Pritunl Cloud v1.2.2330.66

Pritunl Cloud v1.2.2330.66 has been released.

This update improves instance IPv6 networking including a fix where multiple IPv6 addresses would be created in the instance network namespace for some configurations. The node initialization for Vultr Bare Metal has been improved to create a better default network configuration. Instance isolation has been improved with new systemd options.

Options have been added to separately disable public IPv4 and IPv6 addresses. This allows running instances with only public IPv6 addresses. Options have also been added to set the default instance public address options. This will adjust the default public address options for new instances.

cloud_default_address

The options below are now configured for the instance systemd service. This will provide further isolation of the QEMU process from the host system. Some of these options will be disabled depending on the instance configuration. Although the Pritunl Cloud instance network interface already uses network namespaces this change will now place the entire QEMU process into the network namespace to provide high network isolation to the QEMU process. Options including iSCSI, VNC and SPICE require the QEMU process to access the host network and enabling these options will disable the NetworkNamespacePath option. When the desktop GUI is enabled the QEMU process needs access to the home directory directory to access the X11 or Wayland authority file and the tmp directory to access the X11 or Wayland socket.

PrivateTmp=true
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectKernelTunables=true
PrivateIPC=true
NetworkNamespacePath=/var/run/netns/NAMESPACEID