Enclave Release 2024.3.6

Hey all, I’m excited to tell you about a new release of Enclave out today, 2024.3.6.

We’ve made a lot of improvements in this release, let’s go through them.

New Features

Gateway Priority

In this release we’re giving you fine-grained control over how gateways are chosen when multiple gateways are available on a gateway policy, to give you active/passive failover, preferred routes, geographic selection (to choose the closest gateway) and more.

image

You can find more detail about this in our documentation.

Your client devices will need to be updated to the latest agent version before they begin following your gateway priority rules.

Subnet Names

A small but important improvement; you can now specify a name against subnets when setting up a gateway in the System detail pane.

These names then show up wherever they are used in a policy, to make it easier to choose the right subnet:

image

Automatic DNS Registration by Tag

Our partners have told us that they would like to be able to auto-register connected enclave systems into Enclave DNS using their hostname, so that devices that were formally available via existing domain DNS would now resolve to an Enclave IP for the same system.

That is to say, if you have a DNS Zone .internal configured in Enclave, and a system joins with the hostname my-laptop, that it should then have the my-laptop.internal domain, without additional admin activity.

Well, you can now do exactly that, by assigning one or more tags to a DNS Zone; all systems with that tag get a name in the zone.

Again, you can find more detail on this feature in our documentation.

Performance

We’ve spent a lot of time since the last release focussing on Enclave throughput; especially where Enclave Gateway is involved, to give you the best possible throughput in all cases.

Hopefully you should start to see a big increase in throughput through a gateway once you update. As an example, on a low-spec Standard_B2s (burstable, 2vcpu) Azure VM acting as a gateway to the internet, here’s the change; before and after the latest update, running a speed test through the gateway:

End-User Experience

A big change we’ve made to the end-user experience is on how they are notified that they need to provide credentials. Before, without visiting the enclave tray, it wasn’t always clear that they needed to login, so on Windows we now update the tray icon with a warning indicator if the user isn’t logged in, and we raise a persistent windows alert with a Login button that will take the user directly through the login flow without additional clicks:

image

In addition, if Enclave is stopped or failed to start, we’ve got an error state for that too:

image

On macOS and Linux desktop we’ve also improved the experience of the enclave auth command, so a browser flow is launched without needing a device code, reducing the time it takes to login.

Portal Policy UI Updates

We’ve made some big changes to the policy table view in our admin portal with the goal of making it easier to understand quickly what your policies are doing. Tags, gateways, ACLs and subnets are all a key part of your policies, so we’re bringing them to the forefront:

We would really appreciate any and all feedback you have about this design change, and we’ll continue to iterate on the design based on your responses.

Other changes

We’ve made a number of other smaller changes in this release; the main ones are:

  • Improve compatibility with systemd-resolved on Ubuntu 20.04 Desktop, to ensure DNS works as you’d expect.
  • Auto-configure iptables on systems running docker alongside Enclave, to ensure the two can route traffic side-by-side.
  • Improve stability of enclave gateways tunnelling over UDP.

Thanks, and happy networking!


Windows

To update to the latest version on Windows, you can click the upgrade prompt in the Enclave Tray app, or you can download directly from here.

If you require our unattended installers, you can download here

Linux

Please note, if you have not yet updated your apt/rpm signing key (see The following signatures were invalid: EXPKEYSIG A386D59E7C22F628), make sure you do so before updating.

To update on apt-compatible distributions, you can run sudo apt update & sudo apt install enclave to get the latest version.

On RPM Based Distros run dnf upgrade enclave or yum upgrade enclave

On all other distributions, head to the portal for installation instructions.

macOS

On macOS, run brew upgrade enclave to get the new version.

iOS

Our update is working it’s way through the App Store approvals process, and should be available shortly.

Android

Our update is currently rolling out gradually via the Google Play Store.

1 Like