling from connection state (#5222) In case a configured DNS server is also a CIDR resource, DNS queries will be routed through the tunnel to the gateway. For this to work correctly, the destination of the request and the source of the response need to be mangled back to the originally configured DNS server. Currently, this mangling happens in the connection-specific `GatewayOnClient` state. More specifically, the state that we need to track are the IDs of the DNS queries that we actually mangled. This state isn't connection-specific and can thus be moved out of `GatewayOnClient` into `ClientState`. Removing this state is important because we will soon (#5080) implement roaming the client by simply dropping all connections and establishing new connections as the packets are flowing in. For this, we must store as little state as possible associated with each connection. Resolves: #5079.

  • Jamil (05 Jun 24)

    fix(ux): Adjust table column widths and overflow badges by truncating them (#5258) Fixes #5230 Fixes #5244 Fixes #5233 Fixes #5245 Fixes #5247 Fixes #5237 Fixes #5235 Fixes #5252 Updates the sidebar to collapse at the `xl` breakpoint, allowing to stay closed for more screen realestate on smaller screens. <img width="879" alt="Screenshot 2024-06-05 at 1 06 49 PM" src="https://github.com/firezone/firezone/assets/167144/ff864e57-ba6b-42ee-bdf5-f6b046e46717"> --------- Signed-off-by: Jamil <[email protected]>

  • Thomas Eizinger (05 Jun 24)

    test(connlib): improve assertion logs (#5223) In #5207, I already added logs for which assertions we are performing on ICMP packets. This PR does the same thing for the DNS queries that are being to connlib. It also adds spans that add some more context to the messages. Here is an excerpt of what this looks like: ``` Applying transition 19/19: SendICMPPacketToResource { idx: Index(3210705382108961150), seq: 57053, identifier: 28234, src: TunnelIp6 } 2024-06-05T07:06:30.742455Z INFO assertions: ✅ Performed the expected 2 ICMP handshakes 2024-06-05T07:06:30.742459Z INFO icmp{seq=15543 identifier=63125}: assertions: ✅ dst IP of request matches src IP of response: 3fb8:a7b0:c912:a648:6c9:7910:92dc:8db 2024-06-05T07:06:30.742461Z INFO icmp{seq=15543 identifier=63125}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742464Z INFO icmp{seq=15543 identifier=63125}: assertions: ✅ 3fb8:a7b0:c912:a648:6c9:7910:92dc:8db is the correct resource 2024-06-05T07:06:30.742467Z INFO icmp{seq=57053 identifier=28234}: assertions: ✅ dst IP of request matches src IP of response: 3fb8:a7b0:c912:a648:6c9:7910:92dc:8d8 2024-06-05T07:06:30.742470Z INFO icmp{seq=57053 identifier=28234}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742473Z INFO icmp{seq=57053 identifier=28234}: assertions: ✅ 3fb8:a7b0:c912:a648:6c9:7910:92dc:8d8 is the correct resource 2024-06-05T07:06:30.742477Z INFO dns{query_id=58256}: assertions: ✅ dst IP of request matches src IP of response: fd00:2021:1111:8000:100:100:111:0 2024-06-05T07:06:30.742480Z INFO dns{query_id=58256}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742483Z INFO dns{query_id=58256}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742485Z INFO dns{query_id=58256}: assertions: ✅ src port of request matches dst port of response: 9999 2024-06-05T07:06:30.742488Z INFO dns{query_id=22568}: assertions: ✅ dst IP of request matches src IP of response: 100.100.111.1 2024-06-05T07:06:30.742491Z INFO dns{query_id=22568}: assertions: ✅ src IP of request matches dst IP of response: 100.75.34.66 2024-06-05T07:06:30.742494Z INFO dns{query_id=22568}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742497Z INFO dns{query_id=22568}: assertions: ✅ src port of request matches dst port of response: 9999 2024-06-05T07:06:30.742500Z INFO dns{query_id=58735}: assertions: ✅ dst IP of request matches src IP of response: fd00:2021:1111:8000:100:100:111:2 2024-06-05T07:06:30.742502Z INFO dns{query_id=58735}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742505Z INFO dns{query_id=58735}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742507Z INFO dns{query_id=58735}: assertions: ✅ src port of request matches dst port of response: 9999 2024-06-05T07:06:30.742512Z INFO dns{query_id=59096}: assertions: ✅ dst IP of request matches src IP of response: fd00:2021:1111:8000:100:100:111:1 2024-06-05T07:06:30.742514Z INFO dns{query_id=59096}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742517Z INFO dns{query_id=59096}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742519Z INFO dns{query_id=59096}: assertions: ✅ src port of request matches dst port of response: 9999 2024-06-05T07:06:30.742522Z INFO dns{query_id=41570}: assertions: ✅ dst IP of request matches src IP of response: fd00:2021:1111:8000:100:100:111:1 2024-06-05T07:06:30.742525Z INFO dns{query_id=41570}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742527Z INFO dns{query_id=41570}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742530Z INFO dns{query_id=41570}: assertions: ✅ src port of request matches dst port of response: 9999 2024-06-05T07:06:30.742533Z INFO dns{query_id=15028}: assertions: ✅ dst IP of request matches src IP of response: fd00:2021:1111:8000:100:100:111:1 2024-06-05T07:06:30.742536Z INFO dns{query_id=15028}: assertions: ✅ src IP of request matches dst IP of response: fd00:2021:1111::a:3531 2024-06-05T07:06:30.742538Z INFO dns{query_id=15028}: assertions: ✅ dst port of request matches src port of response: 53 2024-06-05T07:06:30.742541Z INFO dns{query_id=15028}: assertions: ✅ src port of request matches dst port of response: 9999 ``` It is a bit repetitive because all assertions always run on all state transition. Nevertheless I've found it useful to be able to look at the assertions and visually verify that they make sense.

  • Thomas Eizinger (05 Jun 24)

    test(connlib): reduce number of local rejections (#5221) To make proptests efficient, it is important to generate the set of possible test cases algorithmically instead of filtering through randomly generated values. This PR makes the strategies for upstream DNS servers and IP networks more efficient by removing the filtering.

  • Thomas Eizinger (05 Jun 24)

    ci: make output of `cargo test` smaller (#5219) When the `tunnel_test` fails, it generates a lot of output because it keeps printing the backtrace over and over. This makes it difficult to access the input seed to the test. Copying this seed into a local environment is the first step in debugging this, at which point the backtrace can be enabled locally. We also disable the `verbose: 1` config option. Users can always set that using the `PROPTEST_VERBOSE` env variable.

  • Thomas Eizinger (05 Jun 24)

    test(connlib): generate up to 6 resolved IPs (#5218) With #5049, we will allocate a fixed set of 4 IPs per DNS resource on the client. In order to ensure that this always works correctly, increase the number of resolved IPs to at most 6.

  • Reactor Scram (05 Jun 24)

    refactor(connlib-client-shared): remove unnecessary `Arc<Mutex>` from logger (#5224) This may have been needed when the logger rolled files and uploaded, but now it compiles fine without it. I tested it once manually on Windows. I don't think the logging is covered by automated tests.

  • Jamil (05 Jun 24)

    fix(ux): consistent pagination size of 10 (#5255) Fixes #5226

  • Thomas Eizinger (05 Jun 24)

    test(connlib): increase buffer sizes (#5220) In case an upstream DNS server is a resource, we need to not only send an ICMP packet through the tunnel but also DNS queries. These can be larger than 200 bytes which currently breaks the test because we only give it a buffer of 200 bytes.

  • Reactor Scram (05 Jun 24)

    fix(tauri_client/windows): close and re-open the named pipe properly, and back off if needed (#5156) Closes #5143 The initial half-second backoff should typically be enough, and if the user is manually re-opening the GUI after a GUI crash, I don't think they'll notice. If they do, they can open the GUI again and it should all work.

  • Reactor Scram (05 Jun 24)

    test: fix 21 mutants from `cargo-mutants` (#5170) Most of these were in `known_dirs.rs` because it's platform-specific and `cargo-mutants` wasn't ignoring other platforms correctly. Using `cargo mutants -p firezone-gui-client -p firezone-headless-client` 176 / 236 mutants missed before 155 / 206 mutants missed after

  • Jamil (05 Jun 24)

    fix(ux): Settings linebreak (#5254) Fixes #5253 <img width="463" alt="Screenshot 2024-06-05 at 8 23 31 AM" src="https://github.com/firezone/firezone/assets/167144/878f8be7-2cbc-4b8c-b2c8-41a6926f7e2a">

  • dependabot[bot] (05 Jun 24)

    build(deps): Bump nimble_options from 1.1.0 to 1.1.1 in /elixir (#5175) Bumps [nimble_options](https://github.com/dashbitco/nimble_options) from 1.1.0 to 1.1.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dashbitco/nimble_options/blob/main/CHANGELOG.md">nimble_options's changelog</a>.</em></p> <blockquote> <h2>v1.1.1 (2024-05-25)</h2> <ul> <li>Fix typespecs to avoid Dialyzer warnings</li> <li>Do not list default values as part of received options</li> <li>Mark structs in backticks for doc references</li> <li>List deprecations in docs</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dashbitco/nimble_options/commit/cc80e7e6fdb9bbbe6a4614b2e2e81ca4012fc264"><code>cc80e7e</code></a> Release v1.1.1</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/4e34df13fe1ec778c54562655fe051e3606e9ac9"><code>4e34df1</code></a> Fix value of &quot;received options&quot; in error message (<a href="https://redirect.github.com/dashbitco/nimble_options/issues/128">#128</a>)</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/a3acae8e316935696d50e59140454f9cc20402b6"><code>a3acae8</code></a> Adjust specs for map support (<a href="https://redirect.github.com/dashbitco/nimble_options/issues/126">#126</a>)</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/c68a12726c4c7ed64783af68089d8e05f6a27efc"><code>c68a127</code></a> Show :deprecated in docs (<a href="https://redirect.github.com/dashbitco/nimble_options/issues/125">#125</a>)</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/57f5a479e7d96b8926704481c907b94196431a8a"><code>57f5a47</code></a> Fix test (<a href="https://redirect.github.com/dashbitco/nimble_options/issues/123">#123</a>)</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/104593b5a28971250dc921e67911de1443e46986"><code>104593b</code></a> Link struct reference in docs (<a href="https://redirect.github.com/dashbitco/nimble_options/issues/122">#122</a>)</li> <li><a href="https://github.com/dashbitco/nimble_options/commit/129c026b9f177f154f6b8d36f16f116a3dc59a6c"><code>129c026</code></a> Bump Elixir to 1.16 in CI</li> <li>See full diff in <a href="https://github.com/dashbitco/nimble_options/compare/v1.1.0...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nimble_options&package-manager=hex&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (05 Jun 24)

    build(deps): Bump phoenix_ecto from 4.5.1 to 4.6.1 in /elixir (#5183) Bumps [phoenix_ecto](https://github.com/phoenixframework/phoenix_ecto) from 4.5.1 to 4.6.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_ecto/blob/main/CHANGELOG.md">phoenix_ecto's changelog</a>.</em></p> <blockquote> <h2>v4.6.1</h2> <ul> <li>Bug fix <ul> <li>Ensure &quot;Create database&quot; action is shown when database is not available</li> </ul> </li> </ul> <h2>v4.6.0</h2> <ul> <li>Enhancements <ul> <li>Return 400 for character encoding errors in Postgrex</li> <li>Bump Elixir requirement to v1.11+</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/phoenixframework/phoenix_ecto/commit/98fbe74e99d5be0b112e938f5a274448f839172f"><code>98fbe74</code></a> Release v4.6.1</li> <li><a href="https://github.com/phoenixframework/phoenix_ecto/commit/bf499065a43cbde3078a04a2050a8f2d5c4fff9e"><code>bf49906</code></a> Show create database action when there is no database</li> <li><a href="https://github.com/phoenixframework/phoenix_ecto/commit/a893d11f471ebf8a961f6125d0a4422437353b75"><code>a893d11</code></a> Release v4.6.0</li> <li><a href="https://github.com/phoenixframework/phoenix_ecto/commit/d67a3b3a475bf3d08d343dac76d2c6c71bbb4053"><code>d67a3b3</code></a> Return 400 for character encoding errors (<a href="https://redirect.github.com/phoenixframework/phoenix_ecto/issues/175">#175</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix_ecto/commit/3bdb207e31a242d3286faf117c95a3c40a048dc5"><code>3bdb207</code></a> Fix map.field notation warning on Elixir 1.17 (<a href="https://redirect.github.com/phoenixframework/phoenix_ecto/issues/174">#174</a>)</li> <li>See full diff in <a href="https://github.com/phoenixframework/phoenix_ecto/compare/v4.5.1...v4.6.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phoenix_ecto&package-manager=hex&previous-version=4.5.1&new-version=4.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • dependabot[bot] (05 Jun 24)

    build(deps): Bump tokio from 1.37.0 to 1.38.0 in /rust (#5193) Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.37.0 to 1.38.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.38.0</h2> <p>This release marks the beginning of stabilization for runtime metrics. It stabilizes <code>RuntimeMetrics::worker_count</code>. Future releases will continue to stabilize more metrics.</p> <h3>Added</h3> <ul> <li>fs: add <code>File::create_new</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6573">#6573</a>)</li> <li>io: add <code>copy_bidirectional_with_sizes</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6500">#6500</a>)</li> <li>io: implement <code>AsyncBufRead</code> for <code>Join</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6449">#6449</a>)</li> <li>net: add Apple visionOS support (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6465">#6465</a>)</li> <li>net: implement <code>Clone</code> for <code>NamedPipeInfo</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6586">#6586</a>)</li> <li>net: support QNX OS (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6421">#6421</a>)</li> <li>sync: add <code>Notify::notify_last</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6520">#6520</a>)</li> <li>sync: add <code>mpsc::Receiver::{capacity,max_capacity}</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6511">#6511</a>)</li> <li>sync: add <code>split</code> method to the semaphore permit (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6472">#6472</a>, <a href="https://redirect.github.com/tokio-rs/tokio/issues/6478">#6478</a>)</li> <li>task: add <code>tokio::task::join_set::Builder::spawn_blocking</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6578">#6578</a>)</li> <li>wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6510">#6510</a>)</li> </ul> <h3>Changed</h3> <ul> <li>macros: make <code>#[tokio::test]</code> append <code>#[test]</code> at the end of the attribute list (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6497">#6497</a>)</li> <li>metrics: fix <code>blocking_threads</code> count (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6551">#6551</a>)</li> <li>metrics: stabilize <code>RuntimeMetrics::worker_count</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6556">#6556</a>)</li> <li>runtime: move task out of the <code>lifo_slot</code> in <code>block_in_place</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6596">#6596</a>)</li> <li>runtime: panic if <code>global_queue_interval</code> is zero (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6445">#6445</a>)</li> <li>sync: always drop message in destructor for oneshot receiver (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6558">#6558</a>)</li> <li>sync: instrument <code>Semaphore</code> for task dumps (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6499">#6499</a>)</li> <li>sync: use FIFO ordering when waking batches of wakers (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6521">#6521</a>)</li> <li>task: make <code>LocalKey::get</code> work with Clone types (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6433">#6433</a>)</li> <li>tests: update nix and mio-aio dev-dependencies (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6552">#6552</a>)</li> <li>time: clean up implementation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6517">#6517</a>)</li> <li>time: lazily init timers on first poll (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6512">#6512</a>)</li> <li>time: remove the <code>true_when</code> field in <code>TimerShared</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6563">#6563</a>)</li> <li>time: use sharding for timer implementation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6534">#6534</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>taskdump: allow building taskdump docs on non-unix machines (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6564">#6564</a>)</li> <li>time: check for overflow in <code>Interval::poll_tick</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6487">#6487</a>)</li> <li>sync: fix incorrect <code>is_empty</code> on mpsc block boundaries (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6603">#6603</a>)</li> </ul> <h3>Documented</h3> <ul> <li>fs: rewrite file system docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6467">#6467</a>)</li> <li>io: fix <code>stdin</code> documentation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6581">#6581</a>)</li> <li>io: fix obsolete reference in <code>ReadHalf::unsplit()</code> documentation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6498">#6498</a>)</li> <li>macros: render more comprehensible documentation for <code>select!</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6468">#6468</a>)</li> <li>net: add missing types to module docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6482">#6482</a>)</li> <li>net: fix misleading <code>NamedPipeServer</code> example (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6590">#6590</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/14c17fc09656a30230177b600bacceb9db33e942"><code>14c17fc</code></a> chore: prepare Tokio v1.38.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6601">#6601</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/65cbf730de48ef9d3c84959d26ab717a85a5de62"><code>65cbf73</code></a> chore: prepare tokio-macros v2.3.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6600">#6600</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/dbf93c71844a01574a10f9dee0d4d9655a569f0a"><code>dbf93c7</code></a> sync: fix incorrect is_empty on mpsc block boundaries (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6603">#6603</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/873cb8ae2fc291eaffbd71e3c83d17b2f0ed7abf"><code>873cb8a</code></a> runtime: move task out of the <code>lifo_slot</code> in <code>block_in_place</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6596">#6596</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/97bb47b480c66083397c21d54e7ae33cab6c1b20"><code>97bb47b</code></a> task: fix a typo in doc of <code>LocalSet::run_until</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6599">#6599</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/86658bd87dc470f8e36eb6b893cc403820cfb7ee"><code>86658bd</code></a> metrics: stabilize <code>RuntimeMetrics::worker_count</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6556">#6556</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/9e00b266e08d263c497dc9de57d9acbc049ae69b"><code>9e00b26</code></a> sync: add <code>Notify::notify_last</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6520">#6520</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/6c42d286b343f498ce29de2aab9358a0aedb081c"><code>6c42d28</code></a> net: fix misleading <code>NamedPipeServer</code> example (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6590">#6590</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/3a6fdc05681841c30fe4e27b63924c7908ea4634"><code>3a6fdc0</code></a> license: fix formatting and remove year in licenses (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6451">#6451</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/2890d0c3db4f595330d8d223bfbfeb81e205b048"><code>2890d0c</code></a> metrics: fix blocking_threads count (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6551">#6551</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.37.0...tokio-1.38.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.37.0&new-version=1.38.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Thomas Eizinger (05 Jun 24)

    test(connlib): generate resources with wildcard and `?` addresses (#5209) Currently, `tunnel_test` only tests DNS resources with fully-qualified domain names. Firezone also supports wildcard domains in the forms of `*.example.com` and `?.example.com`. To include these in the tests, we generate a bunch of DNS records that include various subdomains for such wildcard DNS resources. When sampling DNS queries, we already take them from the pool of global DNS records which now also includes these subdomains, thus nothing else needed to be changed to support testing these resources.

Firezone Website

Website

Redirects

Does not redirect

Security Checks

2 security checks failed (64 passed)

  • Robots Noindex
  • Empty Page Title

Server Details

  • IP Address 76.76.21.93
  • Location Walnut, California, United States of America, NA
  • ISP Vercel Inc
  • ASN AS16509

Associated Countries

  • US

Saftey Score

Website marked as moderately safe

90%

Blacklist Check

www.firezone.dev was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Firezone Reviews

More Self-Hosted Network Security

About the Data: Firezone

API

You can access Firezone's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/firezone

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Firezone

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Firezone and Awesome Privacy with your network!

View Self-Hosted Network Security (8)