548e4342c9
fix(provider/pia): update default OpenVPN ports
...
- 8080 for UDP
- 8443 for TCP
- According to https://github.com/pia-foss/manual-connections/commit/8a75e46be81583d17f9ab3570881419b35000969
- Credits to @darthShadow
2026-05-06 05:00:39 +00:00
12f08bf5ad
fix(configuration/sources/files/wireguard): fix parsing ipv6 endpoint port
2026-05-05 21:28:08 +00:00
4ea2337668
feat(dns): re-introduce DNS_SERVER option
...
- force to set `DNS_UPSTREAM_RESOLVER_TYPE=plain` to avoid any confusion/security hole
- force to set `DNS_UPSTREAM_PLAIN_ADDRESSES` to addresses only with port 53
2026-05-05 21:15:28 +00:00
aab10f9d3f
feat(ipv6): prefer IPv6 endpoints when IPv6 is supported
2026-05-04 13:21:52 +00:00
fed09562e5
feat(vpn): rotate filtered servers on internal vpn restarts
...
- Fix #290
2026-05-04 03:29:35 +00:00
4b819b4dbb
fix(pia): allow ports 501 and 502 as custom ports given they are the defaults
2026-05-04 03:10:23 +00:00
a0f6b208f7
feat(openvpn): reduce handshake window to 10 seconds for faster failure detection (again)
2026-05-03 04:29:29 +00:00
4a78989d9d
chore: do not use sentinel errors when unneeded
...
- main reason being it's a burden to always define sentinel errors at global scope, wrap them with `%w` instead of using a string directly
- only use sentinel errors when it has to be checked using `errors.Is`
- replace all usage of these sentinel errors in `fmt.Errorf` with direct strings that were in the sentinel error
- exclude the sentinel error definition requirement from .golangci.yml
- update unit tests to use ContainersError instead of ErrorIs so it stays as a "not a change detector test" without requiring a sentinel error
2026-05-02 03:29:46 +00:00
9b6f048fe8
chore(pmtud): fix integration tests not compiling
2026-05-02 03:29:01 +00:00
7a74d4f462
hotfix(openvpn): revert "feat(openvpn): reduce handshake window to 10 seconds for faster failure detection"
...
This reverts commit f615e3c780
2026-05-01 17:05:09 +00:00
66b9f71ecf
hotfix(openvpn): fix support for tcp-client
...
- always use `proto tcp-client` when using TCP
- parses `tcp-client` (on top of `tcp`, `tcp4`, `tcp6`) as meaning TCP
- Fix #3302
2026-05-01 00:39:58 +00:00
f615e3c780
feat(openvpn): reduce handshake window to 10 seconds for faster failure detection
2026-04-30 23:55:59 +00:00
628b0a22e2
hotfix(pia): fix servers data updater and update servers data
...
- use v7 API endpoint to get correct list of servers
- skip offline regions
- do not skip *.pvt.site
2026-04-22 12:34:56 +00:00
ea3d138bd6
fix(pia): ignore *.pvt.site regions
2026-04-22 00:49:47 +00:00
c3a6809447
fix(pia): try x.y.128.1 and x.y.0.1 from the gateway IP to find the API IP address
2026-04-22 00:42:23 +00:00
7eef1c89a7
fix(portforward): no longer stuck after failed port forwarding
2026-04-20 15:27:47 +00:00
a4eb625fbe
chore(settings/dns): remove unused code
2026-04-19 18:05:19 +00:00
17a7bf6d54
fix(privateinternetaccess): use AES-GCM for all presets
2026-04-19 18:00:56 +00:00
b11de4f0c3
fix(privateinternetaccess): remove none encryption preset
2026-04-19 17:51:20 +00:00
e87a92efa0
hotfix(boringpoll): fix race condition on stop
2026-04-19 17:48:38 +00:00
c473579261
chore(provider/utils): remove unused code
2026-04-19 01:31:09 +00:00
d5eeec6fb3
feat(protonvpn): support up to 5 forwarded ports ( #3208 )
2026-04-18 02:36:06 +02:00
7e7e8182ef
fix(proton): fix updater code
...
- simplest fix ever
- proton: how can you return such obscure error messages
- ai: you suck hard at fixing anything still it's embarassing
2026-04-10 14:48:54 +00:00
2006fae0e3
fix(wireguard): support IPv6 address formatting from config files ( #3273 )
2026-04-08 17:04:35 +02:00
3b9c9b24bd
fix(server/auth): return 404 or 405 depending on route
...
- Fix #3275
2026-04-07 19:44:07 +00:00
11883aa830
feat(netlink): detect ipv6 support level ( #2523 )
...
- add option `IPV6_CHECK_ADDRESSESES=[2001:4860:4860::8888]:53,[2606:4700:4700::1111]:53`
- gluetun needs access to the addresses above through the host firewall, to test ipv6 support before setting up the vpn
2026-04-07 07:48:15 -04:00
1ae85aa5d0
fix(vyprvpn/updater): update OpenVPN configs zip URL ( #3264 )
2026-04-03 14:34:10 +02:00
763c5be119
fix(server/portforward): use port and ports for both single port and multiple ports forwarded
2026-03-29 01:22:04 +00:00
5b88c76a14
fix(openvpn): bundle provider CA certificates in one block ( #3258 )
2026-03-26 22:32:43 +01:00
086e3740f3
fix(firewall/iptables): shared mutex for both iptables and ip6tables
2026-03-23 14:35:33 +00:00
57cf276d31
chore(firewall/iptables): log restore data on failure to restore
2026-03-23 14:35:33 +00:00
405a6f699d
hotfix(dns): always run and use built-in DNS server
...
- start DNS server before healthcheck
- do not fallback to plaintext anymore
- allow to use plain addresses with a port different than 53, system-wide
- do not wait for the DNS server and rely on healtcheck only
2026-03-23 14:35:12 +00:00
72af17cc91
hotfix(dns): fix behavior for DNS_UPSTREAM_PLAIN_ADDRESSES
2026-03-21 23:37:36 +00:00
8a2e8bda0f
hotfix(amneziawg): fix errors ( #3240 )
2026-03-21 23:24:03 +01:00
5e6c11b045
feat(dns): add leak check report log
2026-03-16 13:57:14 +00:00
85d2917e8e
chore(dns): refactor loop code Run to have less indentation
2026-03-16 13:53:14 +00:00
9a5995fa72
hotfix(dns): DNS_UPSTREAM_RESOLVERS defaults to empty if DNS_UPSTREAM_PLAIN_ADDRESSES is not empty
2026-03-16 13:48:35 +00:00
2438fc2c3a
chore!(firewall): iptables logger level is set at FIREWALL_IPTABLES_LOG_LEVEL
...
- firewall log level is still fully controlled by `LOG_LEVEL`
- iptables log level defaults to `info` even if global log level is `debug` to minimize the amount of debug logs
- iptables log level is only set to debug if retro-compatible `FIREWALL_DEBUG=on` or if `FIREWALL_IPTABLES_LOG_LEVEL=debug`
2026-03-16 12:46:53 +00:00
00d1592899
hotfix(sources/secrets): fix wireguard/amnezia mixup
...
- Fix #3228
2026-03-13 14:48:11 +00:00
b04529c380
chore!(amneziawg): refactor to be separate from wireguard
...
- amneziawg is now a VPN protocol and no longer a Wireguard implementation
- Use it with VPN_TYPE=amneziawg
- document AMNEZIAWG_* options in Dockerfile
- document amneziawg support in readme
- separate amneziawg settings and code from wireguard
- re-use code from wireguard whenever possible
2026-03-11 17:16:18 +00:00
efea169495
hotfix(vpn): fix vpn stop when down command is empty
2026-03-11 16:26:13 +00:00
ba9fcb5b89
hotfix(amnezia): fix settings reading (nil pointer panic)
2026-03-11 16:23:50 +00:00
97ccadfd33
chore(vpn): moved wireguard settings helpers from provider/utils to vpn as unexported functions
2026-03-11 14:05:55 +00:00
e6fc792f4f
feat(wireguard): amneziawg implementation ( #3150 )
2026-03-11 14:55:28 +01:00
e557971ae8
hotfix(dns): allow to use plain upstream type with selected builtin providers
2026-03-11 13:20:32 +00:00
93999062e4
hotfix(publicip): increase client timeouts from 5s to 15s
2026-03-10 12:26:40 +00:00
1d29f1f517
hotfix(pmtud): only set MSS on non-local VPN routes
2026-03-10 11:51:59 +00:00
d790e3385c
Revert "chore(expressvpn): remove old invalid certificate to prevent confusion"
...
This reverts commit f7a9ddc48b
2026-03-09 14:26:59 +00:00
069cde8a85
hotfix(pmtud): set mss on all VPN routes
...
- fix behavior for OpenVPN splitting default route in multiple routes
- fix behavior for Wireguard if user specifies AllowedIPs
2026-03-08 23:27:04 +00:00
d98afce793
hotfix(vpn): inject cmder object for up/down commands and fix cleanup panic
2026-03-08 23:06:32 +00:00
Quentin McGaw