diff --git a/.golangci.yml b/.golangci.yml
index a0310018..5a5ec970 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -45,6 +45,3 @@ run:
     - .devcontainer
     - .github
     - postgres
-
-service:
-  golangci-lint-version: 1.27.x # use the fixed version to not introduce new linters unexpectedly
diff --git a/Dockerfile b/Dockerfile
index 9e2aeb73..6de4c3bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,110 +1,110 @@
-ARG ALPINE_VERSION=3.12
-ARG GO_VERSION=1.14
-
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
-RUN apk --update add git
-ENV CGO_ENABLED=0
-ARG GOLANGCI_LINT_VERSION=v1.27.0
-RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_LINT_VERSION}
-WORKDIR /tmp/gobuild
-COPY .golangci.yml .
-COPY go.mod go.sum ./
-RUN go mod download 2>&1
-COPY cmd/gluetun/main.go .
-COPY internal/ ./internal/
-RUN go test ./...
-RUN golangci-lint run --timeout=10m
-RUN go build -ldflags="-s -w" -o entrypoint main.go
-
-FROM alpine:${ALPINE_VERSION}
-ARG VERSION
-ARG BUILD_DATE
-ARG VCS_REF
-ENV VERSION=$VERSION \
-    BUILD_DATE=$BUILD_DATE \
-    VCS_REF=$VCS_REF
-LABEL \
-    org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \
-    org.opencontainers.image.created=$BUILD_DATE \
-    org.opencontainers.image.version=$VERSION \
-    org.opencontainers.image.revision=$VCS_REF \
-    org.opencontainers.image.url="https://github.com/qdm12/gluetun" \
-    org.opencontainers.image.documentation="https://github.com/qdm12/gluetun" \
-    org.opencontainers.image.source="https://github.com/qdm12/gluetun" \
-    org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \
-    org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
-ENV VPNSP=pia \
-    PROTOCOL=udp \
-    OPENVPN_VERBOSITY=1 \
-    OPENVPN_ROOT=no \
-    OPENVPN_TARGET_IP= \
-    TZ= \
-    UID=1000 \
-    GID=1000 \
-    IP_STATUS_FILE="/ip" \
-    # PIA, Windscribe, Surfshark, Cyberghost, Vyprvpn, NordVPN, PureVPN only
-    USER= \
-    PASSWORD= \
-    REGION= \
-    # PIA only
-    PIA_ENCRYPTION=strong \
-    PORT_FORWARDING=off \
-    PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
-    # Mullvad and PureVPN only
-    COUNTRY= \
-    CITY= \
-    # Mullvad only
-    ISP= \
-    # Mullvad and Windscribe only
-    PORT= \
-    # Cyberghost only
-    CYBERGHOST_GROUP="Premium UDP Europe" \
-    # NordVPN only
-    SERVER_NUMBER= \
-    # Openvpn
-    OPENVPN_CIPHER= \
-    OPENVPN_AUTH= \
-    # DNS over TLS
-    DOT=on \
-    DOT_PROVIDERS=cloudflare \
-    DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \
-    DOT_VERBOSITY=1 \
-    DOT_VERBOSITY_DETAILS=0 \
-    DOT_VALIDATION_LOGLEVEL=0 \
-    DOT_CACHING=on \
-    DOT_IPV6=off \
-    BLOCK_MALICIOUS=on \
-    BLOCK_SURVEILLANCE=off \
-    BLOCK_ADS=off \
-    UNBLOCK= \
-    DNS_UPDATE_PERIOD=24h \
-    DNS_PLAINTEXT_ADDRESS=1.1.1.1 \
-    DNS_KEEP_NAMESERVER=off \
-    # Firewall
-    FIREWALL=on \
-    EXTRA_SUBNETS= \
-    FIREWALL_VPN_INPUT_PORTS= \
-    FIREWALL_DEBUG=off \
-    # Tinyproxy
-    TINYPROXY=off \
-    TINYPROXY_LOG=Info \
-    TINYPROXY_PORT=8888 \
-    TINYPROXY_USER= \
-    TINYPROXY_PASSWORD= \
-    # Shadowsocks
-    SHADOWSOCKS=off \
-    SHADOWSOCKS_LOG=off \
-    SHADOWSOCKS_PORT=8388 \
-    SHADOWSOCKS_PASSWORD= \
-    SHADOWSOCKS_METHOD=chacha20-ietf-poly1305
-ENTRYPOINT ["/entrypoint"]
-EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp
-HEALTHCHECK --interval=10m --timeout=10s --start-period=30s --retries=2 CMD /entrypoint healthcheck
-RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables ip6tables unbound tinyproxy tzdata && \
-    echo "http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
-    apk add -q --progress --no-cache --update shadowsocks-libev && \
-    rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \
-    deluser openvpn && \
-    deluser tinyproxy && \
-    deluser unbound
-COPY --from=builder /tmp/gobuild/entrypoint /entrypoint
+ARG ALPINE_VERSION=3.12
+ARG GO_VERSION=1.15
+
+FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+RUN apk --update add git
+ENV CGO_ENABLED=0
+ARG GOLANGCI_LINT_VERSION=v1.30.0
+RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_LINT_VERSION}
+WORKDIR /tmp/gobuild
+COPY .golangci.yml .
+COPY go.mod go.sum ./
+RUN go mod download 2>&1
+COPY cmd/gluetun/main.go .
+COPY internal/ ./internal/
+RUN go test ./...
+RUN golangci-lint run --timeout=10m
+RUN go build -trimpath -ldflags="-s -w" -o entrypoint main.go
+
+FROM alpine:${ALPINE_VERSION}
+ARG VERSION
+ARG BUILD_DATE
+ARG VCS_REF
+ENV VERSION=$VERSION \
+    BUILD_DATE=$BUILD_DATE \
+    VCS_REF=$VCS_REF
+LABEL \
+    org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \
+    org.opencontainers.image.created=$BUILD_DATE \
+    org.opencontainers.image.version=$VERSION \
+    org.opencontainers.image.revision=$VCS_REF \
+    org.opencontainers.image.url="https://github.com/qdm12/gluetun" \
+    org.opencontainers.image.documentation="https://github.com/qdm12/gluetun" \
+    org.opencontainers.image.source="https://github.com/qdm12/gluetun" \
+    org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \
+    org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
+ENV VPNSP=pia \
+    PROTOCOL=udp \
+    OPENVPN_VERBOSITY=1 \
+    OPENVPN_ROOT=no \
+    OPENVPN_TARGET_IP= \
+    TZ= \
+    UID=1000 \
+    GID=1000 \
+    IP_STATUS_FILE="/ip" \
+    # PIA, Windscribe, Surfshark, Cyberghost, Vyprvpn, NordVPN, PureVPN only
+    USER= \
+    PASSWORD= \
+    REGION= \
+    # PIA only
+    PIA_ENCRYPTION=strong \
+    PORT_FORWARDING=off \
+    PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
+    # Mullvad and PureVPN only
+    COUNTRY= \
+    CITY= \
+    # Mullvad only
+    ISP= \
+    # Mullvad and Windscribe only
+    PORT= \
+    # Cyberghost only
+    CYBERGHOST_GROUP="Premium UDP Europe" \
+    # NordVPN only
+    SERVER_NUMBER= \
+    # Openvpn
+    OPENVPN_CIPHER= \
+    OPENVPN_AUTH= \
+    # DNS over TLS
+    DOT=on \
+    DOT_PROVIDERS=cloudflare \
+    DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \
+    DOT_VERBOSITY=1 \
+    DOT_VERBOSITY_DETAILS=0 \
+    DOT_VALIDATION_LOGLEVEL=0 \
+    DOT_CACHING=on \
+    DOT_IPV6=off \
+    BLOCK_MALICIOUS=on \
+    BLOCK_SURVEILLANCE=off \
+    BLOCK_ADS=off \
+    UNBLOCK= \
+    DNS_UPDATE_PERIOD=24h \
+    DNS_PLAINTEXT_ADDRESS=1.1.1.1 \
+    DNS_KEEP_NAMESERVER=off \
+    # Firewall
+    FIREWALL=on \
+    EXTRA_SUBNETS= \
+    FIREWALL_VPN_INPUT_PORTS= \
+    FIREWALL_DEBUG=off \
+    # Tinyproxy
+    TINYPROXY=off \
+    TINYPROXY_LOG=Info \
+    TINYPROXY_PORT=8888 \
+    TINYPROXY_USER= \
+    TINYPROXY_PASSWORD= \
+    # Shadowsocks
+    SHADOWSOCKS=off \
+    SHADOWSOCKS_LOG=off \
+    SHADOWSOCKS_PORT=8388 \
+    SHADOWSOCKS_PASSWORD= \
+    SHADOWSOCKS_METHOD=chacha20-ietf-poly1305
+ENTRYPOINT ["/entrypoint"]
+EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp
+HEALTHCHECK --interval=10m --timeout=10s --start-period=30s --retries=2 CMD /entrypoint healthcheck
+RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables ip6tables unbound tinyproxy tzdata && \
+    echo "http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+    apk add -q --progress --no-cache --update shadowsocks-libev && \
+    rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \
+    deluser openvpn && \
+    deluser tinyproxy && \
+    deluser unbound
+COPY --from=builder /tmp/gobuild/entrypoint /entrypoint
diff --git a/go.mod b/go.mod
index 080ded43..7da3b646 100644
--- a/go.mod
+++ b/go.mod
@@ -1,12 +1,12 @@
 module github.com/qdm12/gluetun
 
-go 1.14
+go 1.15
 
 require (
 	github.com/fatih/color v1.9.0
-	github.com/golang/mock v1.4.3
+	github.com/golang/mock v1.4.4
 	github.com/kyokomi/emoji v2.2.4+incompatible
 	github.com/qdm12/golibs v0.0.0-20200712151944-a0325873bf5a
 	github.com/stretchr/testify v1.6.1
-	golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae
+	golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed
 )
diff --git a/go.sum b/go.sum
index 988a76fb..8f73faa9 100644
--- a/go.sum
+++ b/go.sum
@@ -39,6 +39,8 @@ github.com/go-openapi/validate v0.17.0 h1:pqoViQz3YLOGIhAmD0N4Lt6pa/3Gnj3ymKqQwq
 github.com/go-openapi/validate v0.17.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/golang/mock v1.4.3 h1:GV+pQPG/EUUbkh47niozDcADz6go/dUwhVzdUQHIVRw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -92,6 +94,8 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -106,8 +110,8 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ=
+golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=