Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different
Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
This patch implements a "TUNNELED" status indicator and "forceTcpRelay" setting for custom relays via local.conf.
For example:
{
"settings":
{
"tcpFallbackRelay": "6.79.53.215/443",
"forceTcpRelay":true
}
}
Surface Addresses are the addresses that
the roots report back to you.
This is helpful for trouble shooting.
If you're behind NAT, the source port is different
than what zerotier is bound to.
If the list of surface address ports is larger than the list of
bound addresses, you are probably behind symmetric NAT.
Anways this can be added to later with a more simple
"easy" or "hard" nat computed message somewhere.
Port used for PortMapping was not properly randomized causing multiple clients on the same lan to request the same UPnP port, and not all routers handle this gracefully.
Also fixes issue where the portmapper wasn't started at all if a secondary port wasn't specified, or if the tertiary port was manually specified.
Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED. This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
Grant Limberg
Joseph Henry
travis laduke
Brenton Bostick
Grant Limberg
Adam Ierymenko
staphen