letmein-10.0.0

Added

• Documentation of the wire protocol and the cryptographic algorithms has been added.
• Hints for distribution packaging have been added to the documentation.

Changed

• The MSRV has been bumped from 1.75 to 1.76 due to the nftables dependency MSRV.
• The seccomp rules have been made more strict for the prlimit syscall.
• The nftables.conf example has been simplified.

Removed

• Support for SIGHUP reloading of the daemons has been removed. There are two reasons for this: First it wasn't implemented correctly and didn't notify systemd. This will break with future versions of systemd. Second is that it didn't work (by design) with seccomp. Therefore, I decided to remove the feature. I personally don't think it's important to have it. Just restart the daemons instead of reloading them. If you disagree with this and if you have a valid use case for SIGHUP reloading that cannot easily be solved with restarting, open an issue please.

letmein-9.0.0

New features

• The nft executable can now be pinned in the letmeind.conf configuration file to avoid $PATH searches from the letmeinfwd daemon running as root.

• Use TCP_NODELAY for TCP connections to reduce knock latency.

Distribution packaging

In the default letmeind.conf configuration installed from distribution packaging install scripts please configure

[NFTABLES]
exe = nft

to the default path of the nft executable in your distribution.

For example:

[NFTABLES]
exe = /usr/sbin/nft

letmein-8.0.0

New features

• Support for UDP control port has been added.

If you choose a UDP port as control port and configure control-error-policy=basic-auth, then the letmein service itself operates in stealth mode and doesn't respond to unauthenticated incoming messages.

Documentation

• The documentation has been improved.

Fixes

• Locked dependencies have been updated to not include yanked crates and crates with known security problems. Note that none of the replaced dependency crates is known to cause security problems in letmein itself.
• Seccomp rules have been extended to include more required syscalls.

letmein-7.2.0

Fixes

• Fix build with cargo-audit version >=0.21

Added features

• Add option to suppress sending error messages to the internet, if not authenticated. This helps to not reveal what service is running on the control port to malicious scanner clients. See [GENERAL] control-error-policy in letmeind.conf. This feature is disabled by default, if the config option is missing.

letmein-7.1.0

Bug fixed

On letmeinfwd daemon shutdown the control port rule was not removed from the firewall. This could lead to letmeind still being reachable, if it was still running. This has been fixed.

In practice this should not be a real problem, though. If letmeind was still running, the communication with letmeinfwd would fail and the user would eventually receive a Nack for the knocking. If letmeind was also shutdown, the port would be closed anyway, regardless of the firewall rule.

An upgrade is recommended.

letmein-7.0.0

Fixes:

• Add TX/RX timeouts for control messages. This helps to mitigate potential DoS (Denial of Service) attacks on the control port.

Features:

• Optional seccomp support has been added to the firewall daemon letmeinfwd.
• Optional seccomp support has been added to the client application letmein.
• letmeind: Now prints the peer's IP address to the system log on unexpected protocol handling failures.

letmein-6.0.0

New features:

• Support for UDP port knocking has been added.
• The seccomp filters have been reduced further to what is necessary. This reduces the exploit surface.

letmein-5.1.0

• Documentation for the configuration files has been added in CONFIGURATION.md
• The dependency on the user_lookup crate has been removed and a simple local implementations of the needed subset of features has been added.
• Some sanity checks for the configuration have been added. Correct and working configurations are not affected.

letmein-5.0.0

New features:

• On firewall changes, now only the affected rules are touched instead of deleting and rebuilding everything each time.

Minor changes:

• The configuration prefix has been made configurable (via environment variable LETMEIN_CONF_PREFIX) and the cargo build default has been changed from /opt/letmein/etc to /etc. However, the build.sh script still uses the /opt/letmein/etc prefix. Therefore, nothing changes for most users. The option makes distribution packaging easier.
• API cleanup to make misuse of the protocol API harder.

letmein-4.0.0

Changes:

• Move compilation of seccomp program to build.rs.

Fixes:

• Remove sigaction from allowed syscalls.