Peer discovery over Nostr. 2.5x speed improvements. Windows, MacOS & OpenWrt support. Bluetooth transport. FIPS gateway and maaaany bugfixes!
Want to know more? Start at https://fips.network
quoting
naddr1qv…jl8rIn the months since v0.2.0, a community has crystallized around FIPS. Operators have stood up nodes across regions and run them on the public test mesh; contributors have reviewed patches and reported bugs against real traffic; and developers have landed substantial new features. v0.3.0 is the product of that work.
What follows walks through the release, then closes with a roundup of the community resources that have grown up alongside it.
v0.2.0 was FIPS's debut to a wider audience and stood up the public test mesh. v0.3.0 builds on that footing: it widens FIPS's platform reach to first-class binaries on macOS, Windows, OpenWrt, and Linux; opens the mesh to peers behind NAT through a Nostr-mediated discovery channel; ships a bridge for unmodified LAN hosts; hardens the mesh interface with an opt-in default-deny baseline and peer access control; substantially speeds up session-layer crypto and the Linux receive path; and lands a freshly reorganized documentation tree.
v0.2.1 also ships today, a bug-fix-only stable release that operators on the v0.2.x line can upgrade in place.
v0.3.0 is wire-compatible with the v0.2.x line and carries forward every bug fix from v0.2.1. Mixed meshes interoperate. Operators can roll out at their own pace.
What's in this release
Each item below is a summary; the release notes carry the full per-feature detail.
Cross-platform reach. First-class binaries for macOS (
.pkg, nativeutun, launchd), Windows (ZIP,wintun, Windows Service), and OpenWrt (.ipk, procd, dnsmasq forwarding, proxy NDP, RA-advertised routes), alongside Linux.deband tarball. MIPS atomic-ABI portability unblocks consumer-grade routers.Find each other through Nostr. Each node can optionally publish a signed advertisement to Nostr listing its reachable transport endpoints, and can scan public Nostr relays for advertisements from other nodes. This gives operators who are interested an automatic discovery path for nodes reachable over the Internet, without displacing the existing static-peer configuration. For nodes that are behind NAT gateways, the daemon coordinates a STUN-assisted UDP hole punch using NIP-59 gift-wrap signaling.
The new
fips-gatewaycapability allows node operators to extend the reach of the FIPS mesh to unmodified LAN hosts. LAN hosts can reach.fipsdestinations on the mesh, and mesh peers can reach configured services on the gateway's LAN, without FIPS running on the LAN host itself. The canonical deployment sits on a host that already serves DHCP and DNS to its LAN segment, such as a Linux router or an OpenWrt AP.Mesh-interface security baseline. Peer identity is authenticated end-to-end by the FMP and FSP Noise handshakes, but identity is not authorization. v0.3.0 ships an opt-in default-deny nftables baseline as a packaged conffile, with per-service drop-ins, allowing the operator granular control over port access to mesh peers on Linux. Separately,
peers.allow/peers.denyfiles restrict which peers a node will form direct links with.Faster session crypto. The ChaCha20-Poly1305 backend used by every FIPS Noise session now dispatches through ring 0.17 to BoringSSL's hand-tuned NEON / AVX2 / AVX-512 implementation. Wire format is byte-identical, so rollout order does not matter.
On an aarch64 docker target, two-node TCP single-stream throughput went from 437 to 1097 Mbps, two-node UDP at 1 Gbit went from 40% loss to lossless at line rate, and three-node ping under bulk load dropped from 7.68 ms avg / 215 ms max to 0.72 ms / 3.6 ms max as the relay path stopped being crypto-bound.
Documentation, end to end. The
docs/tree has been reorganized into four sections: tutorials, how-to, reference, and design. New users start atdocs/getting-started.md; the Join the test mesh tutorial connects a local daemon to the public test mesh in a few minutes. Operators with a specific task land indocs/how-to/; reference lookups indocs/reference/; architectural background indocs/design/.Experimental Bluetooth Low Energy transport ships for Linux, with maturity gated on field reports rather than the CI matrix. macOS BLE support is in development as a separate track.
Operator polish. Several improvements target day-to-day operation.
fipstopadds historical statistics with btop-style sparklines, andfipsctlexposes a wider set of diagnostic queries for inspecting node state. See the release notes for further operator-facing changes.A growing community
This release also marks the public debut of fips.network, the project's first official website. Three companion pages launch with it:
awesome.fips.network, a curated index of FIPS-related projects, tools, and writing.
join.fips.network, a fast on-ramp for trying the public test mesh.
learn.fips.network, a plain-language primer on what FIPS is and why it exists, written by @gigi.
Three podcast conversations about FIPS appeared during the v0.2.x cycle:
Citadel Dispatch CD193: FIPS - Fixing the Internet, Matt Odell hosting Arjen, March 2026.
No Solutions #24: Building FIPS, Gigi with Johnathan Corgan, April 2026.
Open Markets Podcast #5: What The Fips, Eric, Sync, and Arjen on community-resilient networking, May 2026.
A special call-out goes to Sovereign Engineering for the extensive testing, demo development, workshops, and feature work contributed to the FIPS project during their recent SEC-06 and SEC-07 events.
Get v0.3.0
Releases page: github.com/jmcorgan/fips/releases/tag/v0.3.0
Linux x86_64 / aarch64:
.deband tarball.Arch Linux:
fips(release) andfips-git(dev) from the AUR.macOS:
.pkg.Windows: ZIP.
OpenWrt:
.ipk.From source: github.com/jmcorgan/fips.
Full release notes (with the per-feature detail this announcement summarizes, behavior changes worth flagging, the upgrade checklist, and the operator-relevant bug-fix list) are at the v0.3.0 release page. The canonical changelog is in CHANGELOG.md. Issues and discussion at github.com/jmcorgan/fips.
Thanks to everyone who tested, reported, reviewed, and contributed.
Or, learn more in one of these podcasts:
Citadel Dispatch CD193: FIPS - Fixing the Internet - Arjen (nprofile…8d6t) : https://fountain.fm/episode/2luFagFMSN3J2IX7m4wj
No Solutions #24: Building FIPS - jcorgan (nprofile…sjfc) : https://fountain.fm/episode/7Zscpi0DAtOBtxjbvdAE
Open Markets Podcast #5: What The Fips - Arjen (nprofile…8d6t) : https://fountain.fm/episode/eaQOAVu8jhFQUhqu3XTu