21e868c89c
hotfix(protonvpn): small port forwarding fixes for edge cases
2026-05-24 21:08:56 +00:00
2e20e2df66
feat(protonvpn): use symmetric port forwarding for first port then asymmetric for next ports ( #3345 )
2026-05-24 22:47:58 +02:00
1998e0d04f
chore(deps): remove direct dependency on golang.org/x/exp
2026-05-24 20:28:54 +00:00
d3e089ccd7
hotfix(firewall/iptables): filter out DOCKER* chains from nat table when saving/restoring
2026-05-23 21:44:22 +00:00
3eebbf65a8
hotfix(firewall/iptables): only restore firewall if IPv6 port redirection failed but NAT is supported
2026-05-23 21:26:08 +00:00
a1ef736b0f
hotfix(portforwarding): disallow setting ports when running port forwarding code
2026-05-23 13:20:20 +00:00
46edfe49e3
fix(portforwarding): handle empty ports without panicing
2026-05-23 13:19:37 +00:00
691dc3b0bf
docs: update url from qdm12/gluetun to passteque/gluetun
2026-05-21 17:54:07 +00:00
eb9916f0ac
feat: socks5 proxy server ( #3336 )
...
- `SOCKS5_ENABLED=off`
- `SOCKS5_LISTENING_ADDRESS=":1080"`
- `SOCKS5_USER=`
- `SOCKS5_PASSWORD=`
2026-05-21 19:18:55 +02:00
2210a0e9ad
fix(command): fix rare race condition on log line stream at command completion
2026-05-21 15:44:21 +00:00
f8a677a424
hotfix(portforward): log both external and internal ports when they diverge
...
- useful for ProtonVPN only
- clarify things up for the user
2026-05-21 14:45:40 +00:00
8f012014d6
hotfix(firewall/iptables): only save stdout from iptables-save, not stderr
2026-05-21 03:50:44 +00:00
b119325241
hotfix(storage): do not write filepath field for non-manifest files
2026-05-19 03:03:30 +00:00
7720b1fad4
fix(storage): ignore empty manifest servers file
...
- Fix #3318
2026-05-19 02:53:45 +00:00
854bf5811d
fix(wireguard): skip tun device checks when using kernelspace
2026-05-19 02:46:40 +00:00
8f82376996
feat(storage): storage file structure changes ( #3301 )
...
- migrate persisted server data storage from `/gluetun/servers.json` to `/gluetun/servers/`
- add `STORAGE_SERVERS_ENABLED=on` to enable or disable on-disk server data storage
- add `STORAGE_SERVERS_DIRECTORY_PATH=/gluetun/servers` to configure where per-provider server files are stored
- keep backward compatibility with legacy `STORAGE_FILEPATH=/gluetun/servers.json`
- automatically read and migrate legacy `/gluetun/servers.json` into the new `/gluetun/servers/` layout when needed
- try to remove the legacy servers file after a successful migration to the new storage directory
- switch persisted server data from one large JSON file to a manifest plus per-provider JSON files
- add `UPDATER_PREFER_DIRECT_DOWNLOAD` to allow preferring direct download of provider server data
- keep deprecated updater flags `-enduser` and `-maintainer` as no-op warnings for backward compatibility
- preserve compatibility checks so persisted server data is discarded when its schema version no longer matches the built-in data
- allow preferred persisted provider data to override built-in data when versions match
- servers data now lives at https://github.com/qdm12/gluetun-servers/tree/main/pkg/servers
2026-05-19 04:28:25 +02:00
cd19093d1d
fix(openvpn/extract): trim spaces in config lines before parsing ( #3327 )
2026-05-12 03:44:29 +02:00
fd12e5f9e7
chore(provider/utils): fix flaky test caused by new random shuffle
2026-05-12 01:28:11 +00:00
3ca4b48887
hotfix(provider/utils): randomize pool of filterd servers to pick connections from
2026-05-12 01:08:19 +00:00
38cf094573
chore(boringpoll): remove gluetun.com which is now DOWN 🎉
2026-05-12 00:58:23 +00:00
5b01324d5f
hotfix(pmtud): detect IPv6 usage in VPN connection
2026-05-09 14:40:04 +00:00
445f99d9dc
hotfix(openvpn): bump hand-window from 10s to 20s
2026-05-08 16:12:13 +00:00
891249849a
fix(provider/pia): handle "port is busy" messages and retry port forwarding logic
2026-05-08 04:16:15 +00:00
5cae870745
feat(provider/pia): try parsing JSON on bad port forwarding API status codes
2026-05-08 04:15:30 +00:00
3c84a94f11
hotfix(pmtud/ip): handle network is unreachable silently
2026-05-07 19:20:50 +00:00
e1d31f53f1
fix(configuration/settings/wireguard): ignore empty address strings
2026-05-07 04:53:50 +00:00
548e4342c9
fix(provider/pia): update default OpenVPN ports
...
- 8080 for UDP
- 8443 for TCP
- According to https://github.com/pia-foss/manual-connections/commit/8a75e46be81583d17f9ab3570881419b35000969
- Credits to @darthShadow
2026-05-06 05:00:39 +00:00
12f08bf5ad
fix(configuration/sources/files/wireguard): fix parsing ipv6 endpoint port
2026-05-05 21:28:08 +00:00
4ea2337668
feat(dns): re-introduce DNS_SERVER option
...
- force to set `DNS_UPSTREAM_RESOLVER_TYPE=plain` to avoid any confusion/security hole
- force to set `DNS_UPSTREAM_PLAIN_ADDRESSES` to addresses only with port 53
2026-05-05 21:15:28 +00:00
aab10f9d3f
feat(ipv6): prefer IPv6 endpoints when IPv6 is supported
2026-05-04 13:21:52 +00:00
fed09562e5
feat(vpn): rotate filtered servers on internal vpn restarts
...
- Fix #290
2026-05-04 03:29:35 +00:00
4b819b4dbb
fix(pia): allow ports 501 and 502 as custom ports given they are the defaults
2026-05-04 03:10:23 +00:00
a0f6b208f7
feat(openvpn): reduce handshake window to 10 seconds for faster failure detection (again)
2026-05-03 04:29:29 +00:00
4a78989d9d
chore: do not use sentinel errors when unneeded
...
- main reason being it's a burden to always define sentinel errors at global scope, wrap them with `%w` instead of using a string directly
- only use sentinel errors when it has to be checked using `errors.Is`
- replace all usage of these sentinel errors in `fmt.Errorf` with direct strings that were in the sentinel error
- exclude the sentinel error definition requirement from .golangci.yml
- update unit tests to use ContainersError instead of ErrorIs so it stays as a "not a change detector test" without requiring a sentinel error
2026-05-02 03:29:46 +00:00
9b6f048fe8
chore(pmtud): fix integration tests not compiling
2026-05-02 03:29:01 +00:00
7a74d4f462
hotfix(openvpn): revert "feat(openvpn): reduce handshake window to 10 seconds for faster failure detection"
...
This reverts commit f615e3c780
2026-05-01 17:05:09 +00:00
66b9f71ecf
hotfix(openvpn): fix support for tcp-client
...
- always use `proto tcp-client` when using TCP
- parses `tcp-client` (on top of `tcp`, `tcp4`, `tcp6`) as meaning TCP
- Fix #3302
2026-05-01 00:39:58 +00:00
f615e3c780
feat(openvpn): reduce handshake window to 10 seconds for faster failure detection
2026-04-30 23:55:59 +00:00
628b0a22e2
hotfix(pia): fix servers data updater and update servers data
...
- use v7 API endpoint to get correct list of servers
- skip offline regions
- do not skip *.pvt.site
2026-04-22 12:34:56 +00:00
ea3d138bd6
fix(pia): ignore *.pvt.site regions
2026-04-22 00:49:47 +00:00
c3a6809447
fix(pia): try x.y.128.1 and x.y.0.1 from the gateway IP to find the API IP address
2026-04-22 00:42:23 +00:00
7eef1c89a7
fix(portforward): no longer stuck after failed port forwarding
2026-04-20 15:27:47 +00:00
a4eb625fbe
chore(settings/dns): remove unused code
2026-04-19 18:05:19 +00:00
17a7bf6d54
fix(privateinternetaccess): use AES-GCM for all presets
2026-04-19 18:00:56 +00:00
b11de4f0c3
fix(privateinternetaccess): remove none encryption preset
2026-04-19 17:51:20 +00:00
e87a92efa0
hotfix(boringpoll): fix race condition on stop
2026-04-19 17:48:38 +00:00
c473579261
chore(provider/utils): remove unused code
2026-04-19 01:31:09 +00:00
d5eeec6fb3
feat(protonvpn): support up to 5 forwarded ports ( #3208 )
2026-04-18 02:36:06 +02:00
7e7e8182ef
fix(proton): fix updater code
...
- simplest fix ever
- proton: how can you return such obscure error messages
- ai: you suck hard at fixing anything still it's embarassing
2026-04-10 14:48:54 +00:00
2006fae0e3
fix(wireguard): support IPv6 address formatting from config files ( #3273 )
2026-04-08 17:04:35 +02:00
Quentin McGaw