Syspeace 4.3 and later

(Syspeace v4 is a new implementation of Syspeace and uses a new foundation from Syspeace v3. This page contains information about improvements in minor version releases starting with 4.3. For more information, see the Syspeace 4.0 page.)


This release includes the following improvements to Syspeace Console and Syspeace Service:

  • Fixed an issue in Console that could cause connections via Relay to not be detected even though they were established.
  • Fixed an issue in Service where two ways of restoring an account pairing could happen simultaneously.
  • Fixed an issue in Service where license checking could be delayed if the system was put into standby or sleep, causing the Service to appear as running with a valid license but without the engine started.
  • Fixed an issue in Service where two versions of a changing block of the same IP address could both remain as shared blocks when the older version should have been invalidated by the newer.
  • Improved Service’s handling of losing the connection to its Relay server and reconnecting to another Relay server.
  • Improved Console’s handling of losing the connection to all Relay servers (most commonly when it was only connected to one) and reconnecting to another Relay server.
  • Fixed an issue in Console where a Relay tunnel associated with a disconnected Relay server might not be marked as disconnected.
  • Fixed an issue in Console where, when a Relay tunnel is replaced by another Relay tunnel, the previous tunnel disconnection could be mistakenly seen as the new tunnel disconnecting and prevent communication over the new tunnel.
  • Fixed an issue in Console where a direct TCP connection to a Service would be continuously attempted even though the connection failed (due to the port or traffic being blocked), without falling back to a Relay tunnel as intended.
  • 4.3.501: Fixed an issue that could prevent Service from starting up.


With this release, Syspeace Service is now available for Linux.

Other changes:

  • Syspeace Console and the manual has been adapted to address Linux differences (file locations, iptables instead of Windows Filtering Platform, and so on).
  • Fixed an issue in Syspeace Service uninstallation that could lead to blocks not properly being removed from the firewall.
  • Improved reliability in Syspeace Service when an UDP announcement can’t be sent.
  • Fixed an issue in Syspeace Service where WFP blocks were being created as not persistent (if the WFP service was restarted, the blocks would not reappear). Usually WFP is only restarted on reboot, when Syspeace Service is also restarted and installs the blocks again, so this had limited impact.


New capabilities:

  • Shared blocks
    • Blocks created by rules on services can now be shared to other services automatically.
    • Blocks are scoped to either the entire account or to the particular license group the service is paired to. (This is set in the “manage account” section under a new Shared blocks tab.)
    • Shared blocks must be enabled on each service. It is off by default.
    • Each service can set a Max block duration to limit the block length.
    • Shared blocks will be sent to other services in the license group/account. No matter where, you can forgive a block locally (removing it only from that service) or globally (removing it from all services). Forgiving a block from all current services still means the block is present if a new service is added.
    • Each service can also set a “local network tag”. A block for in one network could refer to a completely different computer if it was contributed and then mirrored by a server in another network, with potentially confusing or disruptive effects. The “local network tag” is a way of naming each network. If one network is named “a” and another network named “b”, blocks with local IP addresses will only be mirrored on other servers that also have the same local network tag. If no local network tag has been entered, blocks with local IP addresses are not mirrored at all.
  • Shared IP lists
    • There can now be IP lists (safelist, blocklist or GeoIP override lists) created on the account level. (The lists are created and managed in the “manage account” section under a new Shared IP lists tab.)
    • Each list is scoped to either the entire account or to a particular license group.
    • Each list can be either mandatory (to all services), optional-opted-in (opted in by default), optional-opted-out (opted out by default) or disabled (not possible to opt into).
    • Each list contains entries as usual (IP range, description, country for GeoIP override lists).
    • Entries contained in or overlapping with local IP ranges can also either apply everywhere or have a local network tag assigned, where they only appear on services which have that local network tag (see Shared blocks).
    • These lists are managed in the “manage account” section under a new Shared IP lists tab.
    • In the console’s service tab, the lists that are applicable to that service appear in the IP lists section as usual. You can see the entries and opt in or opt out of them (unless they are mandatory). If opted out, you can see which entries would appear if opted in.
  • Service identity
    • Each service can now have a nickname, a color and some notes.
    • These details are entered in [service tab] → Management → Service ID.
    • You can configure how the nickname is shown in Console’s Settings.

Other changes:

  • The IP link’s popup now is more capable, with actions to show the IP’s current block in Current blocks and to add to/remove from IP lists.