ZeroTier 1.6 includes a number of new features and capabilities back-ported from the 2.0 tree. As there are many changes, we are releasing at least one beta prior to a full release so our users and community can test these features and report back to us.
Version 1.6.0-beta1 is tagged as 1.5.0 and can be obtained from GitHub. Binaries are available here for Windows, Mac, and Debian and CentOS/RHEL derived Linux distributions.
NOTE for Windows users: the Windows .msi is not signed as we are currently waiting for our EV signing cert to be renewed. Once that’s done we’ll have signed Windows binaries.
The major new features in 1.6.0 are:
- • The ability to push DNS configuration to members, a long requested feature that will be valuable in enterprise environments with internal DNS servers or Windows domain controllers. The network controller side of this can be edited in ZeroTier Central by adding
?dns=1to the end of the
/network/<network ID>URL when viewing or editing a network. This will reveal a DNS configuration box in the network settings area beneath multicast configuration. On the client you must allow DNS setting management for a network in the ZeroTier UI or via the command-line interface with
zerotier-cli set <network ID> allowDNS <true|false>.
- • A fully mature beta of our multipath (a.k.a. bonding) support is here! Multipath allows ZeroTier to use multiple WAN links and can be operated in one of several different modes including active-backup and active-active with load balancing. See section 2.1.5 in our manual. Multipath can currently only be enabled via local.conf and will only work between 1.6.0 or above nodes. It should not be considered stable for serious production use yet but it has been tested quite extensively.
- • Version 1.6.0 includes our new AES-GMAC-SIV encryption mode, which will be used when communicating with 1.6.0 and above nodes. AES-GMAC-SIV can be anywhere from 2X to 8X faster than the old Salsa20/12-Poly1305 mode and also has somewhat better security bounds and worst-case security behavior. It’s also composed of components that are all permissible under NIST and FIPS-140 regulations, allowing us to proceed with full FIPS-140 verification of ZeroTier in the future. Right now we plan to do this in the 2.x release tree. Since AES-GMAC-SIV represents a slight variation on another block cipher mode, we worked with Trail of Bits to analyze and audit our design and ensure that it met required security bounds.
We invite our users to try 1.6.0-beta1 and let us know how it goes via GitHub issues, the forums, or support!