[create-pull-request] automated change

- Fix #3179
- I believe specifying tcp4, tcp6 or tcp-client does not change anything versus tcp + remote ip address
- I believe specifying udp4 or udp6 does not change anything versus tcp + remote ip address
- Simplify firewall code to not account for tcp-client etc.

.github/workflows/update-servers-list.yml

@@ -0,0 +1,95 @@
+name: Update servers list
+on:
+  workflow_dispatch:
+    inputs:
+      provider:
+        description: "VPN Provider to update"
+        required: true
+        default: "all"
+        type: choice
+        options:
+          - all
+          - airvpn
+          - cyberghost
+          - expressvpn
+          - fastestvpn
+          - giganews
+          - hidemyass
+          - ipvanish
+          - ivpn
+          - mullvad
+          - nordvpn
+          - perfect privacy
+          - privado
+          - private internet access
+          - privatevpn
+          - protonvpn
+          - purevpn
+          - slickvpn
+          - surfshark
+          - torguard
+          - vpnsecure
+          - vpn unlimited
+          - vyprvpn
+          - windscribe
+  schedule:
+    - cron: "11 3 1 */2 *" # Run at 03:11 on the 1st of every 2nd month
+jobs:
+  update-servers-list:
+    if: github.repository == 'qdm12/gluetun'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+
+      - name: Update servers list
+        run: |
+          SELECTED_PROVIDER="${{ github.event.inputs.provider || 'all' }}"
+
+          if [ "$SELECTED_PROVIDER" = "all" ]; then
+            FLAGS="-all"
+          else
+            FLAGS="-providers $SELECTED_PROVIDER"
+          fi
+
+          go run ./cmd/gluetun/main.go update $FLAGS \
+            -maintainer \
+            -proton-email "${{ secrets.PROTON_EMAIL }}" \
+            -proton-password "${{ secrets.PROTON_PASSWORD }}"
+
+      - name: Check for changes
+        run: |
+          if git diff --exit-code internal/storage/servers.json >/dev/null; then
+            echo "Error: internal/storage/servers.json was not modified."
+            exit 1
+          fi
+
+      - name: Check no other file changes
+        run: |
+          if ! git diff --exit-code --quiet ':!internal/storage/servers.json'; then
+            echo "Error: Unexpected changes detected in files other than servers.json"
+            git status --short
+            exit 1
+          fi
+
+      - name: Create Pull Request
+        id: createpr
+        uses: peter-evans/create-pull-request@v7
+        with:
+          branch-suffix: timestamp
+          branch: bot/update-servers-list
+          base: master
+          delete-branch: true
+
+      # - name: Merge Pull Request
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   run: |
+      #     gh pr merge ${{ steps.createpr.outputs.pull-request-number }} --auto -m -d

internal/configuration/settings/openvpnselection.go

@@ -60,7 +60,6 @@ func (o OpenVPNSelection) validate(vpnProvider string) (err error) {
 		providers.Giganews,
 		providers.Ipvanish,
 		providers.Perfectprivacy,
-		providers.Privado,
 		providers.Vyprvpn,
 	) {
 		return fmt.Errorf("%w: for VPN service provider %s",
@@ -75,8 +74,8 @@ func (o OpenVPNSelection) validate(vpnProvider string) (err error) {
 			providers.Privatevpn, providers.Torguard:
 		// no custom port allowed
 		case providers.Expressvpn, providers.Fastestvpn,
-			providers.Giganews, providers.Ipvanish, providers.Nordvpn,
-			providers.Privado, providers.Purevpn,
+			providers.Giganews, providers.Ipvanish,
+			providers.Nordvpn, providers.Purevpn,
 			providers.Surfshark, providers.VPNSecure,
 			providers.VPNUnlimited, providers.Vyprvpn:
 			return fmt.Errorf("%w: for VPN service provider %s",
@@ -99,6 +98,9 @@ func (o OpenVPNSelection) validate(vpnProvider string) (err error) {
 			case providers.Perfectprivacy:
 				allowedTCP = []uint16{44, 443, 4433}
 				allowedUDP = []uint16{44, 443, 4433}
+			case providers.Privado:
+				allowedTCP = []uint16{443, 1194, 8080, 8443}
+				allowedUDP = []uint16{443, 1194, 8080, 8443}
 			case providers.PrivateInternetAccess:
 				allowedTCP = []uint16{80, 110, 443}
 				allowedUDP = []uint16{53, 1194, 1197, 1198, 8080, 9201}

internal/constants/providers/providers_test.go

@@ -1,9 +1,12 @@
 package providers
 
 import (
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
 )
 
 func Test_All(t *testing.T) {
@@ -21,3 +24,33 @@ func Test_AllWithCustom(t *testing.T) {
 	assert.Contains(t, all, Custom)
 	assert.Len(t, all, len(All())+1)
 }
+
+func TestWorkflowHasAll(t *testing.T) {
+	t.Parallel()
+
+	const path = "../../../.github/workflows/update-servers-list.yml"
+	file, err := os.Open(path)
+	require.NoError(t, err)
+	defer file.Close()
+
+	var data struct {
+		On struct {
+			WorkflowDispatch struct {
+				Inputs struct {
+					Provider struct {
+						Options []string `yaml:"options"`
+					} `yaml:"provider"`
+				} `yaml:"inputs"`
+			} `yaml:"workflow_dispatch"`
+		} `yaml:"on"`
+	}
+	decoder := yaml.NewDecoder(file)
+	err = decoder.Decode(&data)
+	require.NoError(t, err)
+
+	providers := All()
+	expected := make([]string, len(providers)+1)
+	expected[0] = "all"
+	copy(expected[1:], providers)
+	assert.Equal(t, expected, data.On.WorkflowDispatch.Inputs.Provider.Options)
+}

internal/firewall/iptables/iptables.go

@@ -151,9 +151,6 @@ func (c *Config) AcceptOutputTrafficToVPN(ctx context.Context,
 	defaultInterface string, connection models.Connection, remove bool,
 ) error {
 	protocol := connection.Protocol
-	if protocol == "tcp-client" {
-		protocol = "tcp"
-	}
 	instruction := fmt.Sprintf("%s OUTPUT -d %s -o %s -p %s -m %s --dport %d -j ACCEPT",
 		appendOrDelete(remove), connection.IP, defaultInterface, protocol,
 		protocol, connection.Port)

internal/mod/builtin_linux.go

@@ -1,33 +0,0 @@
-package mod
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-var errBuiltinModuleNotFound = errors.New("builtin module not found")
-
-func checkModulesBuiltin(modulesPath, moduleName string) error {
-	f, err := os.Open(filepath.Join(modulesPath, "modules.builtin"))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	moduleName = strings.TrimSuffix(moduleName, ".ko")
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		line = strings.TrimSuffix(line, ".ko")
-		if strings.HasSuffix(line, "/"+moduleName) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf("%w: %s", errBuiltinModuleNotFound, moduleName)
-}

internal/mod/configgz_linux.go

@@ -76,28 +76,51 @@ func checkProcConfig(moduleName string) error {
 
 func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]string, ok bool) {
 	moduleMap := map[string][][]string{
+		"x_tables":  {{"CONFIG_NETFILTER_XTABLES"}},
 		"nf_tables": {{"CONFIG_NF_TABLES"}},
 
 		// Netfilter Matches
-		"xt_conntrack": {{"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"}},
+		"xt_conntrack": {
+			{"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"},
+			{"CONFIG_IP_NF_MATCH_CONNTRACK"}, // old kernels
+		},
 		"xt_connmark": {
 			{"CONFIG_NETFILTER_XT_CONNMARK"},
 			{"CONFIG_NETFILTER_XT_MATCH_CONNMARK", "CONFIG_NETFILTER_XT_TARGET_CONNMARK"},
 		},
 		"xt_mark": {
 			{"CONFIG_NETFILTER_XT_MARK"},
-			{"CONFIG_NETFILTER_XT_MATCH_MARK", "CONFIG_NETFILTER_XT_TARGET_MARK"},
+			{"CONFIG_NETFILTER_XT_MATCH_MARK"},
 		},
+		"nf_conntrack":         {{"CONFIG_NF_CONNTRACK"}},
+		"nf_conntrack_ipv4":    {{"CONFIG_NF_CONNTRACK_IPV4"}},
+		"nf_conntrack_ipv6":    {{"CONFIG_NF_CONNTRACK_IPV6"}},
 		"nf_conntrack_netlink": {{"CONFIG_NF_CT_NETLINK"}},
-		"nf_reject_ipv4":       {{"CONFIG_NF_REJECT_IPV4"}},
+
+		// Nftables
+		"nft_compat":            {{"CONFIG_NFT_COMPAT"}},
+		"nft_ct":                {{"CONFIG_NFT_CT"}},
+		"nft_connmark":          {{"CONFIG_NFT_CONNMARK"}},
+		"nft_chain_filter":      {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}},
+		"nft_chain_filter_ipv4": {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}},
+		"nft_chain_filter_ipv6": {{"CONFIG_NFT_CHAIN_FILTER_IPV6"}},
+		"nft_chain_mangle_ipv4": {{"CONFIG_NFT_CHAIN_MANGLE_IPV4"}},
+		"nft_chain_mangle_ipv6": {{"CONFIG_NFT_CHAIN_MANGLE_IPV6"}},
+		"nft_reject":            {{"CONFIG_NFT_REJECT_INET"}, {"CONFIG_NFT_REJECT_IPV4"}},
+
+		// Iptables
+		"iptable_filter":  {{"CONFIG_IP_NF_FILTER"}},
+		"ip6table_filter": {{"CONFIG_IP6_NF_FILTER"}},
+		"ip_tables":       {{"CONFIG_IP_NF_IPTABLES"}},
+		"ip6_tables":      {{"CONFIG_IP6_NF_IPTABLES"}},
 
 		// Common Netfilter Targets
-		"xt_log": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}},
-		"xt_reject": {
+		"xt_LOG": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}},
+		"xt_REJECT": {
 			{"CONFIG_IP_NF_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"},
 			{"CONFIG_NETFILTER_XT_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"},
 		},
-		"xt_masquerade": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}},
+		"xt_MASQUERADE": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}},
 
 		// Additional Netfilter Matches
 		"xt_addrtype":  {{"CONFIG_NETFILTER_XT_MATCH_ADDRTYPE"}},
@@ -118,7 +141,7 @@ func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]strin
 		"fuse":    {{"CONFIG_FUSE_FS"}},
 	}
 
-	featureGroups, ok = moduleMap[strings.ToLower(moduleName)]
+	featureGroups, ok = moduleMap[moduleName]
 	return featureGroups, ok
 }
 

internal/mod/probe_linux.go

@@ -10,9 +10,7 @@ import (
 // It first tries to locate the modules directory in [getModulesPath].
 // If it fails (like on WSL), it then only checks for the kernel feature
 // in /proc/config.gz with [checkProcConfig].
-// Otherwise, it first checks if the modules directory modules.builtin
-// file contains the given module name in [checkModulesBuiltin].
-// If the module is not found, it then runs the classic [modProbe] behavior,
+// Otherwise, it then runs the classic [modProbe] behavior,
 // trying to load the module in the kernel.
 // If this fails, it does one final try running [checkProcConfig].
 func Probe(moduleName string) error {
@@ -28,14 +26,11 @@ func Probe(moduleName string) error {
 		return fmt.Errorf("getting modules path: %w", err)
 	}
 
-	err = checkModulesBuiltin(modulesPath, moduleName)
+	err = modProbe(modulesPath, moduleName)
 	if err != nil {
-		err = modProbe(modulesPath, moduleName)
+		err = checkProcConfig(moduleName)
 		if err != nil {
-			err = checkProcConfig(moduleName)
-			if err != nil {
-				return fmt.Errorf("checking /proc/config.gz: %w", err)
-			}
+			return fmt.Errorf("checking /proc/config.gz: %w", err)
 		}
 	}
 	return nil

internal/openvpn/extract/extract.go

@@ -81,10 +81,7 @@ func extractDataFromLine(line string) (
 	return ip, 0, "", nil
 }
 
-var (
-	errProtoLineFieldsCount = errors.New("proto line has not 2 fields as expected")
-	errProtocolNotSupported = errors.New("network protocol not supported")
-)
+var errProtoLineFieldsCount = errors.New("proto line has not 2 fields as expected")
 
 func extractProto(line string) (protocol string, err error) {
 	fields := strings.Fields(line)
@@ -92,13 +89,25 @@ func extractProto(line string) (protocol string, err error) {
 		return "", fmt.Errorf("%w: %s", errProtoLineFieldsCount, line)
 	}
 
-	switch fields[1] {
-	case "tcp", "tcp4", "tcp6", "tcp-client", "udp", "udp4", "udp6":
-	default:
-		return "", fmt.Errorf("%w: %s", errProtocolNotSupported, fields[1])
-	}
+	return parseProto(fields[1])
+}
 
-	return fields[1], nil
+var errProtocolNotSupported = errors.New("network protocol not supported")
+
+func parseProto(field string) (protocol string, err error) {
+	switch field {
+	case "tcp", "tcp4", "tcp6", "tcp-client":
+		// tcp4, tcp6 can be assimilated as tcp since the IP version is
+		// determined by the remote IP address version.
+		// tcp-client is a synonym of tcp for OpenVPN 2.5+ acting in client mode.
+		return constants.TCP, nil
+	case "udp", "udp4", "udp6":
+		// udp4, udp6 can be assimilated as udp since the IP version is
+		// determined by the remote IP address version.
+		return constants.UDP, nil
+	default:
+		return "", fmt.Errorf("%w: %s", errProtocolNotSupported, field)
+	}
 }
 
 var (
@@ -136,11 +145,9 @@ func extractRemote(line string) (ip netip.Addr, port uint16,
 	}
 
 	if n > 3 { //nolint:mnd
-		switch fields[3] {
-		case "tcp", "udp":
-			protocol = fields[3]
-		default:
-			return netip.Addr{}, 0, "", fmt.Errorf("%w: %s", errProtocolNotSupported, fields[3])
+		protocol, err = parseProto(fields[3])
+		if err != nil {
+			return netip.Addr{}, 0, "", fmt.Errorf("parsing protocol from remote line: %w", err)
 		}
 	}
 

internal/openvpn/extract/extract_test.go

@@ -105,7 +105,7 @@ func Test_extractDataFromLine(t *testing.T) {
 		},
 		"tcp-client": {
 			line:     "proto tcp-client",
-			protocol: "tcp-client",
+			protocol: constants.TCP,
 		},
 		"extract remote error": {
 			line:  "remote bad",
@@ -239,7 +239,7 @@ func Test_extractRemote(t *testing.T) {
 		},
 		"invalid protocol": {
 			line: "remote 1.2.3.4 8000 bad",
-			err:  errors.New("network protocol not supported: bad"),
+			err:  errors.New("parsing protocol from remote line: network protocol not supported: bad"),
 		},
 		"IP host and port and protocol": {
 			line:     "remote 1.2.3.4 8000 udp",

internal/provider/expressvpn/openvpnconf.go

@@ -18,7 +18,10 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
 			openvpn.AES256gcm, openvpn.AES256cbc, openvpn.AES128gcm,
 		},
 		Auth:           openvpn.SHA512,
-		CAs:            []string{"MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcxDDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhwcmVzc1ZQTjEWMBQGA1UEAwwNRXhwcmVzc1ZQTiBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBleHByZXNzdnBuLmNvbTAeFw0xNTEwMjEwMDAwMDBaFw0yNjA0MDEyMTEyMDBaMIGEMQswCQYDVQQGEwJWRzEMMAoGA1UECAwDQlZJMRMwEQYDVQQKDApFeHByZXNzVlBOMRMwEQYDVQQLDApFeHByZXNzVlBOMRYwFAYDVQQDDA1FeHByZXNzVlBOIENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzXvHZ25OsESKRMQFINHJNqE9kVRLWJS50oVB2jxobudPhCsWvJSApvar8CB2RrqkVMhXu2HT3FBtDL91INg070qAyjjRpzEbDPWqQ1+G0tk0sjiJt2mXPJK2IlNFnhe6rTs09Pkpcp8qRhfZay/dIlmagohQAr4JvYL1Ajg9A3sLb8JkY03H6GhOF8EKYTqhrEppCcg4sQKQhNSytRoQAm8Ta+tnTYIedwWpqjUXP9YXFOvljPaixfYug24eAkpTjeuWTcELSyfnuiBeK+z9+5OYunhqFt2QZMq33kLFZGMN2gHRCzngxxphurypsPRo7jiFgQI1yLt8uZsEZ+otGEK91jjKfOC+g9TBy2RUtxk1neWcQ6syXDuc3rBNrGA8iM0ZoEqQ1BC8xWr3NYlSjqN+1mgpTAX3/Dxze4GzHd7AmYaYJV8xnKBVNphlMlg1giCAu5QXjMxPbfCgZiEFq/uq0SOKQJeT3AI/uVPSvwCMWByjyMbDpKKAK8Hy3UT5m4bCNu8J7bxj+vdnq0A2HPwtF0FwBl/TIM3zNsyFrZZ0j6jLRT50mFsgDBKcD4L/J5rjdCsKPu5rodhxe38rCx2GknP1Zkov4yoVCcR48+CQwg3oBkq0/EflvWUvcYApzs9SomUM/g+8Q/V0WOfJmFWuxN9YntZlnzHRSRjrvMCAwEAAaNzMHEwHQYDVR0OBBYEFIzmQGj8xS+0LLklwqHD45VVOZRJMB8GA1UdIwQYMBaAFIzmQGj8xS+0LLklwqHD45VVOZRJMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBFjANBgkqhkiG9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5F5WH6/RwHmWTwX4GxuCiIVtx70CjkXqhM8yZtTp1UtHLRNYcNSIes0vrAPHPgoA5z9B8UvsOjuP+mfcjzi0LGGrY+2pJu0BKO2dRnarIZZABETIisI3FokoTszx5jpRPyxyUTuRDKWHrvi0PPtOmC8nFahfugWFUi6uBsqCaSeuex+ahnTPCq0b1l0Ozpg0YeE8CW1TL9Y92b01up2c+PP6wZOIm3JyTH+L5smDFbh80V42dKyGNdPXMg5IcJhj3YfAy4k8h/qbWY57KFcIzKx40bFsoI7PeydbGtT/dIoFLSZRLW5bleXNgG9mXZp270UeEC6CpATCS6uVl8LVT1I02uulHUpFaRmTEOrmMxsXGt6UAwYTY55K/B8uuID341xKbeC0kzhuN2gsL5UJaocBHyWK/AqwbeBttdhOCLwoaj7+nSViPxICObKrg3qavGNCvtwy/fEegK9X/wlp2e2CFlIhFbadeXOBr9Fn8ypYPP17mTqe98OJYM04="}, //nolint:lll
+		CAs: []string{
+			"MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcxDDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhwcmVzc1ZQTjEWMBQGA1UEAwwNRXhwcmVzc1ZQTiBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBleHByZXNzdnBuLmNvbTAeFw0xNTEwMjEwMDAwMDBaFw0yNjA0MDEyMTEyMDBaMIGEMQswCQYDVQQGEwJWRzEMMAoGA1UECAwDQlZJMRMwEQYDVQQKDApFeHByZXNzVlBOMRMwEQYDVQQLDApFeHByZXNzVlBOMRYwFAYDVQQDDA1FeHByZXNzVlBOIENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzXvHZ25OsESKRMQFINHJNqE9kVRLWJS50oVB2jxobudPhCsWvJSApvar8CB2RrqkVMhXu2HT3FBtDL91INg070qAyjjRpzEbDPWqQ1+G0tk0sjiJt2mXPJK2IlNFnhe6rTs09Pkpcp8qRhfZay/dIlmagohQAr4JvYL1Ajg9A3sLb8JkY03H6GhOF8EKYTqhrEppCcg4sQKQhNSytRoQAm8Ta+tnTYIedwWpqjUXP9YXFOvljPaixfYug24eAkpTjeuWTcELSyfnuiBeK+z9+5OYunhqFt2QZMq33kLFZGMN2gHRCzngxxphurypsPRo7jiFgQI1yLt8uZsEZ+otGEK91jjKfOC+g9TBy2RUtxk1neWcQ6syXDuc3rBNrGA8iM0ZoEqQ1BC8xWr3NYlSjqN+1mgpTAX3/Dxze4GzHd7AmYaYJV8xnKBVNphlMlg1giCAu5QXjMxPbfCgZiEFq/uq0SOKQJeT3AI/uVPSvwCMWByjyMbDpKKAK8Hy3UT5m4bCNu8J7bxj+vdnq0A2HPwtF0FwBl/TIM3zNsyFrZZ0j6jLRT50mFsgDBKcD4L/J5rjdCsKPu5rodhxe38rCx2GknP1Zkov4yoVCcR48+CQwg3oBkq0/EflvWUvcYApzs9SomUM/g+8Q/V0WOfJmFWuxN9YntZlnzHRSRjrvMCAwEAAaNzMHEwHQYDVR0OBBYEFIzmQGj8xS+0LLklwqHD45VVOZRJMB8GA1UdIwQYMBaAFIzmQGj8xS+0LLklwqHD45VVOZRJMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBFjANBgkqhkiG9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5F5WH6/RwHmWTwX4GxuCiIVtx70CjkXqhM8yZtTp1UtHLRNYcNSIes0vrAPHPgoA5z9B8UvsOjuP+mfcjzi0LGGrY+2pJu0BKO2dRnarIZZABETIisI3FokoTszx5jpRPyxyUTuRDKWHrvi0PPtOmC8nFahfugWFUi6uBsqCaSeuex+ahnTPCq0b1l0Ozpg0YeE8CW1TL9Y92b01up2c+PP6wZOIm3JyTH+L5smDFbh80V42dKyGNdPXMg5IcJhj3YfAy4k8h/qbWY57KFcIzKx40bFsoI7PeydbGtT/dIoFLSZRLW5bleXNgG9mXZp270UeEC6CpATCS6uVl8LVT1I02uulHUpFaRmTEOrmMxsXGt6UAwYTY55K/B8uuID341xKbeC0kzhuN2gsL5UJaocBHyWK/AqwbeBttdhOCLwoaj7+nSViPxICObKrg3qavGNCvtwy/fEegK9X/wlp2e2CFlIhFbadeXOBr9Fn8ypYPP17mTqe98OJYM04=", //nolint:lll
+			"MIIGqjCCBJKgAwIBAgIUfTu1OKHHguAcfIyUn3CIZl2EMDcwDQYJKoZIhvcNAQENBQAwgYUxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNVBAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xFzAVBgNVBAMMDkV4cHJlc3NWUE4gQ0EzMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMCAXDTI0MTEwNjA0MzE1M1oYDzIxMjQxMDEzMDQzMTUzWjCBhTELMAkGA1UEBhMCVkcxDDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhwcmVzc1ZQTjEXMBUGA1UEAwwORXhwcmVzc1ZQTiBDQTMxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZXhwcmVzc3Zwbi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCWIv5F4B+LjenICyenASeml80jllmV71080/XPSA9NaygXLr5ui9NPyjKrn7vL74HnmCEgPEU0yysWCY29pnF7yid182pl8CMM+naAcIDFJd6jR4YfWmJZ4Djj9w3WK/pIWw/gXl3UPyqiN7TziainkH4RFM/S0/08IOjYvqD7HhcxZFj5cfWo/wW7lHNmlnDkQx/FuYEqLCfBKoLer2kVPHu0b/QdLZ4cp/dLAuFjbQdaxXsywMxLldRs8ToMaFuoWdrJkohlmBlXqt1IGKUUht4Ju2Nqdgi8CsMd63XAWit+Gr+d+0AI4nkft5PpNjfulbGlyZLqXSd4D96s3nQqVzjZczTAYNxT6yVZ8K0IDbRbEFGvBZ5n/5jNQaqTTm7yNcrmqbfL8EFeDWAZmY33SSgTP4fsA0HC3G3bcuxBk0pcBqCvFYxDPzsfVXlb1Uw3lZyY1Km4AsDQqZQdl5ZRFIEklZdsNELVNveyusPlLAQunwRIEFnYzZTCwhMc9sOY8DsaC1Zcn1dlPenetxMacHC4vOtqgekMubH9pFrqutA2c3Ck1fRxDUXw6AbRrZRX/BrHegfE1GkKKXwUuazSi+3FbBniu4a7bV2RFLYo8Gmo01DzMK5/0rGilpW8mU1q6YwHYSKlxutwN2BWJtXc4dzqE5A5TnfoZgp0gZHOhwIDAQABo4IBDDCCAQgwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUM9vH/Agamn13MFeU9ctFB5culQIwgcUGA1UdIwSBvTCBuoAUM9vH/Agamn13MFeU9ctFB5culQKhgYukgYgwgYUxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNVBAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xFzAVBgNVBAMMDkV4cHJlc3NWUE4gQ0EzMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tghR9O7U4oceC4Bx8jJSfcIhmXYQwNzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQENBQADggIBABZtroQt7d8yy8CN60ErYPbLcwf93iZxDyvqSOqV6si7A4sF0KGDnS6zznsn9aJ+ZNYRYAWtabIkq1mtmdw1fMnC34ywl/28AcumdBM8gv48bE58pwySOeYZNPC+4yTCHIzc322ojP2YhLRKUM0IH9+N3IxmoCFIdEKbGiXEsW4zZahWRBgxr2Ew3D6N8RKsdMrSPw7lvW9eSs3s88lYXF+FtGp5Wid9bzmCa3tgySA7gmNAkLNbm2O8NdM8gBIlCDOI3u8FC7SDS7QyoMn8oeRxlkBkby5OKsZ5j10hSDHEdGrHqNn1bAGfpuRfZVg9kPvnTomjCo2TcD1Ig6iOt6IAKAaOZNgYYT/5ttA8q4Uum8lTYdtQRTWDWHBKYcMjvhWwvhjumYnlN6eaGhsHZEsFBpgHwV454zTMRX6oRbdaJwBGYhODoI3hxB14zqiK/BJi9mq2OQOrfh2MBBrV1w63YkJ0rxXs1PEhx1iI7zjLtGMgBzG2Y7sAa/z3Uo6uAaA7jj+eig3bmZ5Iatw1pfqEQT/M1A/H5aUYq4KOPBB8AkRzpHty003CJrYcr+LsdotRTiqYxB9QAqs7u5WZ82XiYOImN3SgrTcJQPHXWtbUmsx6pxCkHelMMgWCfPSkWGBQCYm/vuOx6Ysea22jH0zuy8GCTYASy7w6ks9JBe", //nolint:lll
+		}, //nolint:lll
 		Cert:           "MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNVBAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4cHJlc3N2cG5fY3VzdG9tZXIxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZXhwcmVzc3Zwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOYt/KOi2uMDGev3pXg8j1SO4J/4EVWDF7vJcKr2jrZlqD/zuAFx2W1YWvwumPO6PKH4PU9621aNdiumaUkv/RplCfznnnxqobhJuTE2oA+rS1bOq+9OhHwF9jgNXNVk+XX4d0toST5uGE6Z3OdmPBur8o5AlCf78PDSAwpFOw5HrgLqOEU4hTweC1/czX2VsvsHv22HRI6JMZgP8gGQii/p9iukqfaJvGdPciL5p1QRBUQIi8P8pNvEp1pVIpxYj7/LOUqb2DxFvgmp2v1IQ0Yu88SWsFk84+xAYHzfkLyS31Sqj5uLRBnJqx3fIlOihQ50GI72fwPMwo+OippvVAgMBAAGjPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOBgQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9Vqzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4UvH6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==",                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       //nolint:lll
 		RSAKey:         "MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/87gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWzqvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6jhFOIU8Hgtf3M19lbL7B79th0SOiTGYD/IBkIov6fYrpKn2ibxnT3Ii+adUEQVECIvD/KTbxKdaVSKcWI+/yzlKm9g8Rb4Jqdr9SENGLvPElrBZPOPsQGB835C8kt9Uqo+bi0QZyasd3yJTooUOdBiO9n8DzMKPjoqab1QIDAQABAoIBAHgsekC0SKi+AOcNOZqJ3pxqophE0V7fQX2KWGXhxZnUZMFxGTc936deMYzjZ1y0lUa6x8cgOUcfqHol3hDmw9oWBckLHGv5Wi9umdb6DOLoZO62+FQATSdfaJ9jheq2Ub2YxsRN0apaXzB6KDKz0oM0+sZ4Udn9Kw6DfuIELRIWwEx4w0v3gKW7YLC4Jkc4AwLkPK03xEA/qImfkCmaMPLhrgVQt+IFfP8bXzL7CCC04rNU/IS8pyjex+iUolnQZlbXntF7Bm4V2mz0827ZVqrgAb/hEQRlsTW3rRkVh+rrdoUE7BCZRTFmRCbLoShjN6XuSf4sAus8ch4UEN12gN0CgYEA4o/tSvij1iPaXLmt4KOEuxqmSGB8MLKhFde8lBbNdrDgxiIH9bH7khKx15XRTX0qLDbs8b2/UJygZG0Aa1kIBqZTXTgeMAuxPRTesALJPdqQ/ROnbJcdFkI7gllrAG8VB0fH4wTRsRd0vWEB6YlCdE107u6LEsLAHxOj9Q5819cCgYEAwXjx9RkQ2qITBx5Ewib8YsltA0n3cmRomPicLlsnKV5DfvyCLpFIsZ1h3f9dUpfxRLwzp8wcoLiq9cCoOGdu1udw/yBTqmhaXWhUK/g77f9Ze2ZB1OEhuyKLYJ1vW/h/Z/a1aPCMxZqsDTPCePsuO8Cez5gqs8LjM3W7EyzRxDMCgYEAvhHrDFt975fSiLoJgo0MPIAGAnBXn+8sLwv3m/FpW+rWF8LTFK/Fku12H5wDpNOdvswxijkauIE+GiJMGMLvdcyx4WHECaC1h73reJRNykOEIZ0Md5BrCZJ1JEzp9Mo8RQhWTEFtvfkkqgApP4g0pSeaMx0StaGG1kt+4IbP+68CgYBrZdQKlquAck/Vt7u7eyDHRcE5/ilaWtqlb/xizz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVMkzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/AipEEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sGUhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmLp7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==",                                                                                                                                                                                                                                                                                                                                                                                                                                                                               //nolint:lll
 		TLSAuth:        "48d9999bd71095b10649c7cb471c1051b1afdece597cea06909b99303a18c67401597b12c04a787e98cdb619ee960d90a0165529dc650f3a5c6fbe77c91c137dcf55d863fcbe314df5f0b45dbe974d9bde33ef5b4803c3985531c6c23ca6906d6cd028efc8585d1b9e71003566bd7891b9cc9212bcba510109922eed87f5c8e66d8e59cbd82575261f02777372b2cd4ca5214c4a6513ff26dd568f574fd40d6cd450fc788160ff68434ce2bf6afb00e710a3198538f14c4d45d84ab42637872e778a6b35a124e700920879f1d003ba93dccdb953cdf32bea03f365760b0ed8002098d4ce20d045b45a83a8432cc737677aed27125592a7148d25c87fdbe0a3f6",                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       //nolint:lll

internal/provider/privado/connection.go

@@ -9,7 +9,7 @@ import (
 func (p *Provider) GetConnection(selection settings.ServerSelection, ipv6Supported bool) (
 	connection models.Connection, err error,
 ) {
-	defaults := utils.NewConnectionDefaults(0, 1194, 0) //nolint:mnd
+	defaults := utils.NewConnectionDefaults(1194, 1194, 0) //nolint:mnd
 	return utils.GetConnection(p.Name(),
 		p.storage, selection, defaults, ipv6Supported, p.randSource)
 }