vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-07 04:20:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,229 Commits 27 Branches 78 Tags
b7cbea1ce61ebe312478e29f9f8218e9bd03fbb8
Commit Graph

2229 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dennis Nienhuis b7cbea1ce6 fix(expressvpn): fix missing characters in CA string (#3192) 2026-03-05 17:15:07 +01:00
Quentin McGaw d8a3cc3dfa hotfix(constants/providers): remove TestWorkflowHasAll to decouple CI files from tests 2026-03-04 22:54:28 +00:00
Quentin McGaw b1da4c4b86 hotfix(lint): fix lint errors introduced with expressvpn commit 2026-03-04 22:02:29 +00:00
github-actions[bot] 579bd8e416 feat(airvpn): update servers data (#3186) 2026-03-04 20:53:28 +01:00
Quentin McGaw 7bf59ebfb4 chore(ci): set PR title and description for updating servers workflow PR 2026-03-04 19:51:40 +00:00
Quentin McGaw 4ac25b9dd1 hotfix(ci): fix file changes detection in update servers workflow 2026-03-04 19:43:39 +00:00
Quentin McGaw 4bcbd29fb9 chore(ci): allow to specify provider to update servers data on dispatch 2026-03-04 19:24:53 +00:00
Dennis Nienhuis a8ee1d7a63 fix(expressvpn): add new CA3 certificate to fix TLS handshake failure (#3184) 2026-03-04 20:01:24 +01:00
Quentin McGaw c6c3a2bf1b fix(openvpn/extract): restrict custom openvpn config protocol to tcp or udp internally 
- Fix #3179
- I believe specifying tcp4, tcp6 or tcp-client does not change anything versus tcp + remote ip address
- I believe specifying udp4 or udp6 does not change anything versus tcp + remote ip address
- Simplify firewall code to not account for tcp-client etc.
 2026-03-04 18:58:33 +00:00
Quentin McGaw e7b25a0d5e chore(mod): simplify code and add more kernel config constants 2026-03-03 00:32:08 +00:00
shwoop 11cd62f6b1 feat(ci): periodic workflow to update the maintainers servers list with pull requests (#3010) 2026-03-03 01:32:05 +01:00
Quentin McGaw ed26957a1a fix(privado): allow additional OpenVPN ports 443, 8080 and 8443 for both tcp and udp 2026-03-01 11:59:03 +00:00
Quentin McGaw 54b55c594f fix(privado): allow OpenVPN TCP protocol 2026-03-01 11:58:16 +00:00
Quentin McGaw ec24ffdfd8 hotfix(firewall): save and restore behavior fixed 
- restore if IPv4 set all policies fails
- fix deadlock when using iptables custom rules
- fix setting ipv6 rules when running runMixedIptablesInstruction
 2026-02-28 14:37:58 +00:00
dependabot[bot] b9d49e0661 Chore(deps): Bump github.com/breml/rootcerts from 0.3.3 to 0.3.4 (#3128) 2026-02-27 02:16:31 +01:00
Quentin McGaw 2bb4deccd5 feat(firewall): atomic iptables operations 
- all operations rollback on failure
- disabling the firewall means rolling back to its state before enabling it
- aligns with nftables atomicity feature
 2026-02-26 22:58:52 +00:00
Quentin McGaw 0d0c0fb143 feat(dns): update block files after DNS server is up for a faster bootup 2026-02-26 18:45:52 +00:00
Quentin McGaw 885e491bb7 chore(dns): clarify "ready" dns message when DNS server is up and being used 2026-02-26 18:45:52 +00:00
Quentin McGaw e75ae21dcd fix(mod): probe searches for features built-in the kernel 2026-02-26 18:45:52 +00:00
Quentin McGaw 4b8dc8ded7 fix(privado): update servers data using JSON API 
- Fixes #3159
- Fixes #2118
- Fixes #2657
 2026-02-25 16:02:52 +00:00
Quentin McGaw 0eeee5c496 chore(pmtud): clarify debug logs and fix log error message 2026-02-25 04:23:56 +00:00
Quentin McGaw d21953f62e chore(firewall): split apart iptables specific code in internal/firewall/iptables 2026-02-25 04:23:53 +00:00
Quentin McGaw 034f8f6331 hotfix(netlink): specify IP family for conntrack calls and make conntrack failure a warning 2026-02-25 02:44:07 +00:00
Quentin McGaw 01487b5caf feat(protonvpn): add suggestions on some port forwarding errors 2026-02-23 21:19:08 +00:00
Quentin McGaw 625a63e7c2 fix(firewall): flush conntrack table after enabling firewall at container start 
- prevent leaks for connections made the first ~10 milliseconds when Gluetun starts
- seems critical,  but in practice this very rarely happen and it very hard to reproduce
 2026-02-22 13:31:38 +00:00
Quentin McGaw 0c3e5d94d8 change!(server): auth is now required for all routes (#2980) 2026-02-20 18:10:53 +01:00
Quentin McGaw d586793169 fix(all): increase global http client timeout to 35s and precise lower timeouts where needed 
- Fix DNS blocklists slow downloads, fix #3102
- Leave 35s timeout for updaters
- Set timeouts to 1s for local calls
- Set timeouts to 5s for LAN VPN calls and small external calls
- Set timeouts to 10s external VPN API calls
 2026-02-20 16:40:51 +00:00
Quentin McGaw c5eacac644 chore(pmtud/tcp): remove unused TCP flags 2026-02-20 16:25:14 +00:00
Quentin McGaw 7fbf2cbee3 hotfix(pmtud/tcp): return an error if no MSS destination server worked 2026-02-20 16:25:02 +00:00
Quentin McGaw 1dee183a70 chore(pmtud/tcp): silently discard IPv6 network unreachable errors 2026-02-20 16:24:25 +00:00
Quentin McGaw c66d8bed00 hotfix(pmtud/tcp): fix code for IPv6 destinations 2026-02-20 16:23:40 +00:00
Quentin McGaw 73b3e2c88a chore(pmtud/tcp): remove unused test code 2026-02-20 15:37:56 +00:00
Quentin McGaw ea87c0a2aa hotfix(pmtud): lower min MTU to MSS-matching-MTU minus 100 in case MSS is very small 2026-02-19 22:39:24 +00:00
Quentin McGaw 2192874de8 hotfix(pmtud/icmp): ignore non echo messages instead of returning an error 2026-02-19 18:05:48 +00:00
Quentin McGaw 007c5159f4 hotfix(pmtud): increase TCP margin from 150 to 300 compared to ICMP found MTU 2026-02-19 17:24:06 +00:00
Quentin McGaw c6b211ef9b feat(pmtud/tcp): support mixed IPv4 and IPv6 TCP servers 
- Add default cloudflare and google tls ipv6 servers to default tcp servers
- update integration test to try against both ipv4 and ipv6 servers
 2026-02-19 17:11:16 +00:00
Quentin McGaw 1c43a045d1 hotfix(pmtud/tcp): fix timeout apply per network call, not globally 2026-02-19 17:10:30 +00:00
Quentin McGaw 56b9e108be chore(pmtud/tcp): add :53 TCP servers to the default list 2026-02-19 17:10:30 +00:00
Quentin McGaw 67b66bba9e hotfix(pmtud/icmp): set IPv6 dont fragment options just in case 2026-02-19 17:10:30 +00:00
Quentin McGaw 8d86470905 feat(pmtud/tcp): use the TCP server with highest MSS to run MTU tests 2026-02-19 14:03:46 +00:00
Quentin McGaw fb85ae79d1 chore(pmtud/tcp): move test helpers in helpers_test.go 2026-02-19 13:20:59 +00:00
Quentin McGaw 783616f61d chore(pmtud/tcp): close connections with an RST packet on context cancelation 2026-02-19 13:20:59 +00:00
Quentin McGaw bc79901f1e chore(pmtud/tcp): restrict temp firewall rules to source ip and source port 2026-02-19 13:20:58 +00:00
Quentin McGaw 1c56189abc hotfix(pmtud/tcp): fix rare race condition 2026-02-18 19:07:31 +00:00
Quentin McGaw 224618337c hotfix(pmtud/tcp): respect MSS from server into account 2026-02-18 18:32:31 +00:00
Quentin McGaw 183d351b58 chore(pmtud/icmp): do not use net.ErrClosed when inappropriate 2026-02-17 21:46:24 +00:00
Quentin McGaw 04d7cef294 hotfix(pmtud/tcp): block kernel from racing to send RST packets 
- this makes PMTUD TCP reliable
- this only works on kernels with the mark module
- on kernels without the mark module, the icmp pmtud mtu found is used
 2026-02-17 21:46:24 +00:00
Quentin McGaw 5f903d1fbf chore(pmtud): remove calls to syscall in favor of unix and windows 
- syscall is deprecated and is not kept up-to-date
- each OS is inherently different hence the syscall being deprecated
 2026-02-17 21:46:04 +00:00
Quentin McGaw d43eb1658f chore(firewall): support TCP flags for future changes 2026-02-17 19:38:20 +00:00
Quentin McGaw 36dfd5b631 hotfix(pmtud): do not try every address for ICMP PMTUD 2026-02-16 23:54:38 +00:00