Support Emissary Outbound on Backend (v.0.8.2-alpha-preview)

Description

Emissary Outbound: Deploy your Protected Services that live “behind enemy lines”.

Punch a hole outward with Emissary Outbound to create a Protected Service where you don’t control the network / can’t allow ingress from the internet.

Emissary Outbound creates a tunnel between a service it can access and Drawbridge, effectively making Emissary a mini-Drawbridge.

Your machines can now securely proxy out connections to local services to Drawbridge as a Protected Service.

How to use

Note: Beyond downloading this update, you do not need to manually configure anything in Drawbridge to support Outbound connections as they come from a valid Emissary client.
Emissary Outbound is now a feature of the regular Emissary-Daemon client. It is enabled via passing two fields in the command line when launching Emissary:
--outbound is the host and port for the service you want to allow access to via Drawbridge
--service-name MUST be 15 characters in length with no special characters due to a bug. This will be fixed in the non-preview version.

Note: With this update, you will not see this Protected Service in the Drawbridge Dashboard yet, but you will in any connecting Emissary clients.

Example for a Minecraft server (note you'll need to change the address and port if using a different computer or port):
./Emissary_program --outbound localhost:25565 --service-name MinecraftServer

Now, when a regular Emissary client connections to your Outbound-Protected service, the connection flow will look like this:
Emissary <-> Drawbridge <-> Emissary Outbound <-> Outbound-Protected service (e.g Minecraft server)

Improve Performance / Bugfix (v0.8.1-alpha)

Using Drawbridge on a VPS introduces extra latency that doesn't exist when testing locally. The database locks up more frequently when accessed over long distances between the client and the Drawbridge Dashboard.

I tweaked the sqlite settings to improve this and improved some log output.

Enjoy!

Bugfixes & Listening Port (v0.8.0-alpha)

The --api CLI argument flag has been repurposed for the Drawbridge server's listening port.

Improved frontend loading times by using gzip.

Reduce db calls by storing the listening address in memory. Caused panics when the db was busy.

Revoke / Unrevoke UI Bugfix (v0.7.4-alpha)

The previous release introduced a bug which would cause a delay in reflecting the revoked status of an Emissary Fleet Device in the Drawbridge Dashboard.

Full Changelog: v0.7.3-alpha...v0.7.4-alpha

Critical Security Update & Support Emissary For Android 13+ (v0.7.3-alpha)

SECURITY UPDATE
Please update Drawbridge immediately as revoked client certificates in previous versions of Drawbridge did not persist after program restart. This has been fixed in this update (0.7.3-alpha) and additional testing will be added to protect from this sort of error in the future.

Onto more exciting news, Drawbridge now supports Emissary for Android 13+ (API 33+)🎉.

This release includes a new Emissary Bundle option, Android 13 and above, in the "Emissary Devices" page, and minor updates to ensure compatibility with our Emissary Android implementation.

To get Emissary onto your Android devices, you must download the APK from the Emissary-Android repo here. A release to the Google Play store is currently underway.

Read the Emissary for Android startup guide here

Note that the Emissary Bundle for Android does not ship with the Emissary client, unlike the desktop Emissary Bundles.

Connection Status for Emissary Device Fleet (v.0.7.2-alpha)

Get up-to-the-minute details on all of your connected devices with the Last Seen and IP status fields.

Drawbridge will make a note every time an Emissary device interacts with it, and display it in the Manage Emissary Device Fleet section of the dashboard.

Happy hosting!

(v0.7.1-alpha) Improve Emissary Bundles for Windows and Linux

Fixed some cross-platform woes that would lead to Emissary Bundles getting unzipped in a strange and confusing folder structure:

Fixed this by using forward slashes for all platforms.

Happy hosting!

(0.7.0-alpha) Emissary Fleet Update

Has one of your Emissary devices gone rogue? Recently fired an employee? This update is for you!

Revoke an Emissary client with a single click in the new Manage Emissary Device Fleet section of the Emissary Devices page. Any new connections from that device will be dropped during the handshake process. A follow-up update to close any existing connections is in the works.

This greatly raises the security posture of Drawbridge and paves the last mile before version 1.0 is released.

Bugfixes

• Fixed crashing when configuring Drawbridge after initial setup

Any issues can be raised in the GitHub Issues section of this repo or message me on X @dawsohen

(v0.6.0-alpha) Better Stability & Great Descriptions

Lots of great things to share today! We're super excited to release the latest major version for Drawbridge; packed with lots of quality of life updates and better connectivity with Emissary clients!

• The Drawbridge Dashboard provides clearer descriptions for the onboarding setup modal, Protected Services, and Emissary Bundles.
• Added connection retries to increase connection stability with Emissary clients
• Improved Emissary resilience by using protected service id instead of name. No more failed Emissary connections if you change the name of your Protected Service!
• Less verbose logging by default

Going forward, all Emissary client downloads should be done through the Emissary Bundle feature in Drawbridge. It automatically verifies the Emissary client is signed with the Drawbridge & Emissary Signing Key and generates the mTLS key and certificates automatically.

Happy hosting!

(v0.5.6-alpha) Stability Improvements

This update is focused on stability.

Fixed:

• Updating Protected Services resulted in a wiping of the entire record in the database.
• Program exits on trivial and spurious issues that can happen from time to time (file read errors, etc)