Routing improvements, multi option filters and bug fixes

Features

• Container ports can now be reached by any IP address coming from your Docker network gateway
• EXTRA_SUBNETS removed (no longer needed)
• Multi options filtering (i.e. -e REGION=Germany,Netherlands)
• HTTP_CONTROL_SERVER_PORT environment variable
• HTTP_CONTROL_SERVER_LOG environment variable
• FIREWALL_INPUT_PORTS environment variable

Improvements

• Using context for HTTP requests for faster shutdown and cleaner behavior
• Do not log healthcheck HTTP requests on HTTP control server

Documentation

• Port forwarding for Mullvad

Code

• Using the Go netlink library to communicate to the Kernel directly to interact with ip routes and rules
• Upgrade all Go dependencies
• Add more linters and fix several lint issues
• VSCode development container configuration updated

Private Internet Access v4 port forwarding

Features

• PIA nextgen v4 port forwarding
• Updater obtains PIA v4 servers information from their API
• Repurpose OPENVPN_TARGET_IP for #229

Fixes

• Fix updater guard pattern for cyberghost and pia v3
  (#257)

Design changes

• Single connection written to openvpn configuration
• Improve timing behavior of ticking in loops

Persistent servers information and Nextgen pia servers support

Features

• Nextgen (v4) Private Internet Access support (set to default provider)
• Persistent servers information
• CLI servers information updating mechanism for all VPN providers
• Optional periodic servers information updating mechanism for all VPN providers
• Get and log newer version available at container start, once tunnel and DNS over TLS is ready
• Hardcoded servers information updated
• Configurable IPv6 tunneling for Mullvad, disabled by default

Code maintenance

• Fix and cleaner exiting logic
• Build information written to Go binary instead of Dockerfile environment variables
• Healthcheck endpoint moved to HTTP control server
• Clear up log messages from DNS over TLS
• Main entrypoint file main.go simplified

Shadowsocks in Go

• Shadowsocks in-house implementation in Go
• Default status files are written to /tmp/gluetun
• Updates to PIA servers list

Fix Shadowsocks CPU cycles bad eating habits

v3.2.0-rc2

Fix SS CPU cycles bad eating habits (#211)

Shadowsocks in Go

v3.2.0-rc1

Fix SS TCP relay error handling

Add support for PureVPN and bug fixes

Macroscopic changes

• PureVPN support
• Fix usage of plaintext DNS #199
• All server location related variables act like optional filters
• Add FIREWALL_VPN_INPUT_PORTS for Vyprvpn port forwarding
• Openvpn get settings HTTP route
• Get port forwarded HTTP route

Microscopic changes

• Fix fatalOnError function behavior
• Better uniformized server filtering for all VPN providers
• Update PIA IP addresses
• Firewall simplifications
• Only get default route and local subnet once at start

Fix fatal error when update period(s) set to 0 to disable periodic operation

• See #199
• Fix for the cases when DNS_UPDATE_PERIOD=0 and/or PUBLICIP_PERIOD=0

v3.0.0 Stable Go release

There should not be any breaking changes between :v2 and v3.0.0.

Future releases will be made more often using the version semantic: vA.B.C where:

• A increment means incompatibility with the previous A release usability ⚠️
• B increment means new feature only 🎉
• C increment means a bug fix 🐛

This release has the following:

• Support for PIA, Windscribe, Mullvad, NordVPN, Surfshark, Cyberghost, VyprVPN and NordVPN
• Based on Alpine 3.12 with more recent versions of subprocesses programs (iptables, tinyproxy, shadowsocks, unbound, openvpn)
• Robust resistance to failure
• Using Github actions to build Docker images compatible with several CPU architectures (arm, amd64, etc.)
• Built in HTTP control server to restart openvpn and/or unbound
• Periodic update of DNS block lists (optional)

On the development side:

• All subprocesses run in 'loops' with restart possibility, each loop keeping stateful settings
• Github actions as CI
• Tool programs in cmd/ directory

Stable Go based release (PIA only)

Total rewrite of the entrypoint in Go

• Choice to block ads, malicious and surveillance at the DNS level
• All program output streams are merged (openvpn, unbound, shadowsocks, tinyproxy, etc.)
• Choice of DNS over TLS provider(s)
• Possibility of split horizon DNS by selecting multiple DNS over TLS providers
• Download block lists and cryptographic files at start instead of at build time
• Can work as a Kubernetes sidecar container, thanks @rorph
• Pick a random region if no region is given, thanks @rorph