Skip to content
This repository has been archived by the owner on Aug 17, 2024. It is now read-only.

feat(container): update image ghcr.io/qdm12/gluetun to v3.39.0 #604

Merged
merged 1 commit into from
Aug 11, 2024
Merged

feat(container): update image ghcr.io/qdm12/gluetun to v3.39.0 #604

merged 1 commit into from
Aug 11, 2024

Conversation

k3s-home-gha-bot[bot]
Copy link
Contributor

This PR contains the following updates:

Package Update Change
ghcr.io/qdm12/gluetun minor v3.38.0 -> v3.39.0

Release Notes

qdm12/gluetun (ghcr.io/qdm12/gluetun)

v3.39.0

Compare Source

Features
  • OpenVPN: default version changed from 2.5 to 2.6
  • Alpine upgraded from 3.18 to 3.20 (3.19 got skipped due to buggy iptables)
  • Healthcheck: change timeout mechanism
    • Healthcheck timeout is no longer fixed to 3 seconds
    • Healthcheck timeout increases from 2s to 4s, 6s, 8s, 10s
    • No 1 second wait time between check retries after failure
    • VPN internal restart may be delayed by a maximum of 10 seconds
  • Firewall:
    • Query iptables binary variants to find which one to use depending on the kernel
    • Prefer using iptables-nft over iptables-legacy (Alpine new default is nft backend iptables)
  • Wireguard:
    • WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL option
    • read configuration file without case sensitivity
  • VPN Port forwarding: only use port forwarding enabled servers if VPN_PORT_FORWARDING=on (applies only to PIA and ProtonVPN for now)
  • FastestVPN:
    • Wireguard support (#​2383 - Credits to @​Zerauskire for the initial investigation and @​jvanderzande for an initial implementation as well as reviewing the pull request)
    • use API instead of openvpn zip file to fetch servers data
    • add city filter SERVER_CITY
    • update built-in servers data
  • Perfect Privacy: port forwarding support with VPN_PORT_FORWARDING=on (#​2378)
  • Private Internet Access: port forwarding options VPN_PORT_FORWARDING_USERNAME and VPN_PORT_FORWARDING_PASSWORD (retro-compatible with OPENVPN_USER and OPENVPN_PASSWORD)
  • ProtonVPN:
    • Wireguard support (#​2390)
    • feature filters SECURE_CORE_ONLY, TOR_ONLY and PORT_FORWARD_ONLY (#​2182)
    • determine "free" status using API tier value
    • update built-in servers data
  • Surfshark: servers data update
  • VPNSecure: servers data update
  • VPN_ENDPOINT_IP split into OPENVPN_ENDPOINT_IP and WIREGUARD_ENDPOINT_IP
  • VPN_ENDPOINT_PORT split into OPENVPN_ENDPOINT_PORT and WIREGUARD_ENDPOINT_PORT
Fixes
  • VPN_PORT_FORWARDING_LISTENING_PORT fixed
  • IPv6 support detection ignores loopback route destinations
  • Custom provider:
    • handle port option line for OpenVPN
    • ignore comments in an OpenVPN configuration file
    • assume port forwarding is always supported by a custom server
  • VPN Unlimited:
    • change default UDP port from 1194 to 1197
    • allow OpenVPN TCP on port 1197
  • Private Internet Access Wireguard and port forwarding
    • Set server name if names filter is set with the custom provider (see #​2147)
  • PrivateVPN: updater now sets openvpn vpn type for the no-hostname server
  • Torguard: update OpenVPN configuration
    • add aes-128-gcm and aes-128-cbc ciphers
    • remove mssfix, sndbuf, rcvbuf, ping and reneg options
  • VPNSecure: associate N / A with no data for servers
  • AirVPN: set default mssfix to 1320-28=1292
  • Surfshark: remove outdated hardcoded retro servers
  • Public IP echo:
    • ip2location parsing for latitude and longitude fixed
    • abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures)
  • internal/server: /openvpn route status get and put
    • get status return stopped if running Wireguard
    • put status changes vpn type if running Wireguard
  • Log out if PORT_FORWARD_ONLY is enabled in the server filtering tree of settings
  • Log last Gluetun release by tag name alphabetically instead of by release date
  • format-servers fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark
  • internal/tun: only create tun device if it does not exist, do not create if it exists and does not work
Documentation
  • readme:
    • clarify shadowsocks proxy is a server, not a client
    • update list of providers supporting Wireguard with the custom provider
    • add protonvpn as custom port forwarding implementation
  • disable Github blank issues
  • Bump github.com/qdm12/gosplash to v0.2.0
    • Add /choose suffix to github links in logs
  • add Github labels: "Custom provider", "Category: logs" and "Before next release"
  • rename FIREWALL_ENABLED to FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT due to the sheer amount of users misusing it. FIREWALL_ENABLED won't do anything anymore. At least you've been warned not to use it...
Maintenance
  • Code health
    • PIA port forwarding:
      • remove dependency on storage package
      • return an error to port forwarding loop if server cannot port forward
    • internal/config:
      • upgrade to github.com/qdm12/gosettings v0.4.2
        • drop github.com/qdm12/govalid dependency
        • upgrade github.com/qdm12/ss-server to v0.6.0
        • do not un-set sensitive config settings anymore
      • removed bad/invalid retro-compatible keys CONTROL_SERVER_ADDRESS and CONTROL_SERVER_PORT
      • OpenVPN protocol field is now a string instead of a TCP boolean
      • Split server filter validation for features and subscription-tier
      • provider name field as string instead of string pointer
    • internal/portforward: support multiple ports forwarded
    • Fix typos in code comments (#​2216)
    • internal/tun: fix unit test for unprivileged user
  • Development environment
    • fix source.organizeImports vscode setting value
    • linter: remove now invalid skip-dirs configuration block
  • Dependencies
    • Bump Wireguard Go dependencies
    • Bump Go from 1.21 to 1.22
    • Bump golang.org/x/net from 0.19.0 to 0.25.0 (#​2138, #​2208, #​2269)
    • Bump golang.org/x/sys from 0.15.0 to 0.18.0 (#​2139)
    • Bump github.com/klauspost/compress from 1.17.4 to 1.17.8 (#​2178, #​2218)
    • Bump github.com/fatih/color from 1.16.0 to 1.17.0 (#​2279)
    • Bump github.com/stretchr/testify to v1.9.0
    • Do not upgrade busybox since vulnerabilities are fixed now with Alpine 3.19+
  • CI
    • Bump DavidAnson/markdownlint-cli2-action from 14 to 16 (#​2214)
    • Bump peter-evans/dockerhub-description from 3 to 4 (#​2075)
  • Github
    • remove empty label description fields
    • add /choose suffix to issue and discussion links
    • review all issue labels: add closed labels, add category labels, rename labels, add label category prefix, add emojis for each label
    • Add issue labels: Popularity extreme and high, Closed cannot be done, Categories kernel and public IP service

v3.38.1

Compare Source

ℹ️ This is a bugfix release for v3.38.0. If you can, please instead use release v3.39.0

Fixes
  • VPN_PORT_FORWARDING_LISTENING_PORT fixed
  • IPv6 support detection ignores loopback route destinations
  • Custom provider:
    • handle port option line for OpenVPN
    • ignore comments in an OpenVPN configuration file
    • assume port forwarding is always supported by a custom server
  • VPN Unlimited:
    • change default UDP port from 1194 to 1197
    • allow OpenVPN TCP on port 1197
  • Private Internet Access Wireguard and port forwarding
    • Set server name if names filter is set with the custom provider (see #​2147)
  • PrivateVPN: updater now sets openvpn vpn type for the no-hostname server
  • Torguard: update OpenVPN configuration
    • add aes-128-gcm and aes-128-cbc ciphers
    • remove mssfix, sndbuf, rcvbuf, ping and reneg options
  • VPNSecure: associate N / A with no data for servers
  • AirVPN: set default mssfix to 1320-28=1292
  • Surfshark: remove outdated hardcoded retro servers
  • Public IP echo:
    • ip2location parsing for latitude and longitude fixed
    • abort ip data fetch if vpn context is canceled (prevents requesting the public IP address N times after N VPN failures)
  • internal/server: /openvpn route status get and put
    • get status return stopped if running Wireguard
    • put status changes vpn type if running Wireguard
  • Log out if PORT_FORWARD_ONLY is enabled in the server filtering tree of settings
  • Log last Gluetun release by tag name alphabetically instead of by release date
  • format-servers fixed missing VPN type header for providers supporting Wireguard: NordVPN and Surfshark
  • internal/tun: only create tun device if it does not exist, do not create if it exists and does not work

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@github-actions GitHub Actions
Copy link 

--- kubernetes/apps/downloads/bitmagnet/app Kustomization: flux-system/bitmagnet HelmRelease: downloads/bitmagnet

+++ kubernetes/apps/downloads/bitmagnet/app Kustomization: flux-system/bitmagnet HelmRelease: downloads/bitmagnet

@@ -46,13 +46,13 @@

               VPN_SERVICE_PROVIDER: protonvpn
             envFrom:
             - secretRef:
                 name: gluetun-secret
             image:
               repository: ghcr.io/qdm12/gluetun
-              tag: v3.38.0
+              tag: v3.39.0
             securityContext:
               allowPrivilegeEscalation: true
               capabilities:
                 add:
                 - NET_ADMIN
               runAsUser: 0
--- kubernetes/apps/downloads/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: downloads/qbittorrent

+++ kubernetes/apps/downloads/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: downloads/qbittorrent

@@ -39,13 +39,13 @@

               VPN_SERVICE_PROVIDER: protonvpn
             envFrom:
             - secretRef:
                 name: gluetun-secret
             image:
               repository: ghcr.io/qdm12/gluetun
-              tag: v3.38.0
+              tag: v3.39.0
             securityContext:
               capabilities:
                 add:
                 - NET_ADMIN
           main:
             dependsOn: gluetun

@github-actions GitHub Actions
Copy link 

--- HelmRelease: downloads/bitmagnet Deployment: downloads/bitmagnet

+++ HelmRelease: downloads/bitmagnet Deployment: downloads/bitmagnet

@@ -78,13 +78,13 @@

           value: 'on'
         - name: VPN_SERVICE_PROVIDER
           value: protonvpn
         envFrom:
         - secretRef:
             name: gluetun-secret
-        image: ghcr.io/qdm12/gluetun:v3.38.0
+        image: ghcr.io/qdm12/gluetun:v3.39.0
         name: gluetun
         securityContext:
           allowPrivilegeEscalation: true
           capabilities:
             add:
             - NET_ADMIN
--- HelmRelease: downloads/qbittorrent Deployment: downloads/qbittorrent

+++ HelmRelease: downloads/qbittorrent Deployment: downloads/qbittorrent

@@ -47,13 +47,13 @@

           value: 'on'
         - name: VPN_SERVICE_PROVIDER
           value: protonvpn
         envFrom:
         - secretRef:
             name: gluetun-secret
-        image: ghcr.io/qdm12/gluetun:v3.38.0
+        image: ghcr.io/qdm12/gluetun:v3.39.0
         name: gluetun
         securityContext:
           capabilities:
             add:
             - NET_ADMIN
         volumeMounts:

@tparker00 tparker00 merged commit 409cebe into main Aug 11, 2024
5 checks passed
@tparker00 tparker00 deleted the renovate/ghcr.io-qdm12-gluetun-3.x branch August 11, 2024 17:33
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes renovate/container type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tparker00