Releases: oxen-io/lokinet
Lokinet v0.9.11
This minor update to Lokinet fixes a few issues introduced in the 0.9.10 release.
For service nodes, this releases is recommended as part of regular upgrades, but is not required.
All platforms
- Fixed missing option names in the default config file generated in 0.9.10 (#2055).
- The GUI minimum height is now reduced to work better on lower resolution screens (#2065).
- An(other) obsolete bootstrap file is now recognized and skipped if present when loading (#2066).
Windows
- Fixed a rare bug that could cause all DNS lookups (not just lokinet) to start working whenever Lokinet is activate (#2076).
Service nodes
- We now output a much more informative error on startup if the required lokid RPC setting is missing from the config (#2055).
(Edit: added the lokinet source tarball to the download list and re-signed)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
- the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
- OpenPGP key servers (Jason Rhinelander <jason@imaginary.ca>, A88D4262)
- https://imaginary.ca/public.gpg
- https://github.com/jagerman.gpg
0a4a972e1f2d7d2af7f6aebcd15953d98f4ff53b5e823a7d7aa2953eeea2c8d2 lokinet-0.9.11-win64.exe
a796134d3af1cfa2d3718166aede6a09155c63617ffb7de932a9c804bb3a68c7 lokinet-macOS.0.9.11.dmg
c16c82c7528beae5ceca072eaf6e1a9eb4b85247f1d60352344b5ee53009391c lokinet-v0.9.11.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmOPe7MACgkQxJks56iN
QmKqNA/+KFSFVGgBJk2Fn7ONk/m8/6YmSuiTF0zXCGtCH9E3YxNJvXkkErewWZVu
enVwKeNORQ3+7Cjrmz9sSx2dJYJNMAMoaIgsst3jiLI07EjKEHLEcWlcCXuCTvJ5
JmmaIQ2tlKdizUL9CIZWADesh0FvzVZN2HPtuZu7/dPQf6FnzmwaI/hSuOUV2TXG
6kNQL2IZB3zGjvNlFfBGZgWN1aNgP92we9O/v7sIP/Z9SXGdoN8eTSk8rwRdsGRE
TcDHAmt2jZV/ZhWlozCmIoz5rnAE+hTIjVQaLLxpjpaWx9FM8hPYcSQwxpbSmXId
qMElCBRcXQoZPvousVG5NhxkD/uFTqeWVkExlnIeU0zdXHBoTgNpq9/Q45lrJFVS
eQlzaDT4I6qyn/5nIuaDy1fdmHap3GFTIiCk1OVzGqbG7WSYz33hoMY+N/DxodYi
2p9Fyh8wHz9+tomTNW0zHhgASlUQY1KYcqSELS7h+EzrsL87JPOh665WfP1yXmeM
gzLdAz5ts5StmL/YB8YQ1CFSCHFvtfRMTLvHQB+xVzPcYe0nswaqsxaCpJieG8Dk
2XlOiwpkxHWh961Zh0hWp46c6V+01YYHw3hf8qIeIiUKuEc09pDUt1sDoTVYVbkZ
O8idIqJz4RRmlzcr5i7EsJKfPDqfDKGTUudRdAB5KybWVW0pYB8=
=JvWP
-----END PGP SIGNATURE-----
Lokinet v0.9.10
Lokinet 0.9.10
This is a major upgrade for Lokinet clients that brings a brand new GUI with many improvements, plenty of client-side fixes and upgrades, a new more reliable network handling code for Windows, and a completely overhauled macOS release (which has been absent for the past several releases).
For service nodes, this releases is recommended as part of regular upgrades, but is not required.
All platforms
- We now include the lokinet bootstrap file in the executable itself rather than needing to bundle or download it separately. This is now the default if no bootstrap file is specifically configured.
- Refactored log subsystem that produces better, cleaner log output.
- logs can now be sent to a subscriber via our zmq rpc, which is used by the new GUI to show log output.
All clients
- New GUI written in electron.
- Large refactor of DNS subsystem internals
Windows client
- We now use wintun instead of the old OpenVPN tun/tap driver for the low-level virtual lokinet network. Wintun is more reliable and better maintained.
- We now use windirect to properly intercept and handle system DNS requests, which more robustly captures DNS traffic and should prevent DNS leaks that have previously happened sometimes in Windows.
- Fix various crashes that could occur on startup or shutdown.
MacOS client
- Lokinet now supports macOS again. (This is our first macOS release in quite a while, so if things aren't working quite right, please report the issues!)
- We had previously stopped supporting it because our workaround to run on macOS stopped working: this new release uses proper Apple-sanctioned interfaces to run as a VPN system extension.
- Because it is now registered as a VPN, you can start/stop lokinet from the macOS Network Settings page; the GUI still works to control/monitor Lokinet, but doesn't have to be running in order for Lokinet to be active.
- Unfortunately, Apple does not allow unsigned (or self-signed) code to run as a system extension, which means you cannot compile for yourself on macOS (unless you have your own, paid-for developer account). We wish this wasn't the case, but if this matters to you then macOS is the wrong platform for you.
Linux client
- Lokinet DNS resolver can now bind to multiple UDP addresses to handle queries.
- By default Lokinet DNS still binds to
127.3.2.1:53
, but not also listens on random high port on127.0.0.1
for better compatibility with systemd-networkd. - added a new option (disabled by default) to enable raw DNS packet interception on on the lokinet vpn interface for advanced network configurations.
Service-node changes
- Add a log statement about our own
.snode
address on startup - Overhaul how listen IPs/ports are specified in the
[bind]
section of the config. The old syntax was confusing. Most common setups will continue to work just fine, but some exotic configurations on systems with multiple IP addresses may need the config fixed (if this is necessary, lokinet will immediately fail at startup with a suitable error message in the logs). - Revise how we handle service node lists after startup and registration activation, which should address reported issues about lokinet needing a restart after being staked.
- Lokinet now recognizes (and ignores) an old, obsolete bootstrap file that might be present on very old installations (installed around 2 years ago or more). This obsolete file could prevent a router that goes offline for several days from coming back online, because it would lose any way to connect to existing nodes. If we encounter such a file we now just ignore it, and use the built-in default fallback.
Build system
- Remove some dead code
- Simplify handling of libraries that can either be built as a submodule or used as a system library.
- Make lokinet version tag overrideable via
-DLOKINET_VERSIONTAG
(this has been patched into the deb builds for a very long time; this moves that patch into the main code to make it easier for other packaging systems that might want to use it). - Bump bundled openssl version for static builds to the latest 3.x release (instead of 1.1.x).
- Removed "shell hooks" option (the code wasn't desirable and has been long-gone).
Miscellaneous
- Restructure the repository docs directory
- Add demo keygen script for
.loki
keys - Refactor network utils subsystem, add mock and unit tests for testing if auto detection of network addresses works
- Remove invalid nodedb entries on startup
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
sha256 hashes:
ae695d49373f6f648d2de2c2910c60e6e7aad3632c02e4d6c1f478d04d18e091 lokinet-0.9.10-win64.exe
40fc9587eac68b1ef39315309dec59f5d97211f8bf3028591db8e3c22a0e8f2d lokinet-macOS.0.9.10.dmg
63425acf842a047704036390f311ef21bbbf1c1788dfb4eb3c490afdf9d36ccd lokinet-v0.9.10.tar.xz
this was signed with the key jeff@lokinet.io (025C02EE3A092F2D)
this key can be found at: https://github.com/majestrate.gpg
this messages was signed at 2026 EDT on nov 14 2022 (2022-11-15T01:09:13Z)
btc top block: 000000000000000000078efb893c59c5a381ce7bbf65c01bedc6f9524e51855a
height: 763200
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQQs5vJ0MTiCW3p+Uh0CXALuOgkvLQUCY3Lq8hAcamVmZkBsb2tp
bmV0LmlvAAoJEAJcAu46CS8twIIBAI1p6Zj5Xn6C0gKiTb5dItF5duv7O35TpAsj
umLiWD9QAQCN1jzoft2M942n4eZPNLNXoTkUZ7OCFy6yaga8re3zBQ==
=HUJ+
-----END PGP SIGNATURE-----
lokinet v0.9.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
= lokinet v0.9.9 (gluten free edition)
Service node only release for hf 19,
this release is manditory for all service nodes.
= service node changes
* bind section no longer allows 0.0.0.0 for inbound links, use your interface name and set public-ip and public-port in router section, boxes with multiple public addresses on one interface required this change be done.
if 0.0.0.0 is used and lokinet can infer a public ip, it will be used, otherwise it will error and need to be reconfigured with the proper entries in router section.
* bugfix in link layer state machine that should fix inbound sessions becoming in a permanently stuck state
* systemd status line reports more useful info like block hieght and gossip times.
* bugfixes regarding gossping and decommissions related to lokinet reachability
* idempotent queue flushing, all path builds and transit traffic should be butter smooth as a result.
= client side (non service node) changes
== windows
windows now has a new gui, dns leaks but ipv6 leak should be plugged.
expect remaining fixes in 0.9.10 tag
== config options
network section
* exit-node / exit-auth now allow multiple entries , exit nodes will be striped randomly for each range they are mapped to
* autorouting , turn route poker on and off
* blackhole-routes , turn off route poker's ipv4 / ipv6 route blackholing. useful for omitting non routable ranges like 200::/7 and fc00::/7 from route poker
* auth-file / auth-file-type , enable endpoint auth using hashed or plaintext passwords (hashed by default)
* auth-static , add static plaintext auth codes via config entry
dns section
* uptream will now default to 9.9.9.10
== cli
* removed -b flag, it did not do anything anyways.
* removed -v / --verbose flag, use config option in logging section, level = debug
== docs
* generate internal docs with doxygen
* remove outdated content, replace with placeholders
== build system
* new helper script: contrib/cross.sh for cross compiling from linux.
* macos build process redone in full, still not done yet.
=== new cmake options
* -DBUILD_DAEMON for toggling building of lokinet daemon, used only on apple platforms.
* -DWITH_BOOTSTRAP for toggling building of lokinet-bootstrap tool
== internals
* removed large amounts of dead code
* use oxenc for serializion insted of oxenmq
* split up cpack nsis commands into external files
* split up android build process into configure and build to fully parallize builds.
* embedded lokinet apis frozen.
* embedded lokinet internals finished.
* demacroize the code
* disable usage of ipv6 upstream dns in libunbound
* propagate link layer priority to link layer for proper resend prioritization
= release binaries
sha256 hashes for lokinet v0.9.9
signed by jeff@lokinet.io
key at https://lokinet.io/jeff.asc or http://lokinet.loki/jeff.asc
86f3624cc29ead3f5d0fb8281763315fd26ffe5b57a70876ce8700511908e45b lokinet-0.9.9-win64.exe
084a515103f32d8dcb519837054348b04e35157dd062e87bbee38b214973b72c lokinet-v0.9.9.tar.xz
the current bitcoin top block is:
best=00000000000000000005a372e7d48a080460d5249fbe5238e037314b9da4c8e2
height=738737
date='2022-05-31T14:24:36Z'
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQQs5vJ0MTiCW3p+Uh0CXALuOgkvLQUCYpYqgBAcamVmZkBsb2tp
bmV0LmlvAAoJEAJcAu46CS8tc2cA/368jR4l7bob+0FVtrQ6A17j/CA7xu45QCRl
X3QkR6W5AQDp8jYrL9pB0HWWrE5xlWQG9WxYt7L7Sp+ow/78ArqmAQ==
=joQh
-----END PGP SIGNATURE-----
lokinet v0.9.8
v0.9.8
windows is broken in this tag this release is for linux only (both clients and service nodes)
- fix long uptime cpu usage leak on service nodes
- fix excessive network jitter
- fix issue with service node testing algorithm
- redo ci pipeline docker images
v0.9.7
lokinet v0.9.7
bugfix release for clients.
client side fixes:
- work around volatile network path build success rate, prevent clients from becoming stuck in an edge case state from which it used to not recover from.
- bundle bootstrap.signed by default instead of requiring it be fetched externally
- logging subsystem refactor to use source_location
- fix issue with older systemd-resolved not being able to set dns
- lokinet will now load config files in lexigraphical order
- remove json logger
ci pipeline updates:
- basically totally redo the ci pipeline docker stuff
b2sums:
54d8d33ab1599a9cd5d989379c8ba083d81a0e7e1da1834847c6d61ebc9671e9351ee700651c16f5969dfb3c70c06e2e0e2636ce14b8f6ac00d1b58b915c6509 lokinet-0.9.7-win64.exe
lokinet v0.9.6
lokinet v0.9.6
bugfix release for service nodes
put release notes here
v0.9.5
Lokinet 0.9.5
This update fixes a few things in lokinet found since 0.9.4, most notably making peer testing more reliable (0.9.4 had an issue where a temporarily failing node could get stuck in failed status), as well as many miscellaneous updates to the lokinetmon tool for (command-line) monitoring of a running lokinet.
This release also uses jemalloc by default (and in the debian/ubuntu packages) to noticeably reduce memory usage, particularly after lokinet has been running for a few days.
Note that upgrading to this release is required for Service Nodes, along with oxen-core 9.2.0 and oxen-storage-server 2.2.0. Upgrade enforcement (i.e. decommissions and/or deregistrations) will begin at block 839009 (due 13 July, 23:00 UTC).
Note that we are no longer uploading static linux builds to github releases as these builds are generally a worse experience and harder to use (due to the permissions lokinet requires) compared to running lokinet as a proper system service as you get with the debian/ubuntu packages. If you still need static Linux builds you can get them from our CI build repository at https://oxen.rocks/oxen-io/lokinet, but we'd encourage you to use a proper package system or build lokinet yourself.
Signatures for release binaries
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
- the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
- OpenPGP key servers (Jason Rhinelander <jason@imaginary.ca>, A88D4262)
- https://imaginary.ca/public.gpg
e4aa35ded81ddff0379343a171e165ce7dcd9921072e76efef1ce180e7646b5d lokinet-windows-64bit-v0.9.5.zip
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmDlJJUACgkQxJks56iN
QmKZ4Q//VhChtDvVLyYlDm4fi4eK7TogQu25M8mYt1tURxxuPUy7ZWZ2xAt8XYzM
yTvC47DfuinXIaAEPsyjCNLPl0noUYv6h84+Pve3qLny3SuNWmDtv+ckimC5h+pY
lnF4hi1Yh0vh6qmDKNz3gv3zsFNMcedbOuuFrxs60tXblABPQ1Ls8fX/nhAlGAYf
E+c4wz/dPLNuOQ3DWO2hTBMLjEm7mUiKcbpTt5WqagWKwLpqA8kvgTbOdo3dGXwd
kZAmktOVVi9TRYOP+oLxDIGTIrgpManM8Jqb7n68c45Fzj6ulVJD4ocW0rEUH48r
CYYShmvGoCqFSqxcO05N4kSPiEdbYqyDh9C1oE7XS1UkGL2w78CZl1sZUaHwPgHU
pLyf3lppNsccwMTAcVMt+fjT5EoqszicraU+GYrIi9Oao3o9d3KWvGIkmgczfYEF
siNFxEWu3UmD7c2Noq6owjYjIScbRu0oIgJdDG6KR2ofqIbGaD2YfDyYsaf3+SHX
URdn9PoMaAKDewr8YHYQS8l8qG458jCVr/C3Cg0nwQAz40AbuR7X2OLv2pE0sPgz
G72iqoLg8ILhBzixRixRWJzoPZG2NTGTHs3V/VU93qK8fs/GlLWD8rfVDtbaHFEd
JmN3CZ0kN9bIirMwFpHWRQPgxJ+6uEwy0j6Hypnpl/B5ii0UrOI=
=UHa1
-----END PGP SIGNATURE-----
lokinet v0.9.4
lokinet 0.9.4
this release is a mandatory upgrade for service nodes, highly recommended for clients.
this release will have an accompanying release of storage server and oxend.
critical bug fixes (service nodes and clients)
- resolve inter node communication bug where multiple parallel outbound session attempts were being sent to the same remote udp endpoint causing a state race condition where establishing a new outbound session times out.
new client features
- new config option
[network]:persist-addrmap-file
to persist ephemeral ip mappings for inbound flows so that between restarts ip addresses dont remap for active flows, this allows tcp connections to stick between restarts. - new config option
[dns]:add-hosts
to add a dns hosts file by path for client side dns filtration, i.e. adblock and such. - allow non-standard dns port in upstream dns
client side updates
- add upper bound on parallel ONS lookups per name
- refactor some outbound snapp flow code to make it functional, total rewrite of that layer will happen soon after tag (probably).
- redo snapp flow handover logic
build system / ci
- static deps now are built in parallel
- removed old android cruft, replaced gradle build system with
./contrib/android.sh
- added flutter to android ci docker image, removed gradle from android docker ci image
- fixed typo in debian-stable ci docker image
- package jni libs in android ci pipeline
- package lokinet-bootstrap binary instead of the shell script in ci pipeline
android
- add
DumpStatus
native method tonetwork.loki.lokinet.LokinetDaemon
for state introspection
misc / utils
- added
contrib/bencode-dump.py
script for printing out bencoded files lokinetmon
updates to match changes in RPC (removal ofbadIntros
field)- updates to readme.md about building from source
- we will no longer provide static linux binaries in releases, users of oxen-rancher (the only users that should even care about these to begin with) should use CI builds from the stable branch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
lokinet v0.9.4 b2sum hashes, currently the windows installer is unsigned. this will be updated shortly.
f795f59216ef28e6f1572be9e376646c3772c13ba8100e00c55f7c524b2d9a6dcbe1697e13d6beac6708f99d33953d45871e15c2b96009d1b6d3d095bf2e5b97 *lokinet-v0.9.4.tar.xz
ae766e6ac9302c9d929fef6a66bd754410dbbdbeb7a5c417ad39abcaf35ca9386b05dac9913e3d51f16a2ae78772d73853cbf8304b5186c729459123fd085923 *lokinet-0.9.4-win64.exe
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQRn72umjnsLDW6099TzV7O0L2+bBQUCYNb9FgAKCRDzV7O0L2+b
BceSAP4mup5SbTxlGB/3SYSMcxVKnnG1raVA0vwBmbziaUOb6gEAmONAFJeGII3G
EDn0SsvcLd5/7yMvPZrri8q8SP8T2w8=
=8QmR
-----END PGP SIGNATURE-----
lokinet v0.9.3
lokinet v0.9.3
v0.9.3 contains regression fixes for relays and clients, upgrade is either required or highly recommended.
relay side changes
- properly update service node list periodically (fixes the network wide regression that makes lokinet "not work good")
- add lokinet reachability testing and reporting to be enforced some time in the possibly near future (pending on oxend release)
- track decommissioned service nodes as well as active service nodes, allow sessions to decommissioned service nodes but not paths, keep any existing paths open until they are dead
- mitigate race condition on handling LinkRelayStatus Message that would not properly propagate a failure to the previous hop
client side changes
- re-enable multithreading on clients (but not service nodes)
- better handling of premature failures from outbound lookups so that dns fails happen only when a total fail happen. partial fails do not propagate a fail right away
- better path handover logic
- lower jitter from lack of a client side flush when there is low packet rate
- path latency measurement FEC
- path latency now uses the mean of the last N samples instead of the last measurement
- made client side profiling super aggressive in order to prune bad/dead/stale/unreachable relays faster. will most likely result in a sharp decrease in known nodes as the dead ones are pruned
- client side profiling decays every 30 seconds instead of every 30 minutes to speed up profiling redemption (marking possibly bad routers as good again)
- introsets are published via near routers instead of just random ones
- clients will now only look up outbound snapp convotags, inbound snapp convotags no longer "lookup and connect back" on failure to get an active convotag
- reduce ONS endpoint diversity to accomidate low end devices that don't build paths as fast, this way looking up things like
exit.loki
happen faster - properly reset invalid/non-existent convotags in every failure case we can
liblokinet changes
- fix windows build so that it (probably) produces a proper dll
- export all functions properly on windows (probably)
misc changes
- added new mode to lokinetmon for viewing information about introsets and flows for clients (introset inspector mode)
- lokinetmon now uses argparse and has 2 flags:
--url
to set the rpc url and--introset
to enter introset inspector mode - decrease event loop tick interval from 100ms to 250ms to reduce log spam
Hashes
[insert hashes here when they are ready]
lokinet v0.9.2 (A series of tubes)
lokinet v0.9.2