View Source Changelog

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.

unreleased

Unreleased

1-8-3-2022-05-12

1.8.3 - 2022-05-12

changed

Changed

  • Specifying an ip address for listen entries is no longer mandatory. The default value is now "::".
  • Make sure eturnal's log_dir is used for the additional log files created by eturnalctl daemon.
  • Keep TURN session IDs unique across eturnal restarts.
  • Binary release: Update Erlang/OTP from 24.2.2 to 24.3.4.
  • Binary release: Update OpenSSL from 1.1.1m to 1.1.1o.
  • Binary release: Update zlib from 1.2.11 to 1.2.12.
  • Binary release: Use new (GCC-11.2-based) version of build toolchain.
  • Binary release: Provide self-extracting installer for non-DEB/RPM systems.

fixed

Fixed

  • Windows: Don't fail to start up after reboot.

1-8-2-2022-03-02

1.8.2 - 2022-03-02

changed-1

Changed

  • Use a (pseudo)random secret by default.
  • Improve autodetection of relay IP addresses used by default if the relay_ipv4_addr and/or relay_ipv6_addr options aren't specified.
  • Binary release: Update Erlang/OTP from 24.2 to 24.2.2.

fixed-1

Fixed

  • Don't crash without explicit listen configuration. This bug was introduced with version 1.7.0.
  • Don't crash if the configuration file is empty (i.e., has no eturnal section).
  • Don't crash if TURN is enabled without a public IPv6 relay address being available.

1-8-1-2022-01-10

1.8.1 - 2022-01-10

fixed-2

Fixed

  • Don't fail to handle the $user argument of the eturnalctl sessions and eturnalctl disconnect calls.

1-8-0-2022-01-10

1.8.0 - 2022-01-10

added

Added

  • Allow for configuring TLS connection properties using the new tls_options, tls_ciphers, and tls_dh_file options (#6).
  • Allow for specifying a whitelist of IP addresses/subnets which will be accepted even if they would otherwise be rejected due to being matched by a blacklist (#12).
  • Don't close active TURN sessions when ephemeral credentials expire, by default. The new strict_expiry option allows for enabling the previous behavior.
  • Add eturnalctl disconnect $user command for closing any TURN session(s) of the specified $user name.
  • Let the eturnalctl sessions command accept an optional $user argument to list only the TURN session(s) of the specified $user name.
  • Support running eturnal without the Erlang Port Mapper Daemon (EPMD) by specifying the environment variable ERL_DIST_PORT (requires at least Erlang/OTP 23.1 and Rebar3 3.18.0).

changed-2

Changed

  • Binary release: Run eturnal without EPMD (as described above).

fixed-3

Fixed

  • Don't log bogus error messages if no eturnal modules are enabled when using Erlang/OTP version 21.0, 21.1, or 21.2.
  • Binary release: Don't let Erlang/OTP link against libnsl.so.1, which is no longer shipped by default on RedHat-based distributions, and isn't actually needed (#19).

1-7-0-2021-12-15

1.7.0 - 2021-12-15

added-1

Added

  • Introduce the listen option proxy_protocol for enabling HAproxy protocol (version 1 and 2) support (#18).

changed-3

Changed

  • Binary release: Update Erlang/OTP from 24.1.7 to 24.2.
  • Binary release: Update OpenSSL from 1.1.1l to 1.1.1m.
  • Binary release: Link asn1 and crypto NIFs statically into BEAM.
  • Binary release: Reduce size by a few MiB by omitting a test suite file.
  • Binary release: Don't forget to strip ERTS binaries.

fixed-4

Fixed

  • Don't crash when multiple secrets are configured on Erlang/OTP 23 or later.

1-6-0-2021-12-04

1.6.0 - 2021-12-04

added-2

Added

  • Add eturnalctl credentials and eturnalctl password commands for generating ephemeral TURN credentials.
  • Support the listen option transport: auto for accepting unencrypted TCP and TLS connections on the same port (thanks to Annika Hannig). Requires Erlang/OTP 23 or later.

changed-4

Changed

  • Binary release: Update Erlang/OTP from 24.1.4 to 24.1.7.

1-5-0-2021-11-02

1.5.0 - 2021-11-02

added-3

Added

  • Allow for specifying a list of shared secrets in order to facilitate key rollover (#16).
  • Improve UDP receive performance.
  • Reduce risk of UDP packet loss.

changed-5

Changed

  • Binary release: Update Erlang/OTP from 24.1.2 to 24.1.4.

fixed-5

Fixed

  • Handle the case where a tls_crt_file but no tls_key_file is specified (by assuming the tls_crt_file includes both the certificate and the key).
  • Don't forget to check for new PEM files on reload if the configuration wasn't modified (#17).

1-4-6-2021-10-11

1.4.6 - 2021-10-11

changed-6

Changed

  • Don't abort (but log an appropriate warning) if TURN is enabled without a shared secret.
  • Drop the runtime dependency on the openssl command for generating self-signed certificates.
  • Binary release: Update Erlang/OTP from 23.2 to 24.1.2.
  • Binary release: Update OpenSSL from 1.1.1i to 1.1.1l.

removed

Removed

  • Drop the mod_example module.

1-4-5-2021-01-28

1.4.5 - 2021-01-28

changed-7

Changed

  • Don't include timestamp when logging to the systemd journal.

fixed-6

Fixed

  • Let eturnalctl sessions cope with non-latin characters in user names.
  • Binary release: Let eturnalctl remote_console actually connect to the running eturnal instance.

1-4-4-2021-01-21

1.4.4 - 2021-01-21

changed-8

Changed

  • Reject Teredo and 6to4 peers unconditionally.
  • Reject 0.0.0.0/8 and ::/128 peers unconditionally.

fixed-7

Fixed

  • Never request certificates from TLS clients.

1-4-3-2020-12-16

1.4.3 - 2020-12-16

changed-9

Changed

  • Binary release: Update Erlang/OTP from 22.2 to 23.2.
  • Binary release: Update OpenSSL from 1.1.1g to 1.1.1i.

fixed-8

Fixed

  • Don't log stack traces if clients attempt authentication while TURN is disabled.

1-4-2-2020-11-04

1.4.2 - 2020-11-04

changed-10

Changed

  • Make sure the eturnal.yml file isn't installed world-readable, as it might contain the shared TURN secret (#10).

1-4-1-2020-09-09

1.4.1 - 2020-09-09

fixed-9

Fixed

  • Fix systemd watchdog interval recalculation during configuration reloads.

1-4-0-2020-09-06

1.4.0 - 2020-09-06

added-4

Added

  • Add mod_log_stun for logging STUN requests. Without this module, they will now only show up in the debug log output.
  • Add list of TURN permissions to the eturnalctl sessions output.

changed-11

Changed

  • Always log reason for TCP/TLS connection termination (at info level).
  • Omit Erlang process ID from log messages (now that a session ID is logged).

fixed-10

Fixed

  • Make the eturnalctl sessions command work with recent versions of the stun application.

1-3-0-2020-08-26

1.3.0 - 2020-08-26

added-5

Added

  • Add eturnalctl info command, which prints some details regarding the running eturnal instance.
  • Add the TURN session duration to the eturnalctl sessions output.
  • Document the module API for developers.

changed-12

Changed

  • Refactor the module API to avoid bottlenecks.

1-2-1-2020-08-16

1.2.1 - 2020-08-16

fixed-11

Fixed

  • Strip the BEAM files shipped with the binary release. Due to a bug in the build tooling, this didn't happen for the previous release.

1-2-0-2020-08-16

1.2.0 - 2020-08-16

added-6

Added

  • Add experimental support for modules and include a mod_example with the source code. The APIs aren't documented yet and may change in the future.
  • Include mod_stats_influx, a module for logging STUN/TURN events/statistics to InfluxDB (contributed by Marc Schink).

1-1-0-2020-07-22

1.1.0 - 2020-07-22

added-7

Added

  • Add eturnalctl session command, which lists some details about the currently active TURN sessions.

changed-13

Changed

  • Append session ID, transport, username, and client IP addresses/ports to STUN/TURN log messages.
  • Append relay/peer IP addresses/ports to TURN log messages.
  • Log amount of relayed traffic per TURN session.
  • Log plain STUN (Binding) responses.
  • Log more info level messages during TURN sessions.
  • Log error responses sent to STUN/TURN clients.

fixed-12

Fixed

  • Make configuration reloads performed after changing the listen configuration more robust against timing issues.
  • Let eturnalctl commands that query the running node fail gracefully if eturnal isn't running.

1-0-0-2020-07-13

1.0.0 - 2020-07-13

added-8

Added

  • Allow for setting the log_dir option to the special value stdout, which tells eturnal to print log messages to the standard output rather than logging to a file.
  • Publish DEB and RPM packages, and adjust the documentation accordingly.

changed-14

Changed

  • Allow for binding to privileged ports (if started via systemd).
  • Disable TURN support in the example configuration file.
  • If the distribution provides an epmd.service, make sure eturnal uses it rather than starting its own EPMD instance.
  • Don't bind EPMD to 127.0.0.1 by default.

fixed-13

Fixed

  • Only signal readiness to systemd if eturnal's startup actually was successful.

0-8-0-2020-07-08

0.8.0 - 2020-07-08

added-9

Added

  • Support systemd's notify startup type.
  • Support systemd's service watchdog feature.

changed-15

Changed

  • Remove max_allocations option from the documentation and from the example configuration. The stun application currently ignores this option, and it's not all that useful with ephemeral TURN credentials anyway.

fixed-14

Fixed

  • Don't ignore the log_level option when the configuration is reloaded.

0-7-0-2020-07-07

0.7.0 - 2020-07-07

added-10

Added

  • Ship documentation and license with binary release archive.
  • Add reference documentation which can be built by calling rebar3 edoc within the source directory.
  • Allow for starting up eturnal without release boot file by calling a command such as erl -conf file '"/etc/eturnal.yml"' -s eturnal (assuming the BEAM files are in the code path).

changed-16

Changed

  • Refuse TURN relaying from/to loopback addresses by default.

0-6-0-2020-07-02

0.6.0 - 2020-07-02

added-11

Added

  • Include an example init script for non-systemd platforms.

changed-17

Changed

  • Log more (and improved) info and debug level messages.
  • Allow for starting up eturnal without configured secret if TURN is disabled.

0-5-0-2020-06-30

0.5.0 - 2020-06-30

added-12

Added

  • Let eturnalctl version print the version string of the running release.
  • Add an initial version of a test suite.

changed-18

Changed

  • Allow non-root users to run the eturnalctl script if they have eturnal's Erlang cookie.
  • Make the release directory freely relocatable.

0-4-0-2020-06-28

0.4.0 - 2020-06-28

fixed-15

Fixed

  • Fix TURN authentication on Erlang/OTP versions older than 22.1.

0-3-0-2020-06-28

0.3.0 - 2020-06-28

changed-19

Changed

  • Change systemd service type in order to support systemd versions older than 240.

fixed-16

Fixed

  • Make sure the eturnalctl script can be invoked by the superuser.
  • Fix compatibility with Erlang/OTP 21.0, 21.1, and 21.2.

0-2-0-2020-06-25

0.2.0 - 2020-06-25

changed-20

Changed

  • Add Erlang process ID to log messages.

0-1-0-2020-06-24

0.1.0 - 2020-06-24

changed-21

Changed

  • Allow for configuring the same (port, transport) combination on different IP addresses.

fixed-17

Fixed

  • Fix parameter expansion in eturnalctl script which prevented eturnal from starting up.
  • In the README section that describes building from source, don't forget to mention that rebar3 needs to be made executable.

0-0-1-2020-06-23

0.0.1 - 2020-06-23

added-13

Added

  • Initial (pre-)release of the eturnal STUN/TURN server.