[Bug]: Netclient version 0.30 using 443 as port is not a good idea ?

[cocoonkid]

Contact Details

No response

What happened?

Not part fo my actual netclient network.

What network is this ?

Version

v0.26.0

What OS are you using?

No response

Relevant log output

No response

Contributing guidelines

• Yes, I did.

[cocoonkid]

okay I read the changelog.

Reduced Firewall Requirements To One Single Port (443 udp/tcp)

soooo. the whole world is running https services on this port.
I do not agree this is a good idea :-)
This change is gonna break a lot of networks/sites and automated installs.

[abhishek9686]

netclient will only use 443 if it's free otherwise defaults to 51821 and it only listens on private IP

[cocoonkid]

I suggest to change this. Many automations might try to deploy to 443 a few seconds or minutes later.

Or users sometime else and then they need to find and change the netclient port (which does not have a setting to even change it ?)

Also so many firewalls are akready preset to the netmaker ports. They all have to change now...

I love the product and I love you guys but please think this over 🙂 We have so many ports. Also such a change should really be announced some time upfront.

51821 was really fine. and only need one port ist also amazing.

But should stick to what has been preset. IMHO 🙂

My docker deployments did not like it...even though yes. It should only listen to a private port?

Port 51821 was already becoming associated with the netmaker brand too. Kinda.

[cocoonkid]

And I suggest adding the IP that it is going to connect to (in my case 10.10.2.18) to the server UI so it is immediately evident.

And to thenetclient list output. !

[abhishek9686]

I sugges to change this. Many automations might try to deploy to 443 a few seconds or minutes later.

Or users sometime else and then they need to find and change the netclient port (which does not have a setting to even change it ?)

Also so many firewalls are akready preset to the netmaker ports. They all have to change now...

I love the product and I love you guys but please think this over 🙂 We have so many ports. Also such a change should really be announced some time upfront.

51821 was really fine. and only need one port ist also amazing.

But should stick to what has been preset. IMHO 🙂

This won't affect existing netclients only for new clients, netclient also has the option to specify port while joining the network or you can also change it in the UI
doesn't really affect your existing services.
This is mainly done for environments with hard restrictions for opening many ports and wanted to improve the first-time experience for people deploying netclient in their environment because in most environments outbound 443 will be allowed.

[cocoonkid]

This won't affect existing netclients only for new clients, netclient also has the option to specify port while joining the network or you can also change it in the UI

It affects them as soon as they update in automated deployments.
to specify port is not listed in the cli only in docs .should be added.

This is a enterprise product, you are otherweise expecting users to go into the ui and change stuff there. really?

This is mainly done for environments with hard restrictions for opening many ports and wanted to improve the first-time experience for people deploying netclient in their environment because in most environments outbound 443 will be allowed.

If you have such an environment you are either the admin and know how to adjust or you do not have any business deploying nm there in the first place.

I was able to fix my deployments by specifying the port.
Any docker or k8s deployments that try to use the broadcast address port 443 after nm started will fail.
My arguments still stand. This change is unnecesarry and sacrifices existing client UX and wastes unncesarry time.

The risks are way bigger than any value provided.

[abhishek9686]

Yes, I know this is an enterprise product and our enterprise customers requested that we reduce the port requirements to a single port preferably to 443. We have built the client to be configurable, and all you need to do is add your desired port in the cmd argument while joining the network.
netclient join -t <key> --static-port -p 51821

If users are facing any issues with this change we are happy to revert the change

[cocoonkid]

I fully understand and it's a good change but FORCING the 443 is kinda the issue.
Keeping the standard for now and announcing "we now use just one port which is awesome, with version 3.2.0 we will make 443 the default" would habe been a tad more user friendly. Then even people like me have time to RTFM and adjust!

Thank you for taking the time to reply.
My aplogy if I came across in a bad way/mood.
English is not my native language.

I found netclient list now has more output too which broke all my parsers. That's okay :-)

cheers

[abhishek9686]

Nobody FORCING you set the port as 443, it is just the port that the client will use if available and you have an OPTION to use a different port. NOBODY is FORCING you to use the port mentioned.
Consider this a warning to maintain decorum while communicating in the community.

there were no changes made to the netclient list cmd, what more output?

[christian-schlichtherle]

Using port 443 by default is a bad choice for all the reasons @cocoonkid has explained already. I was also bitten by this regression and therefore found this ticket. The default port should be reverted back to what it was before: 51821 - 51830 (the first free port).