firezone

firezone copied to clipboard

docs(gui-client): dev / test docs are outdated

1

@conectado pointed this out, they don't explain how to run the Tunnel service ```[tasklist] ### Tasks - [ ] Note that GUI can't run as admin even on Windows -...

ReactorScram

It would be nice if the GUI survived a restart of the Tunnel service

thomaseizinger

Attempt to restart Tunnel service on Windows if not present

2

In case we cannot connect to the Tunnel service, we could offer to the user that we try to by trying to launch a program with elevated privileges that starts...

thomaseizinger

jamilbk

Persist `firezone-id` from tunnel process, not GUI process

1

For the device verification feature, we need to make sure (as much as possible) the IDs used for device identification in the portal do not change. In the macOS client,...

jamilbk

chore(connlib): optimise RAM usage

9

Currently, `connlib` spawns several threads with their default stack-size (2MB in Rust) but also depends on several crates that spawn threads themselves. We optimise the amount of RAM we use...

thomaseizinger

It looks like we can add the following for MDM-managed clients to automatically allow the network extension, similar to whitelisting for the system extension: ``` com.apple.security.firewall applications bundleID com.yourcompany.FirezoneNetworkExtension allowed...

jamilbk

Cache DNS on Gateway according to record TTL

2

See #8225. Requires embedding a DNS client in the Gateway to resolve domains. Most likely hickory-resolver.

thomaseizinger

Gateway auto-upgrades

8

Remembering to upgrade Gateways is a constant source of pain for admins, and frequently leads to us having to remind folks to upgrade them to fix bugs. Having outdated components...

jamilbk

"Allow LAN access" for sites

2

When doing full-route tunneling, it would be helpful to prevent certain CIDRs from being routed, like in the case where you're unable to isolate the Gateway from other protected Resources...

jamilbk