Spokes v1.3.5 and Client v0.13.1

Published at January 9, 2022 ·  4 min read

Happy New Years!! It’s been some time since we last posted an upate but we’ve been very busy in the last few months of ‘21 and have published several releases of Spokes and our client software. I’ll summarize them below and describe the changes introduced in the newest releases - Spokes v1.3.5 and the Packetriot client v0.13.1.

Spokes Updates

Since Spokes v1.3.1 we’ve made three additional releases that lots of new features.

High-Availability

These releases included a new High-Availability mode which can be used to run two Spokes server side-by-side. It’s a simple HA configuration, one server is the primary and while it’s running will serve all clients. The second server is a backup and watches the primary, when a parameterized numer of failures occur it’ll fully initialize itself to start serving clients.

These two Spokes servers are normally hosted in different zones within the same data center and behind a load balancer. We have a reference architecture and blueprint for AWS.

Improved Migrations

Prior to v1.3.3 we manually wrote migration scripts. This is cumbersome and makes it difficult to support more deployments type. We switch over using the awesome ORM for Go, GORM.

This is going to simplify how we migrate between Spokes versions and enable us to release updates more quickly as GORM will be removing some steps in development and testing processes.

Portmap Management in Dashboard

In v1.3.4 we introduce an updated dashboard for managing tunnels and this included a new section to manage portmap configuration remotely from the Spokes dashboard.

A portmap allows a service behind a remote tunnel, or an completely external service, to be mapped to a local listneing port, e.g. 127.0.0.1:5000. This builds on the early service mesh functionality we introduced in v1.3.1 which will we will continue to mature and improve in this new calendar year.

API for Traffic Management

We’ve had support for tunnel traffic configuration in the Spokes dashboard for some time and with newly added support for portmaps, we’ve added (new) corresponding API endpoints in this latest release of Spokes v1.3.5 to make remote traffic configuration changes programmatic and so that users can automate how tunnels are setup.

Our Spokes Admin API documentation has been updated as well. We invite you to check them out for these new updates. This link begins the new section we added that describes the new API endpoints.

Our Go client has been updated as well and includes an example of us using the new APIs.

In addition, we’re working on Swagger API definitions so we can generate clients in all the different programming languages it supports such as C#, Java, Kotlin, Python, PHP and many others!

Packetriot Client Updates

This new release of client v0.13.1 introduces some small bug fixes, but we have some substantial improvements that we’ve added earlier but did not publish any change logs for.

Two-Factor Authentication

We’ve support cookie-based password authentication and also HTTP Basic-Digest authentication for some time now. In v0.12.0 we include support for two-factor authentication using time-based one-time-passcodes. You can use applications like Google Authenticator, Microsoft Authenticator, YubiKeys application and others to manage the 2FA you set up on an HTTP site served behind a tunnel and protected with 2FA.

It can be easily add to any site when you include this flag with the traffic rule:

[user@host ] pktriot tunnel http add --domain <domain> --enable2FA --password

A password must be used when enabling 2FA. When you visit and authenticate the first time the client will present a page to setup the two-factor using a QR code. Using one of the authenticator applications you snap a photo of the code and will be presented one-time-passcode that will can be used to finish the 2FA setup and future authentication requests.

New Targets

In v0.13.0 we added support for 32-bit and 64-bit FreeBSD targets.

We also add support in the client API, used by the Spokes server, to remote configure new portmap rules, modify existing rules or delete them. This functions worked with the improved Spokes dashboard support for managing portmaps in the UI.

Summary

2021 was an exciting year for Packetriot and Spokes. Our user and customer base has grown a lot. Spokes matured in a great cloud networking product and we’ve been able to help so many of our enterprise customers simplify their older and more complex networks.

In this new year we’re looking forward to build on our successes, thanks to you!

We’ll be creating a new home for Spokes so it can begin a path of its own. It initially grew out of a request for a customer to run their own secure tunneling server into a cloud networking solution that is competing against other popular systems like Linkerd or Envoy.

We’ll be working on improving the user experience for Packetriot and make it simpler to use and install. This includes publishing the Packetriot client in the Apple and Windows app stores and supporting a graphical user interface.

Let us know what you think we should focus on in this new year and thanks again for all your interest and support, cheers!