qdm12/gluetun (qdm12/gluetun)
### [`v3.39`](https://togithub.com/qdm12/gluetun/compare/v3.39.0...v3.39.0)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.39.0...v3.39.0)
### [`v3.39.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.39.0)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.38.1...v3.39.0)
#### Features
- OpenVPN: default version changed from 2.5 to 2.6
- Alpine upgraded from 3.18 to 3.20 (3.19 got skipped due to buggy `iptables`)
- Healthcheck: change timeout mechanism
- Healthcheck timeout is no longer fixed to 3 seconds
- Healthcheck timeout increases from 2s to 4s, 6s, 8s, 10s
- No 1 second wait time between check retries after failure
- VPN internal restart may be delayed by a maximum of 10 seconds
- Firewall:
- Query iptables binary variants to find which one to use depending on the kernel
- Prefer using `iptables-nft` over `iptables-legacy` (Alpine new default is nft backend iptables)
- Wireguard:
- `WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL` option
- read configuration file **without** case sensitivity
- VPN Port forwarding: only use port forwarding enabled servers if `VPN_PORT_FORWARDING=on` (applies only to PIA and ProtonVPN for now)
- FastestVPN:
- Wireguard support ([#2383](https://togithub.com/qdm12/gluetun/issues/2383) - Credits to [@Zerauskire](https://togithub.com/Zerauskire) for the initial investigation and [@jvanderzande](https://togithub.com/jvanderzande) for an initial implementation as well as reviewing the pull request)
- use API instead of openvpn zip file to fetch servers data
- add city filter `SERVER_CITY`
- update built-in servers data
- Perfect Privacy: port forwarding support with `VPN_PORT_FORWARDING=on` ([#2378](https://togithub.com/qdm12/gluetun/issues/2378))
- Private Internet Access: port forwarding options `VPN_PORT_FORWARDING_USERNAME` and `VPN_PORT_FORWARDING_PASSWORD` (retro-compatible with `OPENVPN_USER` and `OPENVPN_PASSWORD`)
- ProtonVPN:
- Wireguard support ([#2390](https://togithub.com/qdm12/gluetun/issues/2390))
- feature filters `SECURE_CORE_ONLY`, `TOR_ONLY` and `PORT_FORWARD_ONLY` ([#2182](https://togithub.com/qdm12/gluetun/issues/2182))
- determine "free" status using API tier value
- update built-in servers data
- Surfshark: servers data update
- VPNSecure: servers data update
- `VPN_ENDPOINT_IP` split into `OPENVPN_ENDPOINT_IP` and `WIREGUARD_ENDPOINT_IP`
- `VPN_ENDPOINT_PORT` split into `OPENVPN_ENDPOINT_PORT` and `WIREGUARD_ENDPOINT_PORT`
#### Fixes
- `VPN_PORT_FORWARDING_LISTENING_PORT` fixed
- IPv6 support detection ignores loopback route destinations
- Custom provider:
- handle `port` option line for OpenVPN
- ignore comments in an OpenVPN configuration file
- assume port forwarding is always supported by a custom server
- VPN Unlimited:
- change default UDP port from 1194 to 1197
- allow OpenVPN TCP on port 1197
- Private Internet Access Wireguard and port forwarding
- Set server name if names filter is set with the custom provider (see [#2147](https://togithub.com/qdm12/gluetun/issues/2147))
- PrivateVPN: updater now sets openvpn vpn type for the no-hostname server
- Torguard: update OpenVPN configuration
- add aes-128-gcm and aes-128-cbc ciphers
- remove mssfix, sndbuf, rcvbuf, ping and reneg options
- VPNSecure: associate `N / A` with no data for servers
- AirVPN: set default mssfix to 1320-28=1292
- Surfshark: remove outdated hardcoded retro servers
- Public IP echo:
- ip2location parsing for latitude and longitude fixed
- abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures)
- `internal/server`: `/openvpn` route status get and put
- get status return stopped if running Wireguard
- put status changes vpn type if running Wireguard
- Log out if `PORT_FORWARD_ONLY` is enabled in the server filtering tree of settings
- Log last Gluetun release by tag name alphabetically instead of by release date
- `format-servers` fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark
- `internal/tun`: only create tun device if it does not exist, do not create if it exists and does not work
#### Documentation
- readme:
- clarify shadowsocks proxy is a server, not a client
- update list of providers supporting Wireguard with the custom provider
- add protonvpn as custom port forwarding implementation
- disable Github blank issues
- Bump github.com/qdm12/gosplash to v0.2.0
- Add `/choose` suffix to github links in logs
- add Github labels: "Custom provider", "Category: logs" and "Before next release"
- rename `FIREWALL_ENABLED` to `FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT` due to the sheer amount of users misusing it. `FIREWALL_ENABLED` won't do anything anymore. At least you've been warned not to use it...
#### Maintenance
- Code health
- PIA port forwarding:
- remove dependency on storage package
- return an error to port forwarding loop if server cannot port forward
- `internal/config`:
- upgrade to `github.com/qdm12/gosettings` v0.4.2
- drop `github.com/qdm12/govalid` dependency
- upgrade `github.com/qdm12/ss-server` to v0.6.0
- do not un-set sensitive config settings anymore
- removed bad/invalid retro-compatible keys `CONTROL_SERVER_ADDRESS` and `CONTROL_SERVER_PORT`
- OpenVPN protocol field is now a string instead of a TCP boolean
- Split server filter validation for features and subscription-tier
- provider name field as string instead of string pointer
- `internal/portforward`: support multiple ports forwarded
- Fix typos in code comments ([#2216](https://togithub.com/qdm12/gluetun/issues/2216))
- `internal/tun`: fix unit test for unprivileged user
- Development environment
- fix `source.organizeImports` vscode setting value
- linter: remove now invalid skip-dirs configuration block
- Dependencies
- Bump Wireguard Go dependencies
- Bump Go from 1.21 to 1.22
- Bump golang.org/x/net from 0.19.0 to 0.25.0 ([#2138](https://togithub.com/qdm12/gluetun/issues/2138), [#2208](https://togithub.com/qdm12/gluetun/issues/2208), [#2269](https://togithub.com/qdm12/gluetun/issues/2269))
- Bump golang.org/x/sys from 0.15.0 to 0.18.0 ([#2139](https://togithub.com/qdm12/gluetun/issues/2139))
- Bump github.com/klauspost/compress from 1.17.4 to 1.17.8 ([#2178](https://togithub.com/qdm12/gluetun/issues/2178), [#2218](https://togithub.com/qdm12/gluetun/issues/2218))
- Bump github.com/fatih/color from 1.16.0 to 1.17.0 ([#2279](https://togithub.com/qdm12/gluetun/issues/2279))
- Bump github.com/stretchr/testify to v1.9.0
- Do not upgrade busybox since vulnerabilities are fixed now with Alpine 3.19+
- CI
- Bump DavidAnson/markdownlint-cli2-action from 14 to 16 ([#2214](https://togithub.com/qdm12/gluetun/issues/2214))
- Bump peter-evans/dockerhub-description from 3 to 4 ([#2075](https://togithub.com/qdm12/gluetun/issues/2075))
- Github
- remove empty label description fields
- add `/choose` suffix to issue and discussion links
- review all issue labels: add closed labels, add category labels, rename labels, add label category prefix, add emojis for each label
- Add issue labels: Popularity extreme and high, Closed cannot be done, Categories kernel and public IP service
### [`v3.38.1`](https://togithub.com/qdm12/gluetun/releases/tag/v3.38.1)
[Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.38.0...v3.38.1)
ℹ️ This is a bugfix release for v3.38.0. If you can, please instead use release v3.39.0
#### Fixes
- `VPN_PORT_FORWARDING_LISTENING_PORT` fixed
- IPv6 support detection ignores loopback route destinations
- Custom provider:
- handle `port` option line for OpenVPN
- ignore comments in an OpenVPN configuration file
- assume port forwarding is always supported by a custom server
- VPN Unlimited:
- change default UDP port from 1194 to 1197
- allow OpenVPN TCP on port 1197
- Private Internet Access Wireguard and port forwarding
- Set server name if names filter is set with the custom provider (see [#2147](https://togithub.com/qdm12/gluetun/issues/2147))
- PrivateVPN: updater now sets openvpn vpn type for the no-hostname server
- Torguard: update OpenVPN configuration
- add aes-128-gcm and aes-128-cbc ciphers
- remove mssfix, sndbuf, rcvbuf, ping and reneg options
- VPNSecure: associate `N / A` with no data for servers
- AirVPN: set default mssfix to 1320-28=1292
- Surfshark: remove outdated hardcoded retro servers
- Public IP echo:
- ip2location parsing for latitude and longitude fixed
- abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures)
- `internal/server`: `/openvpn` route status get and put
- get status return stopped if running Wireguard
- put status changes vpn type if running Wireguard
- Log out if `PORT_FORWARD_ONLY` is enabled in the server filtering tree of settings
- Log last Gluetun release by tag name alphabetically instead of by release date
- `format-servers` fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark
- `internal/tun`: only create tun device if it does not exist, do not create if it exists and does not work
Configuration
📅 Schedule: Branch creation - "after 3am on Sunday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v3.38->v3.39Release Notes
qdm12/gluetun (qdm12/gluetun)
### [`v3.39`](https://togithub.com/qdm12/gluetun/compare/v3.39.0...v3.39.0) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.39.0...v3.39.0) ### [`v3.39.0`](https://togithub.com/qdm12/gluetun/releases/tag/v3.39.0) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.38.1...v3.39.0) #### Features - OpenVPN: default version changed from 2.5 to 2.6 - Alpine upgraded from 3.18 to 3.20 (3.19 got skipped due to buggy `iptables`) - Healthcheck: change timeout mechanism - Healthcheck timeout is no longer fixed to 3 seconds - Healthcheck timeout increases from 2s to 4s, 6s, 8s, 10s - No 1 second wait time between check retries after failure - VPN internal restart may be delayed by a maximum of 10 seconds - Firewall: - Query iptables binary variants to find which one to use depending on the kernel - Prefer using `iptables-nft` over `iptables-legacy` (Alpine new default is nft backend iptables) - Wireguard: - `WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL` option - read configuration file **without** case sensitivity - VPN Port forwarding: only use port forwarding enabled servers if `VPN_PORT_FORWARDING=on` (applies only to PIA and ProtonVPN for now) - FastestVPN: - Wireguard support ([#2383](https://togithub.com/qdm12/gluetun/issues/2383) - Credits to [@Zerauskire](https://togithub.com/Zerauskire) for the initial investigation and [@jvanderzande](https://togithub.com/jvanderzande) for an initial implementation as well as reviewing the pull request) - use API instead of openvpn zip file to fetch servers data - add city filter `SERVER_CITY` - update built-in servers data - Perfect Privacy: port forwarding support with `VPN_PORT_FORWARDING=on` ([#2378](https://togithub.com/qdm12/gluetun/issues/2378)) - Private Internet Access: port forwarding options `VPN_PORT_FORWARDING_USERNAME` and `VPN_PORT_FORWARDING_PASSWORD` (retro-compatible with `OPENVPN_USER` and `OPENVPN_PASSWORD`) - ProtonVPN: - Wireguard support ([#2390](https://togithub.com/qdm12/gluetun/issues/2390)) - feature filters `SECURE_CORE_ONLY`, `TOR_ONLY` and `PORT_FORWARD_ONLY` ([#2182](https://togithub.com/qdm12/gluetun/issues/2182)) - determine "free" status using API tier value - update built-in servers data - Surfshark: servers data update - VPNSecure: servers data update - `VPN_ENDPOINT_IP` split into `OPENVPN_ENDPOINT_IP` and `WIREGUARD_ENDPOINT_IP` - `VPN_ENDPOINT_PORT` split into `OPENVPN_ENDPOINT_PORT` and `WIREGUARD_ENDPOINT_PORT` #### Fixes - `VPN_PORT_FORWARDING_LISTENING_PORT` fixed - IPv6 support detection ignores loopback route destinations - Custom provider: - handle `port` option line for OpenVPN - ignore comments in an OpenVPN configuration file - assume port forwarding is always supported by a custom server - VPN Unlimited: - change default UDP port from 1194 to 1197 - allow OpenVPN TCP on port 1197 - Private Internet Access Wireguard and port forwarding - Set server name if names filter is set with the custom provider (see [#2147](https://togithub.com/qdm12/gluetun/issues/2147)) - PrivateVPN: updater now sets openvpn vpn type for the no-hostname server - Torguard: update OpenVPN configuration - add aes-128-gcm and aes-128-cbc ciphers - remove mssfix, sndbuf, rcvbuf, ping and reneg options - VPNSecure: associate `N / A` with no data for servers - AirVPN: set default mssfix to 1320-28=1292 - Surfshark: remove outdated hardcoded retro servers - Public IP echo: - ip2location parsing for latitude and longitude fixed - abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures) - `internal/server`: `/openvpn` route status get and put - get status return stopped if running Wireguard - put status changes vpn type if running Wireguard - Log out if `PORT_FORWARD_ONLY` is enabled in the server filtering tree of settings - Log last Gluetun release by tag name alphabetically instead of by release date - `format-servers` fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark - `internal/tun`: only create tun device if it does not exist, do not create if it exists and does not work #### Documentation - readme: - clarify shadowsocks proxy is a server, not a client - update list of providers supporting Wireguard with the custom provider - add protonvpn as custom port forwarding implementation - disable Github blank issues - Bump github.com/qdm12/gosplash to v0.2.0 - Add `/choose` suffix to github links in logs - add Github labels: "Custom provider", "Category: logs" and "Before next release" - rename `FIREWALL_ENABLED` to `FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT` due to the sheer amount of users misusing it. `FIREWALL_ENABLED` won't do anything anymore. At least you've been warned not to use it... #### Maintenance - Code health - PIA port forwarding: - remove dependency on storage package - return an error to port forwarding loop if server cannot port forward - `internal/config`: - upgrade to `github.com/qdm12/gosettings` v0.4.2 - drop `github.com/qdm12/govalid` dependency - upgrade `github.com/qdm12/ss-server` to v0.6.0 - do not un-set sensitive config settings anymore - removed bad/invalid retro-compatible keys `CONTROL_SERVER_ADDRESS` and `CONTROL_SERVER_PORT` - OpenVPN protocol field is now a string instead of a TCP boolean - Split server filter validation for features and subscription-tier - provider name field as string instead of string pointer - `internal/portforward`: support multiple ports forwarded - Fix typos in code comments ([#2216](https://togithub.com/qdm12/gluetun/issues/2216)) - `internal/tun`: fix unit test for unprivileged user - Development environment - fix `source.organizeImports` vscode setting value - linter: remove now invalid skip-dirs configuration block - Dependencies - Bump Wireguard Go dependencies - Bump Go from 1.21 to 1.22 - Bump golang.org/x/net from 0.19.0 to 0.25.0 ([#2138](https://togithub.com/qdm12/gluetun/issues/2138), [#2208](https://togithub.com/qdm12/gluetun/issues/2208), [#2269](https://togithub.com/qdm12/gluetun/issues/2269)) - Bump golang.org/x/sys from 0.15.0 to 0.18.0 ([#2139](https://togithub.com/qdm12/gluetun/issues/2139)) - Bump github.com/klauspost/compress from 1.17.4 to 1.17.8 ([#2178](https://togithub.com/qdm12/gluetun/issues/2178), [#2218](https://togithub.com/qdm12/gluetun/issues/2218)) - Bump github.com/fatih/color from 1.16.0 to 1.17.0 ([#2279](https://togithub.com/qdm12/gluetun/issues/2279)) - Bump github.com/stretchr/testify to v1.9.0 - Do not upgrade busybox since vulnerabilities are fixed now with Alpine 3.19+ - CI - Bump DavidAnson/markdownlint-cli2-action from 14 to 16 ([#2214](https://togithub.com/qdm12/gluetun/issues/2214)) - Bump peter-evans/dockerhub-description from 3 to 4 ([#2075](https://togithub.com/qdm12/gluetun/issues/2075)) - Github - remove empty label description fields - add `/choose` suffix to issue and discussion links - review all issue labels: add closed labels, add category labels, rename labels, add label category prefix, add emojis for each label - Add issue labels: Popularity extreme and high, Closed cannot be done, Categories kernel and public IP service ### [`v3.38.1`](https://togithub.com/qdm12/gluetun/releases/tag/v3.38.1) [Compare Source](https://togithub.com/qdm12/gluetun/compare/v3.38.0...v3.38.1) ℹ️ This is a bugfix release for v3.38.0. If you can, please instead use release v3.39.0 #### Fixes - `VPN_PORT_FORWARDING_LISTENING_PORT` fixed - IPv6 support detection ignores loopback route destinations - Custom provider: - handle `port` option line for OpenVPN - ignore comments in an OpenVPN configuration file - assume port forwarding is always supported by a custom server - VPN Unlimited: - change default UDP port from 1194 to 1197 - allow OpenVPN TCP on port 1197 - Private Internet Access Wireguard and port forwarding - Set server name if names filter is set with the custom provider (see [#2147](https://togithub.com/qdm12/gluetun/issues/2147)) - PrivateVPN: updater now sets openvpn vpn type for the no-hostname server - Torguard: update OpenVPN configuration - add aes-128-gcm and aes-128-cbc ciphers - remove mssfix, sndbuf, rcvbuf, ping and reneg options - VPNSecure: associate `N / A` with no data for servers - AirVPN: set default mssfix to 1320-28=1292 - Surfshark: remove outdated hardcoded retro servers - Public IP echo: - ip2location parsing for latitude and longitude fixed - abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures) - `internal/server`: `/openvpn` route status get and put - get status return stopped if running Wireguard - put status changes vpn type if running Wireguard - Log out if `PORT_FORWARD_ONLY` is enabled in the server filtering tree of settings - Log last Gluetun release by tag name alphabetically instead of by release date - `format-servers` fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark - `internal/tun`: only create tun device if it does not exist, do not create if it exists and does not workConfiguration
📅 Schedule: Branch creation - "after 3am on Sunday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.