github trailofbits/algo v2.0.0
Algo VPN 2.0.0
on GitHub

14 days ago

A major release with comprehensive security improvements, performance optimizations, and modernized infrastructure.

🔒 Security Enhancements

  • Certificate Authority constraints (#14811) - Prevents certificate reuse across deployments with unique CA identifiers
  • Refactored PKI management (#14809) - Replaced legacy OpenSSL scripts with Ansible crypto modules for better security and maintainability
  • Prevented sensitive information logging (#14779) - Enhanced privacy by removing sensitive data from logs
  • Modernized WireGuard key management (#14803) - Improved key generation and handling
  • Security-hardened CI/CD (#14769) - Updated GitHub Actions with security best practices
  • Jinja2 security update - Updated to ~3.1.6 for CVE-2025-27516 fix

🚀 Performance Improvements

  • 30-60% faster deployments - Comprehensive performance optimizations throughout the codebase
  • Self-bootstrapping Python environment (#14814) - Automatic uv setup for faster, more reliable installations
  • Optimized cloud-init templates - Reduced startup time for cloud deployments
  • Improved DNS caching - Better performance for DNS queries

🌐 Network and Routing Fixes

  • Fixed multi-homed system routing (#14826) - Proper output interface specification for servers with multiple IPs
  • Fixed iptables NAT rules (#14825) - Resolved VPN traffic routing issues
  • IPv6 WireGuard endpoints (#14780) - Added support for IPv6 addresses in WireGuard configurations
  • BSD IPv6 improvements (#14786) - Fixed address selection on BSD systems
  • DigitalOcean multi-IP handling - Better support for droplets with both public and private IPs

☁️ Cloud Provider Updates

  • Vultr API v2 support (#14773) - Updated to latest Vultr API
  • AWS Lightsail fixes (#14823) - Resolved boto3 parameter issues
  • AWS credentials file support (#14778) - Can now use standard AWS credentials file
  • Azure improvements (#14781, #14774) - Fixed requirements path, updated to collection v3.7.0
  • DigitalOcean cloud-init (#14801) - Fixed compatibility and deprecation warnings
  • Hetzner instance types (#14762) - Switched to globally available types

📚 Documentation Improvements

  • New FAQ: Single cipher suite rationale (#14827, closes #231) - Explains security benefits of our cryptographic choices
  • New FAQ: Censorship circumvention stance (#14827, closes #230) - Clarifies Algo's focus on privacy vs anonymity
  • Windows client guide (#14787) - Comprehensive setup instructions
  • Installation requirements (#14790) - Clarified sudo requirements
  • Grammar and clarity (#14770) - Improved throughout documentation

🔧 Infrastructure and Testing

  • Comprehensive test suite - Added 15+ new test files covering all major components
  • Jinja2 expression validation (#14817) - Detects inline comments that break templates
  • Stricter linting (#14789) - Enhanced code quality with ansible-lint
  • Installation reliability (#14788) - Added timeouts and retry logic
  • OpenSSL 3+ compatibility (#14772) - Fixed PKCS#12 mobileconfig generation

📦 Dependency Updates

  • Ansible 11.9.0 - Latest stable version
  • GitHub Actions - All workflows updated to latest versions
  • Python packaging - Modern setup with uv and pyproject.toml
  • Removed legacy requirements.txt in favor of lockfile

🐛 Bug Fixes

  • Ubuntu 22.04 compatibility issues (#14824)
  • Server selection in update-user script (#14727)
  • SSH tunnel certificate naming (#14771)
  • AWS CloudFormation warnings (#14782)
  • POSIX shell compliance (#14789)

💔 Breaking Changes

  • Python 3.11+ required - Older Python versions no longer supported
  • Certificate constraints - CAs now include deployment-specific constraints
  • Ansible crypto modules - Legacy OpenSSL command usage removed

🎯 Milestone Completion

This release closes the 2.0 milestone with all planned features implemented and tested.

📝 Upgrade Notes

  • Existing Algo servers will continue to work but won't benefit from the new features
  • To use new features, deploy a fresh Algo server (recommended approach)
  • Python environment will self-bootstrap with uv on first run

Algo VPN continues to focus on security through simplicity, providing a personal VPN that "just works" while maintaining the highest security standards.

Special thanks to all contributors who helped make this release possible!

Check out latest releases or
releases around trailofbits/algo v2.0.0

Don't miss a new algo release

NewReleases is sending notifications on new releases.

Get notifications