Skip to content

v3.29.0

Compare
Choose a tag to compare
@qdm12 qdm12 released this 11 May 23:11
· 677 commits to master since this release

Features

Firewall

  • Auto-detect iptables and iptables-nft for IPv4 and IPv6
  • Improve error message when NET_ADMIN capability is missing
  • Support all default routes instead of only the first one
    • Accept output traffic from all default routes through VPN interface
    • Accept output from all default routes to outbound subnets
    • Accept all input traffic on ports for all default routes
    • Add IP rules for all default routes
  • Add IPv6 inbound routing

Provider specific

  • Servers update: Mullvad, Privado, PrivateVPN, ProtonVPN, PureVPN, NordVPN, Private Internet Access, Torguard, FastestVPN (thanks @mircoianese #923)
  • NordVPN: remove OpenVPN compression
  • Ivpn: allow no password for account IDs matching i-xxxx-xxxx-xxxx or ivpn-xxxx-xxxx-xxxx

Other

Fixes

  • Health check:
    • HEALTH_TARGET_ADDRESS to replace HEALTH_ADDRESS_TO_PING
    • Remove github.com/go-ping/ping dependency
    • Dial TCP the target address, appending :443 if port is not set
    • Target address defaults to cloudflare.com:443
  • OPENVPN_FLAGS working fixed
  • HEALTH_VPN_DURATION_ADDITION working fixed
  • Privado: fix OPENVPN_PORT usage, thanks @cacti-user
  • Firewall: only set routes for IPv4 default routes
  • Use openvpn 2.4.12-r0 in CI build for openvpn 2.4
  • Fix PureVPN zip file download link (#915 thanks @mircoianese)
  • Private Internet Access: hide escaped url query values (token etc.)
  • NordVPN: allow aes-256-gcm for Openvpn 2.4
  • Private Internet Access: fix certificate validation (use OS certificates instead of custom certificate)
  • Port forwarding: loop exit from vpn loop
  • PUID and PGID as 32 bit unsigned integers instead of 16 bit

Documentation

  • Readme: re-add /dev/net/tun device since some OSes need it
  • Readme: remove old announcement (#938, thanks @martinbjeldbak)

Maintenance

CI

  • Add CodeQL analysis workflow
  • Bump actions/checkout from 2.4.0 to 3 (#870)
  • Bump docker/build-push-action from 2.8.0 to 2.10.0 (#832, #893)
  • Bump peter-evans/dockerhub-description from 2 to 3 (#908)

Code

  • New internal packages:
    • internal/constants/providers
    • internal/constants/vpn
  • Protonvpn: remove unused exit IPs field in server model
  • ProtonVPN: Change server name JSON field from name to server_name
  • Generic server models:
    • Streamline all server models IP addresses:
      • Use IPs []net.IP for all server models
      • Use ips JSON field for all server models
      • Merge IPv4 and IPv6 addresses together for Mullvad
    • Specify UDP and TCP compatibility for all servers in servers.json
    • Specify VPN protocol for all servers in servers.json
    • Common Server model and Servers model for all providers (#943)
    • Common filtering builder for all providers
    • Common GetConnection for all providers
  • Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#897)
  • Bump github.com/breml/rootcerts from 0.2.2 to 0.2.3 (#926)
  • Routing: remove unused LocalSubnetGetter
  • internal/httpserver: remove name field and prefix in logs
  • Use internal/httpserver for control server
  • Add defensive check for zero connection found from servers (if no IP is defined)
  • Simplify reading of servers JSON file

Dev environment

  • Development container
    • Fix windows script sourcing
    • Remove image name to avoid conflicts
    • Bind mount normally without :z
    • Install htop
  • Update maintenance document