github tprasadtp/protonvpn-docker 7.0.0

latest releases: 7.5.3, 7.5.2, 7.5.1...
19 months ago

🎉 New Features 🎉

  • Drops OpenVPN support and use WireGuard 🎉 (Closes #72)
  • Ability to provide private key via podman secrets, systemd credentials and env variable.
    This should (also close #182).
  • Adds support for systemd-resolved integration.
  • Adds systemd status, watchdog and notify support. (Closes #111)
  • New option to disable healthchecks via cli flag and environment variable.

🔥 New Experimental Features 🔥

Warning

Experimental features are not covered by semver compatibility guarantees.

  • Add kill-switch support via ip routing rules. This does not make use
    of ufw/iptable/nftables. This uses routing policy to create a sinkhole routing table which blocks all
    internet bound outgoing connections. More specifically, this blocks all subnets specified via
    PROTONVPN_ALLOWED_SUBNETS_IPV4 and PROTONVPN_ALLOWED_SUBNETS_IPV6 You don't need to tweak these two
    env variables unless required, sane defaults are used if not specified. (Closes #122)
  • For IPv6 only networks and networks with custom routing requirements, where default excluded routes
    are not suffiecient, one can overrride PROTONVPN_ALLOWED_SUBNETS_IPV4 and PROTONVPN_ALLOWED_SUBNETS_IPV6.
    Both use use comma separated list of CIDRS.

⚠️ Breaking Changes ⚠️

  • Removes support for PROTONVPN_EXCLUDE_CIDRS as protonwire will exclude IPV4 addresses from Special-Purpose Address Registry and non-routable IPv6 addresses from being routed over VPN by default. (Closes #146, #141, #176)
  • PROTONVPN_SERVER no longer supports automatic server selection shortcuts. P2P, SECURE_CORE, RANDOM etc. Use a server which is best suitable for you. You can perform client side validations whether a server supports a required features like secure core
    via set of flags documented in README. Set PROTONVPN_SERVER to server name like NL#1 or DNS name nl-free-127.protonvpn.net
  • Drops upstream protonvpn cli from docker images.
  • Due to changes introduced by ProtonVPN API automatic server selection
    is no longer supported. You can add --p2p, --streaming, --tor
    --country flag to enable client side validation of server features, but
    client can no longer select the "best" server as its variable and non-deterministic, depending on
    like server load, client IP and client latency and this cannot be supported.
    This closes #174, and also #161 as partially resolved.
  • Uses smaller alpine base image. (This also Closes #109 as ping is now included via busybox)

🐛 Bug Fixes 🐛

  • Document ability to disable healthchecks. (Closes #104)
  • Document healthcheck command (Closes #152).
  • Add ping command to docker images. This is more of a side effect due to busybox bundling ping command,
    nevertheless closes #109.
  • Document usage with podman. (Closes #111)
  • Use custom API for fetching server metadata. (Should close #126,)
  • Change docs to use port instead of expose. (Closes #146, #105).

🚧 Known Issues 🚧

  • Port forwarding is unsupported.
    Reverts #179, as static port forwarding is not supported by ProtonVPN and alpine
    repositories do not contain natpmpc. Thus, #125 (and its duplicate #142), is still unresolved.
    (@Ludofloria, if there are alternatives for natpmpc on alipine feel free to submit a PR!)
  • If you assigned routes manually via ip route, those routes may bypass killswitch!

Don't miss a new protonvpn-docker release

NewReleases is sending notifications on new releases.