qdm12/gluetun (qmcgaw/gluetun)
### [`v3.38.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.38.0)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.37.0...v3.38.0)
#### Features
- Public IP fetching:
- Add `PUBLICIP_API_TOKEN` variable
- `PUBLICIP_API` variable supporting `ipinfo` and `ip2location`
- Private Internet Access: `PORT_FORWARD_ONLY` variable ([#2070](https://togithub.com/qdm12/gluetun/issues/2070))
- NordVPN:
- update mechanism uses v2 NordVPN web API
- Filter servers with `SERVER_CATEGORIES` ([#1806](https://togithub.com/qdm12/gluetun/issues/1806))
- Wireguard:
- Read config from secret file, defaults to `/run/secrets/wg0.conf` which can be changed with variable `WIREGUARD_CONF_SECRETFILE`
- Read private key, preshared key and addresses from individual secret files ([#1348](https://togithub.com/qdm12/gluetun/issues/1348))
- Firewall: disallow the unspecified address (`0.0.0.0/0` or `::/0`) for outbound subnets
- Built-in servers data updated:
- NordVPN
- Privado
- Private Internet Access
- VPN Unlimited
- VyprVPN
- Healthcheck: change unhealthy log from info to debug level
#### Fixes
- Privado: update OpenVPN zip file URL
- `STREAM_ONLY` behavior fixed ([#2126](https://togithub.com/qdm12/gluetun/issues/2126))
- Torguard: set user agent to be allowed to download zip files
- Surfshark:
- Remove no longer valid multi hop regions
- Fail validation for empty string region
- Clearer error message for surfshark regions: only log possible 'new' server regions, do not log old retro-compatible server regions
#### Maintenance
- Healthcheck: more explicit log to go read the Wiki health guide
- NAT-PMP: RPC error contain all failed attempt messages
- Github:
- add closed issue workflow stating comments are not monitored
- add opened issue workflow
- Dependencies
- Bump github.com/breml/rootcerts from 0.2.14 to 0.2.16 ([#2094](https://togithub.com/qdm12/gluetun/issues/2094))
- CI
- Pin docker/build-push-action to v5 (without minor version)
- Upgrade linter to v1.56.2
### [`v3.37.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.37.0)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.36.0...v3.37.0)
π π Happy new year **2024** π π *Personal note at the bottom* π
#### Features
- Port forwarding: port redirection with `VPN_PORT_FORWARDING_LISTENING_PORT`
- Custom provider: support tcp-client proto for OpenVPN
- NordVPN: add access token warning if used as wireguard private key
- Windscribe: update servers data
#### Fixes
- Shadowsocks: bump from v0.5.0-rc1 to v0.5.0
- treat udp read error as non critical
- log out crash error for tcpudp combined server
- Wireguard:
- Load preshared key from toml file correctly and from peer selection
- Custom provider OpenVPN:
- Default TCP port for any tcp protocol
- Firewall:
- Handle OpenVPN `tcp-client` protocol as `tcp`
- PureVPN: fix update url and update servers ([#1992](https://togithub.com/qdm12/gluetun/issues/1992))
- VPN Unlimited OpenVPN:
- Update CA certificate and add new second certificate
- Remove `DEFAULT:@SECLEVEL=0`
- Specify cipher as AES-256-CBC and auth as SHA512
- Format-servers command:
- Fix for providers with dashes
- Add missing `server name` header for PIA
#### Maintenance
- Bump github.com/breml/rootcerts from 0.2.11 to 0.2.14 ([#1800](https://togithub.com/qdm12/gluetun/issues/1800), [#1981](https://togithub.com/qdm12/gluetun/issues/1981))
- Bump github.com/fatih/color from 1.15.0 to 1.16.0 ([#1950](https://togithub.com/qdm12/gluetun/issues/1950))
- Bump github.com/klauspost/compress from 1.16.7 to 1.17.4 ([#1922](https://togithub.com/qdm12/gluetun/issues/1922), [#1993](https://togithub.com/qdm12/gluetun/issues/1993))
- Bump golang.org/x/crypto from 0.16.0 to 0.17.0 ([#2012](https://togithub.com/qdm12/gluetun/issues/2012))
- Bump golang.org/x/net from 0.12.0 to 0.19.0 ([#1907](https://togithub.com/qdm12/gluetun/issues/1907), [#1953](https://togithub.com/qdm12/gluetun/issues/1953), [#1985](https://togithub.com/qdm12/gluetun/issues/1985))
- Bump golang.org/x/sys from 0.11.0 to 0.13.0 ([#1897](https://togithub.com/qdm12/gluetun/issues/1897))
- Bump golang.org/x/text from 0.11.0 to 0.14.0 ([#1845](https://togithub.com/qdm12/gluetun/issues/1845), [#1946](https://togithub.com/qdm12/gluetun/issues/1946))
- CI:
- Bump actions/checkout from 3 to 4 ([#1847](https://togithub.com/qdm12/gluetun/issues/1847))
- Bump crazy-max/ghaction-github-labeler from 4 to 5 ([#1858](https://togithub.com/qdm12/gluetun/issues/1858))
- Bump DavidAnson/markdownlint-cli2-action from 11 to 14 ([#1871](https://togithub.com/qdm12/gluetun/issues/1871), [#1982](https://togithub.com/qdm12/gluetun/issues/1982))
- Bump docker/build-push-action from 4.1.1 to 5.1.0 ([#1860](https://togithub.com/qdm12/gluetun/issues/1860), [#1969](https://togithub.com/qdm12/gluetun/issues/1969))
- Bump docker/login-action from 2 to 3 ([#1936](https://togithub.com/qdm12/gluetun/issues/1936))
- Bump docker/metadata-action from 4 to 5 ([#1937](https://togithub.com/qdm12/gluetun/issues/1937))
- Bump docker/setup-buildx-action from 2 to 3 ([#1938](https://togithub.com/qdm12/gluetun/issues/1938))
- Bump docker/setup-qemu-action from 2 to 3 ([#1861](https://togithub.com/qdm12/gluetun/issues/1861))
- Bump github/codeql-action from 2 to 3 ([#2002](https://togithub.com/qdm12/gluetun/issues/2002))
***
##### Personal note on the state of Gluetun
I have been focusing my effort since mid November on [a DNSSEC validator](https://togithub.com/qdm12/dns/commits/dnssec/) to finalize a Go library on par with the usage we have of Unbound, in order to replace Unbound in Gluetun and add DNS special features for Gluetun. For example:
- automatically diverting local hostnames questions to the local Docker DNS server (a long overdued problem) - already implemented
- allow resolution of VPN endpoint hostname to ips in a very restricted DNS server + firewall to only allow a specific hostname to resolve (not implemented yet)
This is a tough problem not so well documented with few complete and valid implementations, so it's taking some time. There is likely 2 more weeks of work left before finalization.
### [`v3.36.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.36.0)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.35.0...v3.36.0)
π Happy Halloween π Hopefully it is not a spooky release! πΈ
#### Features
- Wireguard
- `WIREGUARD_ALLOWED_IPS` variable ([#1291](https://togithub.com/qdm12/gluetun/issues/1291))
- Parse settings from `/gluetun/wireguard/wg0.conf` ([#1120](https://togithub.com/qdm12/gluetun/issues/1120))
- VPN server port forwarding
- `VPN_PORT_FORWARDING_PROVIDER` variable ([#1616](https://togithub.com/qdm12/gluetun/issues/1616))
- ProtonVPN port forwarding support with NAT-PMP ([#1543](https://togithub.com/qdm12/gluetun/issues/1543))
- Servers data
- Surfshark servers data API endpoint updated ([#1560](https://togithub.com/qdm12/gluetun/issues/1560))
- Built-in servers data updated for Cyberghost, Mullvad, Torguard, Surfshark
- Clarify "Wireguard is up" message logged
- Updater log warning about using `-minratio` if not enough servers are found
- Configuration: add `/32` if not present for Wireguard addresses
#### Fixes
- **Minor breaking change**: `DNS_KEEP_NAMESERVER` leaves DNS fully untouched
- **Minor breaking change**: `update` command uses dashes instead of spaces for provider names (i.e. `-vpn\ unlimited` -> `-vpn-unlimited`)
- Port forwarding run loop reworked and fixed ([#1874](https://togithub.com/qdm12/gluetun/issues/1874))
- Public IP fetching run loop reworked and fixed
- ProtonVPN: add `aes-256-gcm` cipher for OpenVPN
- Custom provider: allow custom endpoint port setting
- IPv6 support for ipinfo ([#1853](https://togithub.com/qdm12/gluetun/issues/1853))
- Routing: `VPNLocalGatewayIP` Wireguard support
- Routing: add outbound subnets routes only for matching ip families
- Routing: change firewall only for matching ip families
- Netlink: try loading Wireguard module if not found ([#1741](https://togithub.com/qdm12/gluetun/issues/1741))
- Public IP: do not retry when doing too many requests
#### Documentation
- Readme
- remove `UPDATER_VPN_SERVICE_PROVIDERS` in docker-compose config
- remove Slack channel link (don't have time to check it)
- update Wireguard native integrations support list
- Update to use newer wiki repository
- update URLs logged by program
- update README.md links
- update contributing guide link
- update issue templates links
- replace Wiki issue template by link to Gluetun Wiki repository issue creation
- set program announcement about Github wiki new location
- Issue templates
- add Unraid as option in bug issue template
- provide minimum requirements for an issue: title must be filled, at least 10 lines of log provided, Gluetun version must be provided
#### Maintenance
- Dockerfile: add missing environment variables
- `OPENVPN_PROCESS_USER` value defaults to `root`
- Add `HTTPPROXY_STEALTH=off`
- Add `HTTP_CONTROL_SERVER_LOG=on`
- Code
- `internal/settings`: change source precedence order: Secret files then files then environment variables
- `internal/routing`: Wrap `setupIPv6` rule error correctly
- Move vpn gateway obtention within port forwarding service
- `internal/vpn`: fix typo `portForwader` -> `portForwarder`
- `internal/provider`: use type assertion for port forwarders
- CI
- rename workflow to `Markdown`
- Markdown workflow triggers on `*.md` files only
- Markdown workflow triggers for pull requests as well
- Markdown job runs misspell, linting and dead link actions
- Markdown publishing step to Docker Hub is only for pushes to the master branch
- Add markdown-skip workflow
- Dependencies
- Upgrade Go to 1.21
- Upgrade linter to v1.54.1
- Bump golang.org/x/text from 0.10.0 to 0.11.0 ([#1726](https://togithub.com/qdm12/gluetun/issues/1726))
- Bump golang.org/x/sys from 0.8.0 to 0.11.0 ([#1732](https://togithub.com/qdm12/gluetun/issues/1732), [#1786](https://togithub.com/qdm12/gluetun/issues/1786))
- Bump golang.org/x/net from 0.10.0 to 0.12.0 ([#1729](https://togithub.com/qdm12/gluetun/issues/1729))
- bump gosettings to v0.4.0-rc1
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v3.35.0
->v3.38.0
Release Notes
qdm12/gluetun (qmcgaw/gluetun)
### [`v3.38.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.38.0) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.37.0...v3.38.0) #### Features - Public IP fetching: - Add `PUBLICIP_API_TOKEN` variable - `PUBLICIP_API` variable supporting `ipinfo` and `ip2location` - Private Internet Access: `PORT_FORWARD_ONLY` variable ([#2070](https://togithub.com/qdm12/gluetun/issues/2070)) - NordVPN: - update mechanism uses v2 NordVPN web API - Filter servers with `SERVER_CATEGORIES` ([#1806](https://togithub.com/qdm12/gluetun/issues/1806)) - Wireguard: - Read config from secret file, defaults to `/run/secrets/wg0.conf` which can be changed with variable `WIREGUARD_CONF_SECRETFILE` - Read private key, preshared key and addresses from individual secret files ([#1348](https://togithub.com/qdm12/gluetun/issues/1348)) - Firewall: disallow the unspecified address (`0.0.0.0/0` or `::/0`) for outbound subnets - Built-in servers data updated: - NordVPN - Privado - Private Internet Access - VPN Unlimited - VyprVPN - Healthcheck: change unhealthy log from info to debug level #### Fixes - Privado: update OpenVPN zip file URL - `STREAM_ONLY` behavior fixed ([#2126](https://togithub.com/qdm12/gluetun/issues/2126)) - Torguard: set user agent to be allowed to download zip files - Surfshark: - Remove no longer valid multi hop regions - Fail validation for empty string region - Clearer error message for surfshark regions: only log possible 'new' server regions, do not log old retro-compatible server regions #### Maintenance - Healthcheck: more explicit log to go read the Wiki health guide - NAT-PMP: RPC error contain all failed attempt messages - Github: - add closed issue workflow stating comments are not monitored - add opened issue workflow - Dependencies - Bump github.com/breml/rootcerts from 0.2.14 to 0.2.16 ([#2094](https://togithub.com/qdm12/gluetun/issues/2094)) - CI - Pin docker/build-push-action to v5 (without minor version) - Upgrade linter to v1.56.2 ### [`v3.37.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.37.0) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.36.0...v3.37.0) π π Happy new year **2024** π π *Personal note at the bottom* π #### Features - Port forwarding: port redirection with `VPN_PORT_FORWARDING_LISTENING_PORT` - Custom provider: support tcp-client proto for OpenVPN - NordVPN: add access token warning if used as wireguard private key - Windscribe: update servers data #### Fixes - Shadowsocks: bump from v0.5.0-rc1 to v0.5.0 - treat udp read error as non critical - log out crash error for tcpudp combined server - Wireguard: - Load preshared key from toml file correctly and from peer selection - Custom provider OpenVPN: - Default TCP port for any tcp protocol - Firewall: - Handle OpenVPN `tcp-client` protocol as `tcp` - PureVPN: fix update url and update servers ([#1992](https://togithub.com/qdm12/gluetun/issues/1992)) - VPN Unlimited OpenVPN: - Update CA certificate and add new second certificate - Remove `DEFAULT:@SECLEVEL=0` - Specify cipher as AES-256-CBC and auth as SHA512 - Format-servers command: - Fix for providers with dashes - Add missing `server name` header for PIA #### Maintenance - Bump github.com/breml/rootcerts from 0.2.11 to 0.2.14 ([#1800](https://togithub.com/qdm12/gluetun/issues/1800), [#1981](https://togithub.com/qdm12/gluetun/issues/1981)) - Bump github.com/fatih/color from 1.15.0 to 1.16.0 ([#1950](https://togithub.com/qdm12/gluetun/issues/1950)) - Bump github.com/klauspost/compress from 1.16.7 to 1.17.4 ([#1922](https://togithub.com/qdm12/gluetun/issues/1922), [#1993](https://togithub.com/qdm12/gluetun/issues/1993)) - Bump golang.org/x/crypto from 0.16.0 to 0.17.0 ([#2012](https://togithub.com/qdm12/gluetun/issues/2012)) - Bump golang.org/x/net from 0.12.0 to 0.19.0 ([#1907](https://togithub.com/qdm12/gluetun/issues/1907), [#1953](https://togithub.com/qdm12/gluetun/issues/1953), [#1985](https://togithub.com/qdm12/gluetun/issues/1985)) - Bump golang.org/x/sys from 0.11.0 to 0.13.0 ([#1897](https://togithub.com/qdm12/gluetun/issues/1897)) - Bump golang.org/x/text from 0.11.0 to 0.14.0 ([#1845](https://togithub.com/qdm12/gluetun/issues/1845), [#1946](https://togithub.com/qdm12/gluetun/issues/1946)) - CI: - Bump actions/checkout from 3 to 4 ([#1847](https://togithub.com/qdm12/gluetun/issues/1847)) - Bump crazy-max/ghaction-github-labeler from 4 to 5 ([#1858](https://togithub.com/qdm12/gluetun/issues/1858)) - Bump DavidAnson/markdownlint-cli2-action from 11 to 14 ([#1871](https://togithub.com/qdm12/gluetun/issues/1871), [#1982](https://togithub.com/qdm12/gluetun/issues/1982)) - Bump docker/build-push-action from 4.1.1 to 5.1.0 ([#1860](https://togithub.com/qdm12/gluetun/issues/1860), [#1969](https://togithub.com/qdm12/gluetun/issues/1969)) - Bump docker/login-action from 2 to 3 ([#1936](https://togithub.com/qdm12/gluetun/issues/1936)) - Bump docker/metadata-action from 4 to 5 ([#1937](https://togithub.com/qdm12/gluetun/issues/1937)) - Bump docker/setup-buildx-action from 2 to 3 ([#1938](https://togithub.com/qdm12/gluetun/issues/1938)) - Bump docker/setup-qemu-action from 2 to 3 ([#1861](https://togithub.com/qdm12/gluetun/issues/1861)) - Bump github/codeql-action from 2 to 3 ([#2002](https://togithub.com/qdm12/gluetun/issues/2002)) *** ##### Personal note on the state of Gluetun I have been focusing my effort since mid November on [a DNSSEC validator](https://togithub.com/qdm12/dns/commits/dnssec/) to finalize a Go library on par with the usage we have of Unbound, in order to replace Unbound in Gluetun and add DNS special features for Gluetun. For example: - automatically diverting local hostnames questions to the local Docker DNS server (a long overdued problem) - already implemented - allow resolution of VPN endpoint hostname to ips in a very restricted DNS server + firewall to only allow a specific hostname to resolve (not implemented yet) This is a tough problem not so well documented with few complete and valid implementations, so it's taking some time. There is likely 2 more weeks of work left before finalization. ### [`v3.36.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.36.0) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.35.0...v3.36.0) π Happy Halloween π Hopefully it is not a spooky release! πΈ #### Features - Wireguard - `WIREGUARD_ALLOWED_IPS` variable ([#1291](https://togithub.com/qdm12/gluetun/issues/1291)) - Parse settings from `/gluetun/wireguard/wg0.conf` ([#1120](https://togithub.com/qdm12/gluetun/issues/1120)) - VPN server port forwarding - `VPN_PORT_FORWARDING_PROVIDER` variable ([#1616](https://togithub.com/qdm12/gluetun/issues/1616)) - ProtonVPN port forwarding support with NAT-PMP ([#1543](https://togithub.com/qdm12/gluetun/issues/1543)) - Servers data - Surfshark servers data API endpoint updated ([#1560](https://togithub.com/qdm12/gluetun/issues/1560)) - Built-in servers data updated for Cyberghost, Mullvad, Torguard, Surfshark - Clarify "Wireguard is up" message logged - Updater log warning about using `-minratio` if not enough servers are found - Configuration: add `/32` if not present for Wireguard addresses #### Fixes - **Minor breaking change**: `DNS_KEEP_NAMESERVER` leaves DNS fully untouched - **Minor breaking change**: `update` command uses dashes instead of spaces for provider names (i.e. `-vpn\ unlimited` -> `-vpn-unlimited`) - Port forwarding run loop reworked and fixed ([#1874](https://togithub.com/qdm12/gluetun/issues/1874)) - Public IP fetching run loop reworked and fixed - ProtonVPN: add `aes-256-gcm` cipher for OpenVPN - Custom provider: allow custom endpoint port setting - IPv6 support for ipinfo ([#1853](https://togithub.com/qdm12/gluetun/issues/1853)) - Routing: `VPNLocalGatewayIP` Wireguard support - Routing: add outbound subnets routes only for matching ip families - Routing: change firewall only for matching ip families - Netlink: try loading Wireguard module if not found ([#1741](https://togithub.com/qdm12/gluetun/issues/1741)) - Public IP: do not retry when doing too many requests #### Documentation - Readme - remove `UPDATER_VPN_SERVICE_PROVIDERS` in docker-compose config - remove Slack channel link (don't have time to check it) - update Wireguard native integrations support list - Update to use newer wiki repository - update URLs logged by program - update README.md links - update contributing guide link - update issue templates links - replace Wiki issue template by link to Gluetun Wiki repository issue creation - set program announcement about Github wiki new location - Issue templates - add Unraid as option in bug issue template - provide minimum requirements for an issue: title must be filled, at least 10 lines of log provided, Gluetun version must be provided #### Maintenance - Dockerfile: add missing environment variables - `OPENVPN_PROCESS_USER` value defaults to `root` - Add `HTTPPROXY_STEALTH=off` - Add `HTTP_CONTROL_SERVER_LOG=on` - Code - `internal/settings`: change source precedence order: Secret files then files then environment variables - `internal/routing`: Wrap `setupIPv6` rule error correctly - Move vpn gateway obtention within port forwarding service - `internal/vpn`: fix typo `portForwader` -> `portForwarder` - `internal/provider`: use type assertion for port forwarders - CI - rename workflow to `Markdown` - Markdown workflow triggers on `*.md` files only - Markdown workflow triggers for pull requests as well - Markdown job runs misspell, linting and dead link actions - Markdown publishing step to Docker Hub is only for pushes to the master branch - Add markdown-skip workflow - Dependencies - Upgrade Go to 1.21 - Upgrade linter to v1.54.1 - Bump golang.org/x/text from 0.10.0 to 0.11.0 ([#1726](https://togithub.com/qdm12/gluetun/issues/1726)) - Bump golang.org/x/sys from 0.8.0 to 0.11.0 ([#1732](https://togithub.com/qdm12/gluetun/issues/1732), [#1786](https://togithub.com/qdm12/gluetun/issues/1786)) - Bump golang.org/x/net from 0.10.0 to 0.12.0 ([#1729](https://togithub.com/qdm12/gluetun/issues/1729)) - bump gosettings to v0.4.0-rc1Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.