0394e31fe2
Chore(deps): Bump docker/setup-buildx-action from 3 to 4 ( #3214 )
2026-03-11 14:40:19 +01:00
e557971ae8
hotfix(dns): allow to use plain upstream type with selected builtin providers
2026-03-11 13:20:32 +00:00
a98b39a03f
Chore(deps): Bump golang.org/x/sys from 0.41.0 to 0.42.0 ( #3212 )
2026-03-10 13:50:57 +01:00
760fefd890
Chore(deps): Bump docker/setup-qemu-action from 3 to 4 ( #3211 )
2026-03-10 13:50:36 +01:00
543d3fa95e
fix(dns): correct error wrapping for DNS listening address validation
...
- Fix #3216
2026-03-10 12:38:56 +00:00
93999062e4
hotfix(publicip): increase client timeouts from 5s to 15s
2026-03-10 12:26:40 +00:00
853f4601a5
chore(ci): fix golangci-lint config exclusion
2026-03-10 11:58:49 +00:00
1d29f1f517
hotfix(pmtud): only set MSS on non-local VPN routes
2026-03-10 11:51:59 +00:00
d790e3385c
Revert "chore(expressvpn): remove old invalid certificate to prevent confusion"
...
This reverts commit f7a9ddc48b
2026-03-09 14:26:59 +00:00
069cde8a85
hotfix(pmtud): set mss on all VPN routes
...
- fix behavior for OpenVPN splitting default route in multiple routes
- fix behavior for Wireguard if user specifies AllowedIPs
2026-03-08 23:27:04 +00:00
d98afce793
hotfix(vpn): inject cmder object for up/down commands and fix cleanup panic
2026-03-08 23:06:32 +00:00
57c53bc19e
feat(vpn): VPN_UP_COMMAND and VPN_DOWN_COMMAND options
2026-03-08 16:06:16 +00:00
c0af198155
chore(dockerfile); re-arrange port forwarding env location in Dockerfile
2026-03-08 15:34:25 +00:00
3d53cea0f6
chore(expressvpn): bump max fails for updater resolver
2026-03-08 13:33:45 +00:00
f7a9ddc48b
chore(expressvpn): remove old invalid certificate to prevent confusion
2026-03-08 13:29:19 +00:00
02a186c145
hotfix(boringpoll): fix debug log to log out last error
2026-03-07 17:10:45 +00:00
724cd3a15e
feat(server): PUT /v1/portforward route to set ports forwarded ( #2392 )
2026-03-07 17:10:38 +00:00
199ad77ec9
chore(dns): remove DNS_SERVER, DNS_KEEP_NAMESERVER and replace DNS_ADDRESS with DNS_UPSTREAM_PLAIN_ADDRESSES ( #2988 )
...
- Remove `DNS_SERVER` (aka DOT) option: the DNS server forwarder part is now always enabled (see below why)
- Remove `DNS_KEEP_NAMESERVER`: the container will always use the built-in DNS server forwarder, because it can handle now local names with local resolvers (see #2970 ), it can use the `plain` upstream type (see https://github.com/qdm12/gluetun/commit/5ed6e8292278b54bb5081de0e8ccd0d63a275b3c ) AND you can use `DNS_UPSTREAM_PLAIN_ADDRESSES` (see below)
- Replace `DNS_ADDRESS` with `DNS_UPSTREAM_PLAIN_ADDRESSES`:
- New CSV format with port, for example `ip1:port1,ip2:port2`
- requires `DNS_UPSTREAM_TYPE=plain` to be set to use `DNS_UPSTREAM_PLAIN_ADDRESSES` (unless using retro `DNS_ADDRESS`)
- retrocompatibility with `DNS_ADDRESS`. If set, force upstream type to plain and empty user-picked providers. 127.0.0.1 is now ignored since it's always set to this value internally.
- Warning log on using private upstream resolvers updated
- Warning log if using a private IP address for the plain DNS server which is not in your local subnets
All in all, this greatly simplifies code and available options (less options for the same features is a win). It also allows you to specify multiple plain DNS resolvers on ports other than 53 if needed.
2026-03-07 14:07:57 +01:00
dd0edafbb1
Chore(ci): Bump peter-evans/dockerhub-description from 4 to 5 ( #2928 )
2026-03-07 00:48:28 -05:00
9be2fc827b
Chore(ci): Bump docker/build-push-action from 6 to 7 ( #3197 )
2026-03-07 00:20:51 -05:00
b63702cf63
Chore(ci): Bump peter-evans/create-pull-request from 7 to 8 ( #3175 )
2026-03-07 00:19:12 -05:00
ede2509132
Chore(deps): Bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1 ( #3090 )
2026-03-07 00:16:20 -05:00
100124e8b8
Chore(github): Bump crazy-max/ghaction-github-labeler from 5 to 6 ( #3174 )
2026-03-07 00:15:46 -05:00
850a91b35f
Chore(deps): Bump github.com/klauspost/compress from 1.18.1 to 1.18.4 ( #3198 )
2026-03-07 00:14:23 -05:00
4a40f0fdee
chore(deps): Bump DavidAnson/markdownlint-cli2-action from 21 to 22 ( #3041 )
2026-03-07 00:13:52 -05:00
b7735ecc00
fix(updater): only uses DoH to cloudflare+google
...
- prevent dns plaintext manipulation both the periodic update and when running in cli mode
- possibly higher reliability on poor connections versus UDP
- drop `-dns` flag in update command
- for now no configuration allowed since it makes everything rather complex
2026-03-06 21:01:52 +00:00
457e5597bb
feat(others): optional BORINGPOLL_GLUETUNCOM to fight AI slop scammy gluetun[dot]com
2026-03-06 16:27:16 +00:00
2460b56c2b
chore(github): make closed issue message cleaner
2026-03-06 16:05:17 +00:00
5b2f86f4e7
fix(expressvpn): remove pakistan server
2026-03-06 14:03:15 +00:00
49317ecb8a
Chore(deps): Bump golang.org/x/net from 0.49.0 to 0.51.0 ( #3200 )
2026-03-06 14:56:57 +01:00
bd275aaea8
chore(github): add MTU discovery category label
2026-03-05 17:03:17 +00:00
39bd9854f7
chore(vpn): find VPN route earlier in MTU update function
2026-03-05 16:56:42 +00:00
c2c9504e94
hotfix(pmtud): set TCP MSS before changing MTU, and revert to original MTU if TCP MSS route set fails
2026-03-05 16:53:26 +00:00
48317a0d55
feat(main): log out OS, kernel version and architecture on start
2026-03-05 16:50:26 +00:00
6c3f519c62
Chore(deps): Bump docker/login-action from 3 to 4 ( #3189 )
2026-03-05 17:15:36 +01:00
b7cbea1ce6
fix(expressvpn): fix missing characters in CA string ( #3192 )
2026-03-05 17:15:07 +01:00
d8a3cc3dfa
hotfix(constants/providers): remove TestWorkflowHasAll to decouple CI files from tests
2026-03-04 22:54:28 +00:00
b1da4c4b86
hotfix(lint): fix lint errors introduced with expressvpn commit
2026-03-04 22:02:29 +00:00
579bd8e416
feat(airvpn): update servers data ( #3186 )
2026-03-04 20:53:28 +01:00
7bf59ebfb4
chore(ci): set PR title and description for updating servers workflow PR
2026-03-04 19:51:40 +00:00
4ac25b9dd1
hotfix(ci): fix file changes detection in update servers workflow
2026-03-04 19:43:39 +00:00
4bcbd29fb9
chore(ci): allow to specify provider to update servers data on dispatch
2026-03-04 19:24:53 +00:00
a8ee1d7a63
fix(expressvpn): add new CA3 certificate to fix TLS handshake failure ( #3184 )
2026-03-04 20:01:24 +01:00
c6c3a2bf1b
fix(openvpn/extract): restrict custom openvpn config protocol to tcp or udp internally
...
- Fix #3179
- I believe specifying tcp4, tcp6 or tcp-client does not change anything versus tcp + remote ip address
- I believe specifying udp4 or udp6 does not change anything versus tcp + remote ip address
- Simplify firewall code to not account for tcp-client etc.
2026-03-04 18:58:33 +00:00
e7b25a0d5e
chore(mod): simplify code and add more kernel config constants
2026-03-03 00:32:08 +00:00
11cd62f6b1
feat(ci): periodic workflow to update the maintainers servers list with pull requests ( #3010 )
2026-03-03 01:32:05 +01:00
ed26957a1a
fix(privado): allow additional OpenVPN ports 443, 8080 and 8443 for both tcp and udp
2026-03-01 11:59:03 +00:00
54b55c594f
fix(privado): allow OpenVPN TCP protocol
2026-03-01 11:58:16 +00:00
ec24ffdfd8
hotfix(firewall): save and restore behavior fixed
...
- restore if IPv4 set all policies fails
- fix deadlock when using iptables custom rules
- fix setting ipv6 rules when running runMixedIptablesInstruction
2026-02-28 14:37:58 +00:00
b9d49e0661
Chore(deps): Bump github.com/breml/rootcerts from 0.3.3 to 0.3.4 ( #3128 )
2026-02-27 02:16:31 +01:00
dependabot[bot]