v3.14.0

Features

• Openvpn: add pull filter to ignore ping-restart instructions so Openvpn exits on error (and gets restarted by the program)
• Openvpn: runs as root by default to avoid permission errors, as the entrypoint must run with root anyway. This has more benefits than disadvantages.
• Logging: initial settings log improved
• Logging: log country, region and city corresponding to the public IP address, obtained from https://ipinfo.io, every time openvpn establishes a connection
• Logging: Only log a health message once when the health state changes from unhealthy to healthy or from healthy to unhealthy
• Updater: updater does DNS resolutions during longer periods (20 seconds, all in parallel) in order to obtain a larger pool of IP addresses per VPN server hostname

Bug fixes

• Nordvpn & Windscribe: empty 'nil' connection bug fix
• Windscribe: TLS keys out of sync fixed by adding reneg-sec 0 and ncp-disable options to the openvpn configuration
• Windscribe: Fix SERVER_HOSTNAME to be non compulsory as HOSTNAME was conflicting with the options
• Updater: uses plaintext DNS and not Unbound in order to resolve all hostnames without getting blocked

Maintenance

• Merging settings and params package into a new configuration package to simplify future maintenance
• Add package comments to statisfy new linting rules
• Remove type aliases in order to support proto generated structures for a better API

v3.13.1 - Empty connection fix for NordVPN and Windscribe

Fix: Empty connections for NordVPN and Windscribe

v3.13.0 - Servers information updated

Features

• Update all hardcoded servers information, notably for Private Internet Access and Surfshark
• Update servers information with more IP addresses
• Private Internet Access custom port with environment variable PORT

Bug fixes

• Update mechanism for Private Internet Access
  • Separate TCP and UDP servers as they have different CNs
• Fallback to Alpine 3.12 for 32 bit compatibility
• Fix public IP fetching not triggering on openvpn restarts (fixing #359)
• Fix exit race condition if DNS over TLS setup would not complete
• Fix route option for PureVPN
• CLI operations context passed from top level so a system interrupt now stops the operations
• Only log a subprocess error if it's not nil

Maintenance

• Improve stream merging for openvpn and unbound
• Add panic checks for empty connection passed to firewall

v3.12.2 - Empty connection fix for NordVPN and Windscribe

Fix: Empty connections for NordVPN and Windscribe

v3.11.2 - Empty connection fix for NordVPN and Windscribe

CI: Fix xcputranslate usage

v3.10.4 - Empty connection fix for NordVPN and Windscribe

Fix: Empty connections for NordVPN and Windscribe

v3.12.1: Revert to Alpine 3.12 for 32 bit systems

Revert back to Alpine 3.12 and Openvpn 2.4.10-r0 to fix Openvpn TLS issues with time due to the Alpine 3.13 upgrade.

v3.12.0 Upgrade to Alpine 3.13 and Openvpn ping fixes

Features

• Upgrade Alpine to 3.13
• Set a 10s ping with a 60s exit ping for all openvpn configurations, so that openvpn exits and restarts if it does not receive a ping for 60s
• Openvpn exits if it encounters a TLS issue. It will then be restarted by the entrypoint program.
• OPENVPN_MSSFIX environment variable
• Upgrade Openvpn to 2.5.0

Servers

• Update Nordvpn hardcoded servers list

Bug fixes

• Openvpn restart loop because of ping-restart options, now replaced by ping-exit.

Documentation

• Most documentation moved to the Wiki (reached the Docker hub readme limit of 25KB)

Maintenance

• Configure dependabot to monitor go modules and docker dependencies
• Update and improve development container configuration
• Update golibs and its params package
• OpenVPN BuildConf arity reduced
• Unit test internal/provider/utils.go
• Update golangci-lint to v1.35.2

CI

• All build workflows merged into a single yml configuration file
• Go mod tidy check
• Remove duplicate COPY in Dockerfile
• Fix xcputranslate version and uage
• Set default BUILDPLATFORM=linux/amd64 in Dockerfile for older Docker CLIs

v3.11.1 Fix DNS_KEEP_NAMESERVER behavior

Fix: DNS_KEEP_NAMESERVER

v3.11.0 small stability improvements

Bug fixes

• Unbound log lines processing (showing an ERROR where it was an INFO level)

Features

• Log healthcheck: passed once the healthcheck succeeds after a failed attempt
• Unbound now serves clients from any IP address and not just localhost (access-control: 0.0.0.0/0 allow)
• Improved logging of DNS settings
• s390x and ppc64le CPU architectures supported

Code maintenance

• Using qdm12/dns Go API v1.4.0-rc3
• Using qdm12/updated Go API
• Rework main function
• Add waitgroup to collectStreamLines for a cleaner shutdown

Continuous integration

• Test, lint and build using the native builder CPU architecture only even for cross CPU architecture builds, speeding up builds from 15 minutes to about 5 minutes.
• Change workflow structure and Dockerfile structure, 'glued' together using Docker Buildkit and target images.
• Remove microbadger hooks for branch and release workflows
• Dependabot for Github actions added