vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-06 20:10:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • b63702cf63 Chore(ci): Bump peter-evans/create-pull-request from 7 to 8 (#3175) dependabot[bot] 2026-03-07 00:19:12 -05:00
  • ede2509132 Chore(deps): Bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1 (#3090) dependabot[bot] 2026-03-07 00:16:20 -05:00
  • 100124e8b8 Chore(github): Bump crazy-max/ghaction-github-labeler from 5 to 6 (#3174) dependabot[bot] 2026-03-07 00:15:46 -05:00
  • 850a91b35f Chore(deps): Bump github.com/klauspost/compress from 1.18.1 to 1.18.4 (#3198) dependabot[bot] 2026-03-07 00:14:23 -05:00
  • 4a40f0fdee chore(deps): Bump DavidAnson/markdownlint-cli2-action from 21 to 22 (#3041) dependabot[bot] 2026-03-07 00:13:52 -05:00
  • b7735ecc00 fix(updater): only uses DoH to cloudflare+google - prevent dns plaintext manipulation both the periodic update and when running in cli mode - possibly higher reliability on poor connections versus UDP - drop -dns flag in update command - for now no configuration allowed since it makes everything rather complex Quentin McGaw 2026-03-06 21:01:52 +00:00
  • 457e5597bb feat(others): optional BORINGPOLL_GLUETUNCOM to fight AI slop scammy gluetun[dot]com Quentin McGaw 2026-03-06 16:27:16 +00:00
  • 2460b56c2b chore(github): make closed issue message cleaner Quentin McGaw 2026-03-06 16:05:17 +00:00
  • 5b2f86f4e7 fix(expressvpn): remove pakistan server Quentin McGaw 2026-03-06 14:01:00 +00:00
  • 49317ecb8a Chore(deps): Bump golang.org/x/net from 0.49.0 to 0.51.0 (#3200) dependabot[bot] 2026-03-06 14:56:57 +01:00
  • bd275aaea8 chore(github): add MTU discovery category label Quentin McGaw 2026-03-05 17:03:17 +00:00
  • 39bd9854f7 chore(vpn): find VPN route earlier in MTU update function Quentin McGaw 2026-03-05 16:56:42 +00:00
  • c2c9504e94 hotfix(pmtud): set TCP MSS before changing MTU, and revert to original MTU if TCP MSS route set fails Quentin McGaw 2026-03-05 16:53:26 +00:00
  • 48317a0d55 feat(main): log out OS, kernel version and architecture on start Quentin McGaw 2026-03-05 16:49:27 +00:00
  • 6c3f519c62 Chore(deps): Bump docker/login-action from 3 to 4 (#3189) dependabot[bot] 2026-03-05 17:15:36 +01:00
  • b7cbea1ce6 fix(expressvpn): fix missing characters in CA string (#3192) Dennis Nienhuis 2026-03-05 17:15:07 +01:00
  • d8a3cc3dfa hotfix(constants/providers): remove TestWorkflowHasAll to decouple CI files from tests Quentin McGaw 2026-03-04 22:09:36 +00:00
  • b1da4c4b86 hotfix(lint): fix lint errors introduced with expressvpn commit Quentin McGaw 2026-03-04 22:02:29 +00:00
  • 579bd8e416 feat(airvpn): update servers data (#3186) github-actions[bot] 2026-03-04 20:53:28 +01:00
  • 7bf59ebfb4 chore(ci): set PR title and description for updating servers workflow PR Quentin McGaw 2026-03-04 19:51:40 +00:00
  • eb0938ad81 [create-pull-request] automated change bot/update-servers-list-1772653494 qdm12 2026-03-04 19:44:54 +00:00
  • 4ac25b9dd1 hotfix(ci): fix file changes detection in update servers workflow Quentin McGaw 2026-03-04 19:43:39 +00:00
  • 4bcbd29fb9 chore(ci): allow to specify provider to update servers data on dispatch Quentin McGaw 2026-03-04 19:24:53 +00:00
  • a8ee1d7a63 fix(expressvpn): add new CA3 certificate to fix TLS handshake failure (#3184) Dennis Nienhuis 2026-03-04 20:01:24 +01:00
  • c6c3a2bf1b fix(openvpn/extract): restrict custom openvpn config protocol to tcp or udp internally - Fix #3179 - I believe specifying tcp4, tcp6 or tcp-client does not change anything versus tcp + remote ip address - I believe specifying udp4 or udp6 does not change anything versus tcp + remote ip address - Simplify firewall code to not account for tcp-client etc. Quentin McGaw 2026-03-04 18:58:33 +00:00
  • e7b25a0d5e chore(mod): simplify code and add more kernel config constants Quentin McGaw 2026-03-02 23:20:47 +00:00
  • 11cd62f6b1 feat(ci): periodic workflow to update the maintainers servers list with pull requests (#3010) shwoop 2026-03-03 01:32:05 +01:00
  • eb9f1b4e36 Revert mod changes Quentin McGaw 2026-03-02 23:19:53 +00:00
  • a62220d7b6 give up on kernel modules checks Quentin McGaw 2026-03-02 23:17:08 +00:00
  • ed26957a1a fix(privado): allow additional OpenVPN ports 443, 8080 and 8443 for both tcp and udp Quentin McGaw 2026-03-01 11:59:03 +00:00
  • 54b55c594f fix(privado): allow OpenVPN TCP protocol Quentin McGaw 2026-03-01 11:58:16 +00:00
  • cd9ba54b37 wip nftables Quentin McGaw 2026-02-28 22:38:52 +00:00
  • 781e74f77a chore: merge iptables SetIPv4AllPolicies and SetIPv6AllPolicies together Quentin McGaw 2026-02-28 15:25:15 +00:00
  • fa0941a529 add nftables to dev container Quentin McGaw 2026-02-28 15:24:37 +00:00
  • e87d915f15 chore(firewall/iptables): modprobe and cache support for xt_mark and nf_tables Quentin McGaw 2026-02-26 12:28:09 +00:00
  • 594b1db98b Require xt_CONNMARK and define its kernel config values Quentin McGaw 2026-02-28 15:13:23 +00:00
  • ec24ffdfd8 hotfix(firewall): save and restore behavior fixed - restore if IPv4 set all policies fails - fix deadlock when using iptables custom rules - fix setting ipv6 rules when running runMixedIptablesInstruction Quentin McGaw 2026-02-28 14:37:58 +00:00
  • bfc8136bc9 Fourth fallback, use DROP temporarily instead of REJECT Quentin McGaw 2026-02-27 12:17:12 +00:00
  • 1fd4cc511a Fix kernel module names Quentin McGaw 2026-02-27 12:16:54 +00:00
  • b9d49e0661 Chore(deps): Bump github.com/breml/rootcerts from 0.3.3 to 0.3.4 (#3128) dependabot[bot] 2026-02-27 02:16:31 +01:00
  • af0bc3e224 allow custom chain name targets Quentin McGaw 2026-02-26 23:18:44 +00:00
  • 302f1f11f7 only use kernel modules error as context to an actual error, not as a requirement since some systems don't show what they support reliably Quentin McGaw 2026-02-26 20:49:28 +00:00
  • f654dece66 Reject output public ip traffic for 1s as another fallback Quentin McGaw 2026-02-26 18:04:23 +00:00
  • a37354426b Fallback to accepting only NEW output public traffic if conntrack netlink isn't supported Quentin McGaw 2026-02-26 15:53:07 +00:00
  • dfac2b2f1a Flush conntrack on every firewall enabling Quentin McGaw 2026-02-25 22:08:23 +00:00
  • 6467f3b4ad Flush using AF_UNSPEC and netfilter package Quentin McGaw 2026-02-25 22:03:01 +00:00
  • 2bb4deccd5 feat(firewall): atomic iptables operations - all operations rollback on failure - disabling the firewall means rolling back to its state before enabling it - aligns with nftables atomicity feature Quentin McGaw 2026-02-26 22:58:52 +00:00
  • 0d0c0fb143 feat(dns): update block files after DNS server is up for a faster bootup Quentin McGaw 2026-02-26 18:40:19 +00:00
  • 885e491bb7 chore(dns): clarify "ready" dns message when DNS server is up and being used Quentin McGaw 2026-02-26 18:39:56 +00:00
  • e75ae21dcd fix(mod): probe searches for features built-in the kernel Quentin McGaw 2026-02-26 16:24:30 +00:00
  • 4b8dc8ded7 fix(privado): update servers data using JSON API - Fixes #3159 - Fixes #2118 - Fixes #2657 Quentin McGaw 2026-02-25 16:02:52 +00:00
  • 0eeee5c496 chore(pmtud): clarify debug logs and fix log error message Quentin McGaw 2026-02-25 04:07:27 +00:00
  • d21953f62e chore(firewall): split apart iptables specific code in internal/firewall/iptables Quentin McGaw 2026-02-25 03:45:17 +00:00
  • 034f8f6331 hotfix(netlink): specify IP family for conntrack calls and make conntrack failure a warning Quentin McGaw 2026-02-25 02:40:44 +00:00
  • 01487b5caf feat(protonvpn): add suggestions on some port forwarding errors Quentin McGaw 2026-02-23 21:19:08 +00:00
  • 625a63e7c2 fix(firewall): flush conntrack table after enabling firewall at container start - prevent leaks for connections made the first ~10 milliseconds when Gluetun starts - seems critical, but in practice this very rarely happen and it very hard to reproduce Quentin McGaw 2026-02-21 19:39:22 +00:00
  • 0c3e5d94d8 change!(server): auth is now required for all routes (#2980) Quentin McGaw 2026-02-20 18:10:53 +01:00
  • d586793169 fix(all): increase global http client timeout to 35s and precise lower timeouts where needed - Fix DNS blocklists slow downloads, fix #3102 - Leave 35s timeout for updaters - Set timeouts to 1s for local calls - Set timeouts to 5s for LAN VPN calls and small external calls - Set timeouts to 10s external VPN API calls Quentin McGaw 2026-02-20 16:40:51 +00:00
  • c5eacac644 chore(pmtud/tcp): remove unused TCP flags Quentin McGaw 2026-02-20 16:25:14 +00:00
  • 7fbf2cbee3 hotfix(pmtud/tcp): return an error if no MSS destination server worked Quentin McGaw 2026-02-20 16:25:02 +00:00
  • 1dee183a70 chore(pmtud/tcp): silently discard IPv6 network unreachable errors Quentin McGaw 2026-02-20 16:24:25 +00:00
  • c66d8bed00 hotfix(pmtud/tcp): fix code for IPv6 destinations Quentin McGaw 2026-02-20 16:23:40 +00:00
  • 73b3e2c88a chore(pmtud/tcp): remove unused test code Quentin McGaw 2026-02-20 15:18:15 +00:00
  • ea87c0a2aa hotfix(pmtud): lower min MTU to MSS-matching-MTU minus 100 in case MSS is very small Quentin McGaw 2026-02-19 22:39:24 +00:00
  • 2192874de8 hotfix(pmtud/icmp): ignore non echo messages instead of returning an error Quentin McGaw 2026-02-19 18:05:48 +00:00
  • 007c5159f4 hotfix(pmtud): increase TCP margin from 150 to 300 compared to ICMP found MTU Quentin McGaw 2026-02-19 17:24:06 +00:00
  • c6b211ef9b feat(pmtud/tcp): support mixed IPv4 and IPv6 TCP servers - Add default cloudflare and google tls ipv6 servers to default tcp servers - update integration test to try against both ipv4 and ipv6 servers Quentin McGaw 2026-02-19 17:11:16 +00:00
  • 1c43a045d1 hotfix(pmtud/tcp): fix timeout apply per network call, not globally Quentin McGaw 2026-02-19 17:02:14 +00:00
  • 56b9e108be chore(pmtud/tcp): add :53 TCP servers to the default list Quentin McGaw 2026-02-19 16:46:48 +00:00
  • 67b66bba9e hotfix(pmtud/icmp): set IPv6 dont fragment options just in case Quentin McGaw 2026-02-19 16:32:33 +00:00
  • 8d86470905 feat(pmtud/tcp): use the TCP server with highest MSS to run MTU tests Quentin McGaw 2026-02-19 14:03:46 +00:00
  • fb85ae79d1 chore(pmtud/tcp): move test helpers in helpers_test.go Quentin McGaw 2026-02-19 13:07:15 +00:00
  • 783616f61d chore(pmtud/tcp): close connections with an RST packet on context cancelation Quentin McGaw 2026-02-19 12:22:42 +00:00
  • bc79901f1e chore(pmtud/tcp): restrict temp firewall rules to source ip and source port Quentin McGaw 2026-02-18 22:26:57 +00:00
  • 1c56189abc hotfix(pmtud/tcp): fix rare race condition Quentin McGaw 2026-02-18 19:07:31 +00:00
  • 224618337c hotfix(pmtud/tcp): respect MSS from server into account Quentin McGaw 2026-02-18 18:32:10 +00:00
  • 183d351b58 chore(pmtud/icmp): do not use net.ErrClosed when inappropriate Quentin McGaw 2026-02-17 21:44:30 +00:00
  • 04d7cef294 hotfix(pmtud/tcp): block kernel from racing to send RST packets - this makes PMTUD TCP reliable - this only works on kernels with the mark module - on kernels without the mark module, the icmp pmtud mtu found is used Quentin McGaw 2026-02-17 19:33:51 +00:00
  • 5f903d1fbf chore(pmtud): remove calls to syscall in favor of unix and windows - syscall is deprecated and is not kept up-to-date - each OS is inherently different hence the syscall being deprecated Quentin McGaw 2026-02-17 16:19:45 +00:00
  • d43eb1658f chore(firewall): support TCP flags for future changes Quentin McGaw 2026-02-17 14:15:15 +00:00
  • 36dfd5b631 hotfix(pmtud): do not try every address for ICMP PMTUD Quentin McGaw 2026-02-16 20:46:28 +00:00
  • f81b8342d6 hotfix(pmtud/tcp): temporary test fix Quentin McGaw 2026-02-16 20:44:00 +00:00
  • cdec25da52 feat(pmtud/tcp): generate MTU test data to mimic TLS if possible to avoid being blocked Quentin McGaw 2026-02-16 19:57:12 +00:00
  • 201d1041f4 hotfix(pmtud/tcp): send MTU data in first and only ACK packet - less likely to be flagged - correct using TCP fast-open Quentin McGaw 2026-02-16 19:56:14 +00:00
  • dc78b4ecce fix(dns): skip blocking if block lists download fails Quentin McGaw 2026-02-16 15:27:07 +00:00
  • d75b48d123 chore(dns): update filter block lists without restarting DNS server Quentin McGaw 2026-02-16 15:23:57 +00:00
  • e828ea1462 feat(dns): allow parent domains to be exempt from rebinding protection - Specify with *.domain.com in DNS_REBINDING_PROTECTION_EXEMPT_HOSTNAMES - Fix #3135 Quentin McGaw 2026-02-16 14:44:44 +00:00
  • be92aa2ac4 Path MTU discovery fixes and improvements (#3109) Quentin McGaw 2026-02-15 01:40:34 +01:00
  • 8f1fda7646 fix(healthcheck): corret behavior when HEALTH_RESTART_VPN=off and startup check fails Quentin McGaw 2026-02-11 17:33:14 +00:00
  • 8eb990eb66 chore(ci): ignore .golangci.yml file for reviewdog Quentin McGaw 2026-02-11 14:25:09 +00:00
  • 7f22fb3276 fix(protonvpn): support port 51820 for UDP OpenVPN v3.41.1 v3.41 Quentin McGaw 2026-02-09 15:41:02 +00:00
  • 6909a0c123 fix(healthcheck): prevent race condition and fix #3096 (#3123) Quentin McGaw 2026-02-07 18:11:04 +01:00
  • 3e1f48932a fix(openvpn): only log openvpn version corresponding to OPENVPN_VERSION Quentin McGaw 2026-02-07 16:49:15 +00:00
  • 50744852c5 fix(protonvpn): update OpenVPN settings (#3120) Chris Duck 2026-02-06 07:18:10 -06:00
  • 09e52bc685 fix(httpproxy): remove info log when no Proxy-Authorization header is present Quentin McGaw 2026-01-24 19:39:20 +00:00
  • 857fe425ec fix(wireguard): fix detection of kernelspace wireguard Quentin McGaw 2026-01-20 15:40:59 +00:00
  • 4698daea16 chore(mullvad): remove openvpn support Quentin McGaw 2026-02-11 00:09:36 +00:00
  • db947c17a8 feat(dns): restrict plain DNS output traffic dns-plain-output-retricted Quentin McGaw 2026-02-10 16:19:08 +00:00
  • b0a75673bd chore(dev): ensure project compiles on darwin and windows Quentin McGaw 2026-02-09 15:40:45 +00:00
  • 5f0c499808 fix(protonvpn): support port 51820 for UDP OpenVPN Quentin McGaw 2026-02-09 15:41:02 +00:00