- new directory structure containing manifest.json and one json file per provider, by default.
- the manifest.json file can specify a filepath for each vpn provider
- each vpn provider json data file can contain the `"preferred": true` field to enforce it is used even if outdated, unless there is a version mismatch
- `STORAGE_SERVERS_DIRECTORY_PATH` replaces `STORAGE_FILEPATH` (which is now a migration source only). It sets the directory where server manifest and per-provider JSON files are stored (default: `/gluetun/servers/`).
- First-run migration: On startup, gluetun checks for the old /gluetun/servers.json file; if found and no new manifest exists, it automatically migrates all data to /gluetun/servers/ directory structure
- Silent fallback: If legacy file isn't found, uses the new directory path normally
- Legacy cleanup: After successful migration, attempts to remove the old fat JSON file (logs warning only if removal fails, e.g., read-only bind mounts)
Co-authored-by: Copilot <copilot@github.com>
- handle timed out connections the same as closed connections
- close connection on TLS handshake failure
- improve mutex handling during connection renewal and retrieval
- add option `IPV6_CHECK_ADDRESSESES=[2001:4860:4860::8888]:53,[2606:4700:4700::1111]:53`
- gluetun needs access to the addresses above through the host firewall, to test ipv6 support before setting up the vpn
- start DNS server before healthcheck
- do not fallback to plaintext anymore
- allow to use plain addresses with a port different than 53, system-wide
- do not wait for the DNS server and rely on healtcheck only
- firewall log level is still fully controlled by `LOG_LEVEL`
- iptables log level defaults to `info` even if global log level is `debug` to minimize the amount of debug logs
- iptables log level is only set to debug if retro-compatible `FIREWALL_DEBUG=on` or if `FIREWALL_IPTABLES_LOG_LEVEL=debug`
- amneziawg is now a VPN protocol and no longer a Wireguard implementation
- Use it with VPN_TYPE=amneziawg
- document AMNEZIAWG_* options in Dockerfile
- document amneziawg support in readme
- separate amneziawg settings and code from wireguard
- re-use code from wireguard whenever possible
Quentin McGaw