VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
PUBLICIP_API_TOKEN
variablePUBLICIP_API
variable supporting ipinfo
and ip2location
PORT_FORWARD_ONLY
variable (#2070)SERVER_CATEGORIES
(#1806)/run/secrets/wg0.conf
which can be changed with variable WIREGUARD_CONF_SECRETFILE
0.0.0.0/0
or ::/0
) for outbound subnetsSTREAM_ONLY
behavior fixed (#2126)🎉 🎆 Happy new year 2024 🎉 🎆 Personal note at the bottom 😉
VPN_PORT_FORWARDING_LISTENING_PORT
tcp-client
protocol as tcp
DEFAULT:@SECLEVEL=0
server name
header for PIAI have been focusing my effort since mid November on a DNSSEC validator to finalize a Go library on par with the usage we have of Unbound, in order to replace Unbound in Gluetun and add DNS special features for Gluetun. For example:
This is a tough problem not so well documented with few complete and valid implementations, so it's taking some time. There is likely 2 more weeks of work left before finalization.
🎃 Happy Halloween 🎃 Hopefully it is not a spooky release! 😸
WIREGUARD_ALLOWED_IPS
variable (#1291)/gluetun/wireguard/wg0.conf
(#1120)VPN_PORT_FORWARDING_PROVIDER
variable (#1616)-minratio
if not enough servers are found/32
if not present for Wireguard addressesDNS_KEEP_NAMESERVER
leaves DNS fully untouchedupdate
command uses dashes instead of spaces for provider names (i.e. -vpn\ unlimited
-> -vpn-unlimited
)aes-256-gcm
cipher for OpenVPNVPNLocalGatewayIP
Wireguard supportUPDATER_VPN_SERVICE_PROVIDERS
in docker-compose configOPENVPN_PROCESS_USER
value defaults to root
HTTPPROXY_STEALTH=off
HTTP_CONTROL_SERVER_LOG=on
internal/settings
: change source precedence order: Secret files then files then environment variablesinternal/routing
: Wrap setupIPv6
rule error correctlyinternal/vpn
: fix typo portForwader
-> portForwarder
internal/provider
: use type assertion for port forwardersMarkdown
*.md
files only➡️ 📖 Corresponding wiki
WIREGUARD_MTU
enviromnent variable (#1571)OPENVPN_VERSION=2.6
supportRouteList
list routes from all tables and does no longer filter by linkAddrReplace
instead of AddrAdd
internal/routing
:
IPIsPrivate
as ipIsPrivate
VPNDestinationIP
internal/settings
: use github.com/qdm12/gosettings
FileExists
, ObfuscateKey
, BoolToYesNo
gosettings/sources/env
functionsinternal/netlink
:
github.com/vishvananda/netlink
internal/httpproxy
: add Test_returnRedirect
to prevent error wrap of ErrUseLastResponse
internal/settings/secrets
: add test for readSecretFileAsStringPtr
linux
for cross development.vscode
recommendationsdupword
, paralleltest
, gosmopolitan
, mirror
, tagalign
, zerologlint
and gocheckcompilerdirectives
musttag
and fix lint errors (change JSON fields in control server)Just creating another bugfix release since released tag v3.34.2
was wrongly pointed to the master
branch instead of the v3.34
branch.
I also deleted the previous release tag v3.34.2, re-created it and the v3.34.2 image will be overridden just in case.
For changes, check out the description of v3.34.2
HEALTH_SUCCESS_WAIT_DURATION
variable, defaulting to 5sVPN_PORT_FORWARDING_STATUS_FILE
VPN_PORT_FORWARDING
nil
errors.Is
inet.af/netaddr
to net/netip
netip.Prefix
for ip networks instead of net.IPNet
and netaddr.IPPrefix
netip.Addr
instead of net.IP
netip.AddrPort
instead of *net.UDPAddr
inet.af/netaddr
dependencygolang.org/x/net
to 0.10.0
github.com/fatih/color
from 1.14.1
to 1.15.0
golangci-lint
from v1.51.2
to v1.52.2
github.com/vishvananda/netlink
from 1.1.1-0.20211129163951-9ada19101fc5
to 1.2.1-beta.2
golang.org/x/sys
from 0.7.0
to 0.8.0
CopyNetipPrefix
and settings/sources/env envToInt
function~/.gitconfig
WIREGUARD_IMPLEMENTATION
variable which can be auto
(default), userspace
or kernelspace
gchr.io/qdm12/gluetun
Docker image mirrorRTNETLINK answers: File exists
changed to warning level with explanationLinux route add command failed:
changed to warning level with explanationwget
package (fixes #1260, #1494 due to busybox's buggy wget)1
on a program errorAES-256-GCM
cipher443
gchr.io/qdm12/gluetun
github.com/breml/rootcerts
from 0.2.8 to 0.2.10openssl
installedgolangci-lint
upgraded from v1.49.0 to v1.51.2github.com/stretchr/testify
upgraded from 1.8.1 to 1.8.2golang.org/x/text
upgraded from 0.4.0 to 0.8.0github.com/fatih/color
upgraded from 1.13.0 to 1.14.1golang.org/x/sys
upgraded from 0.3.0 to 0.6.0apk-tools
internal/openvpn/extract
: simplify PEM
extraction functioncannot
and failed
prefixesunmarshaling
to decoding
docker/build-push-action
upgraded from 3.2.0 to 4.0.0OPENVPN_IPV6
removed.ovpn
filenames94-1
pemium udp usa, 95-1
premium udp asia, 93-1
pemium udp usa and 96-1
premium tcp asia0
on successful shutdown403
as too many requeststun-ipv6
tun-ipv6
if it is availabletun-ipv6
if ipv6 is not supported on clientOPENVPN_CUSTOM_CONFIG
takes precedence only if VPN_SERVICE_PROVIDER
is emptyudp4
, udp6
, tcp4
or tcp6
provider/utils
: do not check for empty wg keysinternal/config
:
Reader
to Source
structSource
interface locally where neededmux
source to merge
internal/storage/servers.json
: remove "udp": true
for Wireguarddebug
mode-maintainer
or -enduser
update mode