PIA port forwarding final fixes (#259 )

- Returns an error if the server does not support port forwarding - TLS verification using the server common name obtained through the API - Updated readme - Fixes #236
Improve timing behavior of ticking in loops
2020-10-15 22:53:13 -04:00 · 2020-10-15 23:20:36 +00:00 · 2020-10-12 20:21:26 +00:00 · 2020-10-12 19:34:36 +00:00 · 2020-10-12 15:29:58 -04:00 · 2020-10-12 13:57:45 -04:00
185 changed files with 19866 additions and 3587 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,13 +1,17 @@
 {
    "name": "pia-dev",
-    "dockerComposeFile": ["docker-compose.yml"],
+    "dockerComposeFile": [
        "docker-compose.yml"
    ],
    "service": "vscode",
-    "runServices": ["vscode"],
+    "runServices": [
        "vscode"
    ],
    "shutdownAction": "stopCompose",
-    // "postCreateCommand": "go mod download",
+    "postCreateCommand": "go mod download",
    "workspaceFolder": "/workspace",
    "extensions": [
-        "ms-vscode.go",
+        "golang.go",
        "IBM.output-colorizer",
        "eamodio.gitlens",
        "mhutchie.git-graph",
@@ -38,10 +42,54 @@
            "deepCompletion": true,
            "usePlaceholders": false
        },
        "go.lintTool": "golangci-lint",
        "go.lintFlags": [
            "--fast",
            "--enable",
            "staticcheck",
            "--enable",
            "bodyclose",
            "--enable",
            "dogsled",
            "--enable",
            "gochecknoglobals",
            "--enable",
            "gochecknoinits",
            "--enable",
            "gocognit",
            "--enable",
            "goconst",
            "--enable",
            "gocritic",
            "--enable",
            "gocyclo",
            "--enable",
            "golint",
            "--enable",
            "gosec",
            "--enable",
            "interfacer",
            "--enable",
            "maligned",
            "--enable",
            "misspell",
            "--enable",
            "nakedret",
            "--enable",
            "prealloc",
            "--enable",
            "scopelint",
            "--enable",
            "unconvert",
            "--enable",
            "unparam",
            "--enable",
            "whitespace"
        ],
        // Golang on save
-        "go.buildOnSave": "package",
+        "go.buildOnSave": "workspace",
-        "go.lintOnSave": "package",
+        "go.lintOnSave": "workspace",
-        "go.vetOnSave": "package",
+        "go.vetOnSave": "workspace",
        "editor.formatOnSave": true,
        "[go]": {
            "editor.codeActionsOnSave": {
@@ -56,7 +104,12 @@
            "GOFLAGS": "-tags=integration"
        },
        "go.testEnvVars": {},
-        "go.testFlags": ["-v"],
+        "go.testFlags": [
-        "go.testTimeout": "600s"
+            "-v",
            // "-race"
        ],
        "go.testTimeout": "600s",
        "go.coverOnSingleTestFile": true,
        "go.coverOnSingleTest": true
    }
 }
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,10 +1,11 @@
 .devcontainer
 .git
 .github
 .vscode
-readme
+cmd
-.gitignore
+!cmd/gluetun
-.travis.yml
+doc
 ci.sh
 docker-compose.yml
 LICENSE
 README.md
-Dockerfile
+title.svg
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
@qdm12
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,29 @@
 # Contributing
 Contributions are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [open source license of this project](../LICENSE).
 ## Submitting a pull request
 1. [Fork](https://github.com/qdm12/gluetun/fork) and clone the repository
 1. Create a new branch `git checkout -b my-branch-name`
 1. Modify the code
 1. Ensure the docker build succeeds `docker build .`
 1. Commit your modifications
 1. Push to your fork and [submit a pull request](https://github.com/qdm12/gluetun/compare)
 ## Resources
 - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
 ## Contributors
 Thanks for all the contributions, whether small or not so small!
 - [@JeordyR](https://github.com/JeordyR) for testing the Mullvad version and opening a [PR with a few fixes](https://github.com/qdm12/gluetun/pull/84/files) 👍
 - [@rorph](https://github.com/rorph) for a [PR to pick a random region for PIA](https://github.com/qdm12/gluetun/pull/70) and a [PR to make the container work with kubernetes](https://github.com/qdm12/gluetun/pull/69)
 - [@JesterEE](https://github.com/JesterEE) for a [PR to fix silly line endings in block lists back then](https://github.com/qdm12/gluetun/pull/55) 📎
 - [@elmerfdz](https://github.com/elmerfdz) for a [PR to add timezone information to have correct log timestampts](https://github.com/qdm12/gluetun/pull/51) 🕙
 - [@Juggels](https://github.com/Juggels) for a [PR to write the PIA forwarded port to a file](https://github.com/qdm12/gluetun/pull/43)
 - [@gdlx](https://github.com/gdlx) for a [PR to fix and improve PIA port forwarding script](https://github.com/qdm12/gluetun/pull/32)
 - [@janaz](https://github.com/janaz) for keeping an eye on [updating things in the Dockerfile](https://github.com/qdm12/gluetun/pull/8)
--- a/.github/ISSUE_TEMPLATE/bug.md
+++ b/.github/ISSUE_TEMPLATE/bug.md
@@ -0,0 +1,55 @@
 ---
 name: Bug
 about: Report a bug
 title: 'Bug: ...'
 labels: ":bug: bug"
 assignees: qdm12
 ---
 **TLDR**: *Describe your issue in a one liner here*
 1. Is this urgent?
    - [ ] Yes
    - [x] No
 2. What VPN service provider are you using?
    - [x] PIA
    - [ ] Mullvad
    - [ ] Windscribe
    - [ ] Surfshark
    - [ ] Cyberghost
 3. What's the version of the program?
    **See the line at the top of your logs**
    `Running version latest built on 2020-03-13T01:30:06Z (commit d0f678c)`
 4. What are you using to run the container?
    - [ ] Docker run
    - [x] Docker Compose
    - [ ] Kubernetes
    - [ ] Docker stack
    - [ ] Docker swarm
    - [ ] Podman
    - [ ] Other:
 5. Extra information
 Logs:
 ```log
 ```
 Configuration file:
 ```yml
 ```
 Host OS:
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,14 @@
 ---
 name: Feature request
 about: Suggest a feature to add to this project
 title: 'Feature request: ...'
 labels: ":bulb: feature request"
 assignees: qdm12
 ---
 1. What's the feature?
 2. Why do you need this feature?
 3. Extra information?
--- a/.github/ISSUE_TEMPLATE/help.md
+++ b/.github/ISSUE_TEMPLATE/help.md
@@ -0,0 +1,55 @@
 ---
 name: Help
 about: Ask for help
 title: 'Help: ...'
 labels: ":pray: help wanted"
 assignees:
 ---
 **TLDR**: *Describe your issue in a one liner here*
 1. Is this urgent?
    - [ ] Yes
    - [x] No
 2. What VPN service provider are you using?
    - [x] PIA
    - [ ] Mullvad
    - [ ] Windscribe
    - [ ] Surfshark
    - [ ] Cyberghost
 3. What's the version of the program?
    **See the line at the top of your logs**
    `Running version latest built on 2020-03-13T01:30:06Z (commit d0f678c)`
 4. What are you using to run the container?
    - [ ] Docker run
    - [x] Docker Compose
    - [ ] Kubernetes
    - [ ] Docker stack
    - [ ] Docker swarm
    - [ ] Podman
    - [ ] Other:
 5. Extra information
 Logs:
 ```log
 ```
 Configuration file:
 ```yml
 ```
 Host OS:
--- a/.github/labels.yml
+++ b/.github/labels.yml
@@ -0,0 +1,51 @@
 - name: ":robot: bot"
  color: "69cde9"
  description: ""
 - name: ":bug: bug"
  color: "b60205"
  description: ""
 - name: ":game_die: dependencies"
  color: "0366d6"
  description: ""
 - name: ":memo: documentation"
  color: "c5def5"
  description: ""
 - name: ":busts_in_silhouette: duplicate"
  color: "cccccc"
  description: ""
 - name: ":sparkles: enhancement"
  color: "0054ca"
  description: ""
 - name: ":bulb: feature request"
  color: "0e8a16"
  description: ""
 - name: ":mega: feedback"
  color: "03a9f4"
  description: ""
 - name: ":rocket: future maybe"
  color: "fef2c0"
  description: ""
 - name: ":hatching_chick: good first issue"
  color: "7057ff"
  description: ""
 - name: ":pray: help wanted"
  color: "4caf50"
  description: ""
 - name: ":hand: hold"
  color: "24292f"
  description: ""
 - name: ":no_entry_sign: invalid"
  color: "e6e6e6"
  description: ""
 - name: ":interrobang: maybe bug"
  color: "ff5722"
  description: ""
 - name: ":thinking: needs more info"
  color: "795548"
  description: ""
 - name: ":question: question"
  color: "3f51b5"
  description: ""
 - name: ":coffin: wontfix"
  color: "ffffff"
  description: ""
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,34 @@
 name: Docker build
 on:
  pull_request:
    branches: [master]
    paths-ignore:
      - .devcontainer
      - .github/ISSUE_TEMPLATE
      - .github/workflows/buildx-release.yml
      - .github/workflows/buildx-branch.yml
      - .github/workflows/buildx-latest.yml
      - .github/workflows/dockerhub-description.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
      - .github/CODEOWNERS
      - .github/CONTRIBUTING.md
      - .github/FUNDING.yml
      - .github/labels.yml
      - .vscode
      - cmd/ovpnparser
      - cmd/resolver
      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
      - README.md
      - title.svg
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Build image
        run: docker build .
--- a/.github/workflows/buildx-branch.yml
+++ b/.github/workflows/buildx-branch.yml
@@ -0,0 +1,50 @@
 name: Buildx branch
 on:
  push:
    branches:
      - '*'
      - '*/*'
      - '!master'
    paths-ignore:
      - .devcontainer
      - .github/ISSUE_TEMPLATE
      - .github/workflows/build.yml
      - .github/workflows/buildx-release.yml
      - .github/workflows/buildx-latest.yml
      - .github/workflows/dockerhub-description.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
      - .github/CODEOWNERS
      - .github/CONTRIBUTING.md
      - .github/FUNDING.yml
      - .github/labels.yml
      - .vscode
      - cmd/ovpnparser
      - cmd/resolver
      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
      - README.md
      - title.svg
 jobs:
  buildx:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Buildx setup
        uses: crazy-max/ghaction-docker-buildx@v1
      - name: Dockerhub login
        run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u qmcgaw --password-stdin 2>&1
      - name: Run Buildx
        run: |
          docker buildx build \
            --progress plain \
            --platform=linux/amd64 \
            --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
            --build-arg COMMIT=`git rev-parse --short HEAD` \
            --build-arg VERSION=${GITHUB_REF##*/} \
            -t qmcgaw/private-internet-access:${GITHUB_REF##*/} \
            --push \
            .
      - run: curl -X POST https://hooks.microbadger.com/images/qmcgaw/private-internet-access/tQFy7AxtSUNANPe6aoVChYdsI_I= || exit 0
--- a/.github/workflows/buildx-latest.yml
+++ b/.github/workflows/buildx-latest.yml
@@ -0,0 +1,47 @@
 name: Buildx latest
 on:
  push:
    branches: [master]
    paths-ignore:
      - .devcontainer
      - .github/ISSUE_TEMPLATE
      - .github/workflows/build.yml
      - .github/workflows/buildx-branch.yml
      - .github/workflows/buildx-release.yml
      - .github/workflows/dockerhub-description.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
      - .github/CODEOWNERS
      - .github/CONTRIBUTING.md
      - .github/FUNDING.yml
      - .github/labels.yml
      - .vscode
      - cmd/ovpnparser
      - cmd/resolver
      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
      - README.md
      - title.svg
 jobs:
  buildx:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Buildx setup
        uses: crazy-max/ghaction-docker-buildx@v1
      - name: Dockerhub login
        run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u qmcgaw --password-stdin 2>&1
      - name: Run Buildx
        run: |
          docker buildx build \
            --progress plain \
            --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6 \
            --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
            --build-arg COMMIT=`git rev-parse --short HEAD` \
            --build-arg VERSION=latest \
            -t qmcgaw/private-internet-access:latest \
            --push \
            .
      - run: curl -X POST https://hooks.microbadger.com/images/qmcgaw/private-internet-access/tQFy7AxtSUNANPe6aoVChYdsI_I= || exit 0
--- a/.github/workflows/buildx-release.yml
+++ b/.github/workflows/buildx-release.yml
@@ -0,0 +1,47 @@
 name: Buildx release
 on:
  release:
    types: [published]
    paths-ignore:
      - .devcontainer
      - .github/ISSUE_TEMPLATE
      - .github/workflows/build.yml
      - .github/workflows/buildx-branch.yml
      - .github/workflows/buildx-latest.yml
      - .github/workflows/dockerhub-description.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
      - .github/CODEOWNERS
      - .github/CONTRIBUTING.md
      - .github/FUNDING.yml
      - .github/labels.yml
      - .vscode
      - cmd/ovpnparser
      - cmd/resolver
      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
      - README.md
      - title.svg
 jobs:
  buildx:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Buildx setup
        uses: crazy-max/ghaction-docker-buildx@v1
      - name: Dockerhub login
        run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u qmcgaw --password-stdin 2>&1
      - name: Run Buildx
        run: |
          docker buildx build \
            --progress plain \
            --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6 \
            --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
            --build-arg COMMIT=`git rev-parse --short HEAD` \
            --build-arg VERSION=${GITHUB_REF##*/} \
            -t qmcgaw/private-internet-access:${GITHUB_REF##*/} \
            --push \
            .
      - run: curl -X POST https://hooks.microbadger.com/images/qmcgaw/private-internet-access/tQFy7AxtSUNANPe6aoVChYdsI_I= || exit 0
--- a/.github/workflows/dockerhub-description.yml
+++ b/.github/workflows/dockerhub-description.yml
@@ -0,0 +1,19 @@
 name: Docker Hub description
 on:
  push:
    branches: [master]
    paths:
      - README.md
      - .github/workflows/dockerhub-description.yml
 jobs:
  dockerHubDescription:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Docker Hub Description
        uses: peter-evans/dockerhub-description@v2.1.0
        env:
          DOCKERHUB_USERNAME: qmcgaw
          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
          DOCKERHUB_REPOSITORY: qmcgaw/private-internet-access
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -0,0 +1,18 @@
 name: labels
 on:
  push:
    branches: ["master"]
    paths:
      - '.github/labels.yml'
      - '.github/workflows/labels.yml'
 jobs:
  labeler:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Labeler
        if: success()
        uses: crazy-max/ghaction-github-labeler@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/misspell.yml
+++ b/.github/workflows/misspell.yml
@@ -0,0 +1,16 @@
 name: Misspells
 on:
  pull_request:
    branches: [master]
  push:
    branches: [master]
 jobs:
  misspell:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: reviewdog/action-misspell@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          locale: "US"
          level: error
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,47 @@
 linters-settings:
  maligned:
    suggest-new: true
  misspell:
    locale: US
 linters:
  disable-all: true
  enable:
    - bodyclose
    - deadcode
    - dogsled
    - dupl
    - errcheck
    - gochecknoglobals
    - gochecknoinits
    - gocognit
    - goconst
    - gocritic
    - gocyclo
    - goimports
    - golint
    - gosec
    - gosimple
    - govet
    - ineffassign
    - interfacer
    - maligned
    - misspell
    - nakedret
    - prealloc
    - rowserrcheck
    - scopelint
    - staticcheck
    - structcheck
    - typecheck
    - unconvert
    - unparam
    - unused
    - varcheck
    - whitespace
 run:
  skip-dirs:
    - .devcontainer
    - .github
    - postgres
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,20 +0,0 @@
 dist: xenial
 sudo: required
 git:
  quiet: true
  depth: 1
 env:
  global:
    - DOCKER_REPO=qmcgaw/private-internet-access
 before_install:
  - curl -fsSL https://get.docker.com | sh
  - echo '{"experimental":"enabled"}' | sudo tee /etc/docker/daemon.json
  - mkdir -p $HOME/.docker
  - echo '{"experimental":"enabled"}' | sudo tee $HOME/.docker/config.json
  - sudo service docker start
 install:
  - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
  - docker buildx create --name xbuilder --use
 script: bash ci.sh
 after_success:
  - curl -X POST https://hooks.microbadger.com/images/$DOCKER_REPO/tQFy7AxtSUNANPe6aoVChYdsI_I= || exit 0
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -3,6 +3,7 @@
        "shardulm94.trailing-spaces",
        "ms-azuretools.vscode-docker",
        "davidanson.vscode-markdownlint",
-        "IBM.output-colorizer"
+        "IBM.output-colorizer",
        "golang.go"
    ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,91 @@
 {
    // General settings
    "files.eol": "\n",
    // Docker
    "remote.extensionKind": {
        "ms-azuretools.vscode-docker": "workspace"
    },
    // Golang general settings
    "go.useLanguageServer": true,
    "go.autocompleteUnimportedPackages": true,
    "go.gotoSymbol.includeImports": true,
    "go.gotoSymbol.includeGoroot": true,
    "gopls": {
        "completeUnimported": true,
        "deepCompletion": true,
        "usePlaceholders": false
    },
    "go.lintTool": "golangci-lint",
    "go.lintFlags": [
        "--fast",
        "--enable",
        "rowserrcheck",
        "--enable",
        "bodyclose",
        "--enable",
        "dogsled",
        "--enable",
        "dupl",
        "--enable",
        "gochecknoglobals",
        "--enable",
        "gochecknoinits",
        "--enable",
        "gocognit",
        "--enable",
        "goconst",
        "--enable",
        "gocritic",
        "--enable",
        "gocyclo",
        "--enable",
        "goimports",
        "--enable",
        "golint",
        "--enable",
        "gosec",
        "--enable",
        "interfacer",
        "--enable",
        "maligned",
        "--enable",
        "misspell",
        "--enable",
        "nakedret",
        "--enable",
        "prealloc",
        "--enable",
        "scopelint",
        "--enable",
        "unconvert",
        "--enable",
        "unparam",
        "--enable",
        "whitespace"
    ],
    // Golang on save
    "go.buildOnSave": "workspace",
    "go.lintOnSave": "workspace",
    "go.vetOnSave": "workspace",
    "editor.formatOnSave": true,
    "[go]": {
        "editor.codeActionsOnSave": {
            "source.organizeImports": true
        }
    },
    // Golang testing
    "go.toolsEnvVars": {
        "GOFLAGS": "-tags="
    },
    "gopls.env": {
        "GOFLAGS": "-tags="
    },
    "go.testEnvVars": {},
    "go.testFlags": [
        "-v",
        // "-race"
    ],
    "go.testTimeout": "600s",
    "go.coverOnSingleTestFile": true,
    "go.coverOnSingleTest": true
 }
--- a/189
+++ b/189
@@ -1,71 +1,118 @@
-ARG ALPINE_VERSION=3.11
+ARG ALPINE_VERSION=3.12
-ARG GO_VERSION=1.13.7
+ARG GO_VERSION=1.15
-
+
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
-RUN apk --update add git
+RUN apk --update add git
-WORKDIR /tmp/gobuild
+ENV CGO_ENABLED=0
-ENV CGO_ENABLED=0
+ARG GOLANGCI_LINT_VERSION=v1.31.0
-COPY go.mod go.sum ./
+RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_LINT_VERSION}
-RUN go mod download 2>&1
+WORKDIR /tmp/gobuild
-COPY internal/ ./internal/
+COPY .golangci.yml .
-COPY cmd/main.go .
+COPY go.mod go.sum ./
-RUN go test ./...
+RUN go mod download
-RUN go build -ldflags="-s -w" -o entrypoint main.go
+ARG VERSION=unknown
-
+ARG BUILD_DATE="an unknown date"
-FROM alpine:${ALPINE_VERSION}
+ARG COMMIT=unknown
-ARG VERSION
+COPY cmd/gluetun/main.go .
-ARG BUILD_DATE
+COPY internal/ ./internal/
-ARG VCS_REF
+RUN go test ./...
-ENV VERSION=$VERSION \
+RUN golangci-lint run --timeout=10m
-    BUILD_DATE=$BUILD_DATE \
+RUN go build -trimpath -ldflags="-s -w \
-    VCS_REF=$VCS_REF
+-X 'main.version=$VERSION' \
-LABEL \
+-X 'main.buildDate=$BUILD_DATE' \
-    org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \
+-X 'main.commit=$COMMIT' \
-    org.opencontainers.image.created=$BUILD_DATE \
+" -o entrypoint main.go
-    org.opencontainers.image.version=$VERSION \
+
-    org.opencontainers.image.revision=$VCS_REF \
+FROM alpine:${ALPINE_VERSION}
-    org.opencontainers.image.url="https://github.com/qdm12/private-internet-access-docker" \
+ARG VERSION=unknown
-    org.opencontainers.image.documentation="https://github.com/qdm12/private-internet-access-docker" \
+ARG BUILD_DATE="an unknown date"
-    org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \
+ARG COMMIT=unknown
-    org.opencontainers.image.title="PIA client" \
+LABEL \
-    org.opencontainers.image.description="VPN client to tunnel to private internet access servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
+    org.opencontainers.image.authors="quentin.mcgaw@gmail.com" \
-ENV USER= \
+    org.opencontainers.image.created=$BUILD_DATE \
-    PASSWORD= \
+    org.opencontainers.image.version=$VERSION \
-    ENCRYPTION=strong \
+    org.opencontainers.image.revision=$COMMIT \
-    PROTOCOL=udp \
+    org.opencontainers.image.url="https://github.com/qdm12/gluetun" \
-    REGION="CA Montreal" \
+    org.opencontainers.image.documentation="https://github.com/qdm12/gluetun" \
-    DOT=on \
+    org.opencontainers.image.source="https://github.com/qdm12/gluetun" \
-    DOT_PROVIDERS=cloudflare \
+    org.opencontainers.image.title="VPN client for PIA, Mullvad, Windscribe, Surfshark and Cyberghost" \
-    DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \
+    org.opencontainers.image.description="VPN client to tunnel to PIA, Mullvad, Windscribe, Surfshark and Cyberghost servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
-    DOT_VERBOSITY=1 \
+ENV VPNSP=pia \
-    DOT_VERBOSITY_DETAILS=0 \
+    VERSION_INFORMATION=on \
-    DOT_VALIDATION_LOGLEVEL=0 \
+    PROTOCOL=udp \
-    DOT_CACHING=on \
+    OPENVPN_VERBOSITY=1 \
-    BLOCK_MALICIOUS=on \
+    OPENVPN_ROOT=no \
-    BLOCK_SURVEILLANCE=off \
+    OPENVPN_TARGET_IP= \
-    BLOCK_ADS=off \
+    OPENVPN_IPV6=off \
-    UNBLOCK= \
+    TZ= \
-    EXTRA_SUBNETS= \
+    UID=1000 \
-    PORT_FORWARDING=off \
+    GID=1000 \
-    PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
+    IP_STATUS_FILE="/tmp/gluetun/ip" \
-    TINYPROXY=off \
+    # PIA, Windscribe, Surfshark, Cyberghost, Vyprvpn, NordVPN, PureVPN only
-    TINYPROXY_LOG=Info \
+    USER= \
-    TINYPROXY_PORT=8888 \
+    PASSWORD= \
-    TINYPROXY_USER= \
+    REGION= \
-    TINYPROXY_PASSWORD= \
+    # PIA only
-    SHADOWSOCKS=off \
+    PIA_ENCRYPTION=strong \
-    SHADOWSOCKS_LOG=on \
+    PORT_FORWARDING=off \
-    SHADOWSOCKS_PORT=8388 \
+    PORT_FORWARDING_STATUS_FILE="/tmp/gluetun/forwarded_port" \
-    SHADOWSOCKS_PASSWORD= \
+    # Mullvad and PureVPN only
-    TZ=
+    COUNTRY= \
-ENTRYPOINT /entrypoint
+    CITY= \
-EXPOSE 8888/tcp 8388/tcp 8388/udp
+    # Mullvad only
-HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /entrypoint healthcheck
+    ISP= \
-RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables unbound tinyproxy tzdata && \
+    # Mullvad and Windscribe only
-    echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+    PORT= \
-    apk add -q --progress --no-cache --update shadowsocks-libev && \
+    # Cyberghost only
-    rm -rf /*.zip /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-anchor /usr/sbin/unbound-checkconf /usr/sbin/unbound-control /usr/sbin/unbound-control-setup /usr/sbin/unbound-host /etc/tinyproxy/tinyproxy.conf && \
+    CYBERGHOST_GROUP="Premium UDP Europe" \
-    adduser nonrootuser -D -H --uid 1000 && \
+    # NordVPN only
-    chown nonrootuser -R /etc/unbound /etc/tinyproxy && \
+    SERVER_NUMBER= \
-    chmod 700 /etc/unbound /etc/tinyproxy
+    # Openvpn
-COPY --from=builder --chown=1000:1000 /tmp/gobuild/entrypoint /entrypoint
+    OPENVPN_CIPHER= \
    OPENVPN_AUTH= \
    # DNS over TLS
    DOT=on \
    DOT_PROVIDERS=cloudflare \
    DOT_PRIVATE_ADDRESS=127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:0:0/96 \
    DOT_VERBOSITY=1 \
    DOT_VERBOSITY_DETAILS=0 \
    DOT_VALIDATION_LOGLEVEL=0 \
    DOT_CACHING=on \
    DOT_IPV6=off \
    BLOCK_MALICIOUS=on \
    BLOCK_SURVEILLANCE=off \
    BLOCK_ADS=off \
    UNBLOCK= \
    DNS_UPDATE_PERIOD=24h \
    DNS_PLAINTEXT_ADDRESS=1.1.1.1 \
    DNS_KEEP_NAMESERVER=off \
    # Firewall
    FIREWALL=on \
    EXTRA_SUBNETS= \
    FIREWALL_VPN_INPUT_PORTS= \
    FIREWALL_DEBUG=off \
    # Tinyproxy
    TINYPROXY=off \
    TINYPROXY_LOG=Info \
    TINYPROXY_PORT=8888 \
    TINYPROXY_USER= \
    TINYPROXY_PASSWORD= \
    # Shadowsocks
    SHADOWSOCKS=off \
    SHADOWSOCKS_LOG=off \
    SHADOWSOCKS_PORT=8388 \
    SHADOWSOCKS_PASSWORD= \
    SHADOWSOCKS_METHOD=chacha20-ietf-poly1305 \
    UPDATER_PERIOD=0
 ENTRYPOINT ["/entrypoint"]
 EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp
 HEALTHCHECK --interval=10m --timeout=10s --start-period=30s --retries=2 CMD /entrypoint healthcheck
 RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables ip6tables unbound tinyproxy tzdata && \
    rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \
    deluser openvpn && \
    deluser tinyproxy && \
    deluser unbound && \
    mkdir /gluetun
 # TODO remove once SAN is added to PIA servers certificates, see https://github.com/pia-foss/manual-connections/issues/10
 ENV GODEBUG=x509ignoreCN=0
 COPY --from=builder /tmp/gobuild/entrypoint /entrypoint
--- a/README.md
+++ b/README.md
@@ -1,173 +1,285 @@
-# Private Internet Access Client
+# Gluetun VPN client
-*Lightweight swiss-knife-like VPN client to tunnel to private internet access servers, using OpenVPN, iptables, DNS over TLS, ShadowSocks, Tinyproxy and more*
+*Lightweight swiss-knife-like VPN client to tunnel to Private Internet Access,
 Mullvad, Windscribe, Surfshark Cyberghost, VyprVPN, NordVPN and PureVPN VPN servers, using Go, OpenVPN,
 iptables, DNS over TLS, ShadowSocks and Tinyproxy*
-**ANNOUCEMENT**: *Total rewrite in Go: see the new features [below](#Features)* (in case something break use the image with tag `:old`)
+**ANNOUNCEMENT**: *Github Wiki reworked*
-<a href="https://hub.docker.com/r/qmcgaw/private-internet-access">
+<img height="250" src="https://raw.githubusercontent.com/qdm12/gluetun/master/title.svg?sanitize=true">
    <img width="100%" height="320" src="https://raw.githubusercontent.com/qdm12/private-internet-access-docker/master/title.svg?sanitize=true">
 </a>
-[![Build Status](https://travis-ci.org/qdm12/private-internet-access-docker.svg?branch=master)](https://travis-ci.org/qdm12/private-internet-access-docker)
+[![Build status](https://github.com/qdm12/gluetun/workflows/Buildx%20latest/badge.svg)](https://github.com/qdm12/gluetun/actions?query=workflow%3A%22Buildx+latest%22)
 [![Docker Pulls](https://img.shields.io/docker/pulls/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
 [![Docker Stars](https://img.shields.io/docker/stars/qmcgaw/private-internet-access.svg)](https://hub.docker.com/r/qmcgaw/private-internet-access)
-[![GitHub last commit](https://img.shields.io/github/last-commit/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
+[![GitHub last commit](https://img.shields.io/github/last-commit/qdm12/gluetun.svg)](https://github.com/qdm12/gluetun/issues)
-[![GitHub commit activity](https://img.shields.io/github/commit-activity/y/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
+[![GitHub commit activity](https://img.shields.io/github/commit-activity/y/qdm12/gluetun.svg)](https://github.com/qdm12/gluetun/issues)
-[![GitHub issues](https://img.shields.io/github/issues/qdm12/private-internet-access-docker.svg)](https://github.com/qdm12/private-internet-access-docker/issues)
+[![GitHub issues](https://img.shields.io/github/issues/qdm12/gluetun.svg)](https://github.com/qdm12/gluetun/issues)
 [![Image size](https://images.microbadger.com/badges/image/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
 [![Image version](https://images.microbadger.com/badges/version/qmcgaw/private-internet-access.svg)](https://microbadger.com/images/qmcgaw/private-internet-access)
 [![Join Slack channel](https://img.shields.io/badge/slack-@qdm12-yellow.svg?logo=slack)](https://join.slack.com/t/qdm12/shared_invite/enQtOTE0NjcxNTM1ODc5LTYyZmVlOTM3MGI4ZWU0YmJkMjUxNmQ4ODQ2OTAwYzMxMTlhY2Q1MWQyOWUyNjc2ODliNjFjMDUxNWNmNzk5MDk)
-<details><summary>Click to show base components</summary><p>
+## Videos
- [Alpine 3.11](https://alpinelinux.org) for a tiny image (37MB of packages, 6.7MB of Go binary and 5.6MB for Alpine)
+1. [**Introduction**](https://youtu.be/3jIbU6J2Hs0)
- [OpenVPN 2.4.8](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/openvpn) to tunnel to PIA servers
+1. [**Connect a container**](https://youtu.be/mH7J_2JKNK0)
- [IPtables 1.8.3](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/iptables) enforces the container to communicate only through the VPN or with other containers in its virtual network (acts as a killswitch)
+1. [**Connect LAN devices**](https://youtu.be/qvjrM15Y0uk)
 - [Unbound 1.9.6](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/unbound) configured with Cloudflare's [1.1.1.1](https://1.1.1.1) DNS over TLS (configurable with 5 different providers)
 - [Files and blocking lists built periodically](https://github.com/qdm12/updated/tree/master/files) used with Unbound (see `BLOCK_MALICIOUS`, `BLOCK_SURVEILLANCE` and `BLOCK_ADS` environment variables)
 - [TinyProxy 1.10.0](https://pkgs.alpinelinux.org/package/v3.11/main/x86_64/tinyproxy)
 - [Shadowsocks 3.3.4](https://pkgs.alpinelinux.org/package/edge/testing/x86/shadowsocks-libev)
 </p></details>
 ## Features
- **New features**
+- Based on Alpine 3.12 for a small Docker image of 52MB
-    - Choice to block ads, malicious and surveillance at the DNS level
+- Supports **Private Internet Access** (new and old), **Mullvad**, **Windscribe**, **Surfshark**, **Cyberghost**, **Vyprvpn**, **NordVPN** and **PureVPN** servers
-    - All program output streams are merged (openvpn, unbound, shadowsocks, tinyproxy, etc.)
+- Supports Openvpn only for now
-    - Choice of DNS over TLS provider(s)
+- DNS over TLS baked in with service provider(s) of your choice
-    - Possibility of split horizon DNS by selecting multiple DNS over TLS providers
+- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
-    - Download block lists and cryptographic files at start instead of at build time
+- Choose the vpn network protocol, `udp` or `tcp`
-    - Can work as a Kubernetes sidecar container, thanks @rorph
+- Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
-    - Pick a random region if no region is given, thanks @rorph
+- Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
- <details><summary>Configure everything with environment variables</summary><p>
+- Built in HTTP proxy (Tinyproxy, tunnels TCP)
-
+- [Connect other containers to it](https://github.com/qdm12/gluetun#connect-to-it)
-    - [Destination region](https://www.privateinternetaccess.com/pages/network)
+- [Connect LAN devices to it](https://github.com/qdm12/gluetun#connect-to-it)
-    - Internet protocol
+- Compatible with amd64, i686 (32 bit), **ARM** 64 bit, ARM 32 bit v6 and v7 🎆
-    - Level of encryption
+- VPN server side port forwarding for Private Internet Access and Vyprvpn
-    - PIA Username and password
+- Possibility of split horizon DNS by selecting multiple DNS over TLS providers
-    - DNS over TLS
+- Subprograms all drop root privileges once launched
-    - DNS blocking: ads, malicious, surveillance
+- Subprograms output streams are all merged together
-    - Internal firewall
+- Can work as a Kubernetes sidecar container, thanks @rorph
    - Socks5 proxy
    - Web HTTP proxy
    </p></details>
 - Connect
    - [Other containers to it](https://github.com/qdm12/private-internet-access-docker#connect-to-it)
    - [LAN devices to it](https://github.com/qdm12/private-internet-access-docker#connect-to-it)
 - Killswitch using *iptables* to allow traffic only with needed PIA servers and LAN devices
 - Port forwarding
 - Compatible with amd64, i686 (32 bit), **ARM** 64 bit, ARM 32 bit v6 and v7, ppc64le and even that s390x 🎆
 - Sub programs drop root privileges once launched: Openvpn, Unbound, Shadowsocks, Tinyproxy
 ## Setup
-1. <details><summary>Requirements</summary><p>
+1. On some devices you may need to setup your tunnel kernel module on your host with `insmod /lib/modules/tun.ko` or `modprobe tun`
-
+    - [Synology users Wiki page](https://github.com/qdm12/gluetun/wiki/Synology-setup)
    - A Private Internet Access **username** and **password** - [Sign up](https://www.privateinternetaccess.com/pages/buy-vpn/)
    - Docker API 1.25 to support `init`
    - If you use Docker Compose, docker-compose >= 1.22.0, to support `init: true`
    - <details><summary>External firewall requirements, if you have one</summary><p>
        - At start only
            - Allow outbound TCP 443 to github.com and privateinternetaccess.com
            - If `DOT=on`, allow outbound TCP 853 to 1.1.1.1 to allow Unbound to resolve the PIA domain name.
            - If `DOT=off`, allow outbound UDP 53 to your DNS provider to resolve the PIA domain name.
        - For UDP strong encryption, allow outbound UDP 1197 to the corresponding VPN server IPs
        - For UDP normal encryption, allow outbound UDP 1198 to the corresponding VPN server IPs
        - For TCP strong encryption, allow outbound TCP 501 to the corresponding VPN server IPs
        - For TCP normal encryption, allow outbound TCP 502 to the corresponding VPN server IPs
        - If `SHADOWSOCKS=on`, allow inbound TCP 8388 and UDP 8388 from your LAN
        - If `TINYPROXY=on`, allow inbound TCP 8888 from your LAN
    </p></details>
    </p></details>
 1. Launch the container with:
    ```bash
-    docker run -d --init --name=pia --cap-add=NET_ADMIN \
+    docker run -d --name gluetun --cap-add=NET_ADMIN \
-    -e REGION="CA Montreal" -e USER=js89ds7 -e PASSWORD=8fd9s239G \
+    -e VPNSP="private internet access" -e REGION="CA Montreal" \
    -e USER=js89ds7 -e PASSWORD=8fd9s239G \
    -v /yourpath:/gluetun \
    qmcgaw/private-internet-access
    ```
-    or use [docker-compose.yml](https://github.com/qdm12/private-internet-access-docker/blob/master/docker-compose.yml) with:
+    or use [docker-compose.yml](https://github.com/qdm12/gluetun/blob/master/docker-compose.yml) with:
    ```bash
    docker-compose up -d
    ```
    Note that you can:
    - Change the many [environment variables](#environment-variables) available
-    - Use `-p 8888:8888/tcp` to access the HTTP web proxy (and put your LAN in `EXTRA_SUBNETS` environment variable)
+    - Use `-p 8888:8888/tcp` to access the HTTP web proxy (and put your LAN in `EXTRA_SUBNETS` environment variable, in example `192.168.1.0/24`)
-    - Use `-p 8388:8388/tcp -p 8388:8388/udp` to access the SOCKS5 proxy (and put your LAN in `EXTRA_SUBNETS` environment variable)
+    - Use `-p 8388:8388/tcp -p 8388:8388/udp` to access the Shadowsocks proxy (and put your LAN in `EXTRA_SUBNETS` environment variable, in example `192.168.1.0/24`)
-    - Pass additional arguments to *openvpn* using Docker's command function (commands after the image name)
+    - Use `-p 8000:8000/tcp` to access the [HTTP control server](#HTTP-control-server) built-in
-1. You can update the image with `docker pull qmcgaw/private-internet-access:latest`. There are also docker tags available:
+
-    - `qmcgaw/private-internet-access:v1` linked to the [v1 release](https://github.com/qdm12/private-internet-access-docker/releases/tag/v1.0)
+    **If you encounter an issue with the tun device not being available, see [the FAQ](https://github.com/qdm12/gluetun/blob/master/doc/faq.md#how-to-fix-openvpn-failing-to-start)**
 1. You can update the image with `docker pull qmcgaw/private-internet-access:latest`. See the [wiki](https://github.com/qdm12/gluetun/wiki/Common-issues#use-a-release-tag) for more information on other tags available.
 ## Testing
-Check the PIA IP address matches your expectations
+Check the VPN IP address matches your expectations
 ```sh
-docker run --rm --network=container:pia alpine:3.10 wget -qO- https://ipinfo.io
+docker run --rm --network=container:gluetun alpine:3.12 wget -qO- https://ipinfo.io
 ```
 ▶ [Testing Wiki page](https://github.com/qdm12/gluetun/wiki/Testing-the-setup)
 ## Environment variables
-| Environment variable | Default | Description |
+**TLDR**; only set the 🏁 marked environment variables to get started.
-| --- | --- | --- |
+
-| `REGION` | `CA Montreal` | One of the [PIA regions](https://www.privateinternetaccess.com/pages/network/) |
+### VPN
-| `PROTOCOL` | `udp` | `tcp` or `udp` |
+
-| `ENCRYPTION` | `strong` | `normal` or `strong` |
+| Variable | Default | Choices | Description |
-| `USER` | | Your PIA username |
+| --- | --- | --- | --- |
-| `PASSWORD` | | Your PIA password |
+| 🏁 `VPNSP` | `private internet access` | `private internet access`, `private internet access old`, `mullvad`, `windscribe`, `surfshark`, `vyprvpn`, `nordvpn`, `purevpn` | VPN Service Provider |
-| `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |
+| `IP_STATUS_FILE` | `/tmp/gluetun/ip` | Any filepath | Filepath to store the public IP address assigned |
-| `DOT_PROVIDERS` | `cloudflare` | Comma delimited list of DNS over TLS providers from `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` |
+| `PROTOCOL` | `udp` | `udp` or `tcp` | Network protocol to use |
-| `DOT_CACHING` | `on` | Unbound caching feature, `on` or `off` |
+| `OPENVPN_VERBOSITY` | `1` | `0` to `6` | Openvpn verbosity level |
-| `DOT_PRIVATE_ADDRESS` | All IPv4 and IPv6 CIDRs private ranges | Comma separated list of CIDRs or single IP addresses. Note that the default setting prevents DNS rebinding |
+| `OPENVPN_ROOT` | `no` | `yes` or `no` | Run OpenVPN as root |
-| `DOT_VERBOSITY` | `1` | Unbound verbosity level from `0` to `5` (full debug) |
+| `OPENVPN_TARGET_IP` | | Valid IP address | Specify a target VPN IP address to use |
-| `DOT_VERBOSITY_DETAILS` | `0` | Unbound details verbosity level from `0` to `4` |
+| `OPENVPN_CIPHER` | | i.e. `aes-256-gcm` | Specify a custom cipher to use. It will also set `ncp-disable` if using AES GCM for PIA |
-| `DOT_VALIDATION_LOGLEVEL` | `0` | Unbound validation log level from `0` to `2` |
+| `OPENVPN_AUTH` | | i.e. `sha256` | Specify a custom auth algorithm to use |
-| `BLOCK_MALICIOUS` | `on` | `on` or `off`, blocks malicious hostnames and IPs |
+| `OPENVPN_IPV6` | `off` | `on`, `off` | Enable tunneling of IPv6 (only for Mullvad) |
-| `BLOCK_SURVEILLANCE` | `off` | `on` or `off`, blocks surveillance hostnames and IPs |
+
-| `BLOCK_ADS` | `off` | `on` or `off`, blocks ads hostnames and IPs |
+*For all providers below, server location parameters are all optional. By default a random server is picked using the filter settings provided.*
-| `UNBLOCK` | | comma separated string (i.e. `web.com,web2.ca`) to unblock hostnames |
+
-| `EXTRA_SUBNETS` | | comma separated subnets allowed in the container firewall (i.e. `192.168.1.0/24,192.168.10.121,10.0.0.5/28`) |
+- Private Internet Access
-| `PORT_FORWARDING` | `off` | Set to `on` to forward a port on PIA server |
+
-| `PORT_FORWARDING_STATUS_FILE` | `/forwarded_port` | File path to store the forwarded port number |
+    | Variable | Default | Choices | Description |
-| `TINYPROXY` | `off` | `on` or `off`, to enable the internal HTTP proxy tinyproxy |
+    | --- | --- | --- | --- |
-| `TINYPROXY_LOG` | `Info` | `Info`, `Connect`, `Notice`, `Warning`, `Error` or `Critical` |
+    | 🏁 `USER` | | | Your username |
-| `TINYPROXY_PORT` | `8888` | `1024` to `65535` internal port for HTTP proxy |
+    | 🏁 `PASSWORD` | | | Your password |
-| `TINYPROXY_USER` | | Username to use to connect to the HTTP proxy |
+    | `REGION` | | One of the [PIA regions](https://www.privateinternetaccess.com/pages/network/) | VPN server region |
-| `TINYPROXY_PASSWORD` | | Passsword to use to connect to the HTTP proxy |
+    | `PIA_ENCRYPTION` | `strong` | `normal`, `strong` | Encryption preset |
-| `SHADOWSOCKS` | `off` | `on` or `off`, to enable the internal SOCKS5 proxy Shadowsocks |
+    | `PORT_FORWARDING` | `off` | `on`, `off` | Enable port forwarding on the VPN server |
-| `SHADOWSOCKS_LOG` | `on` | `on` or `off` to enable logging for Shadowsocks  |
+    | `PORT_FORWARDING_STATUS_FILE` | `/tmp/gluetun/forwarded_port` | Any filepath | Filepath to store the forwarded port number |
-| `SHADOWSOCKS_PORT` | `8388` | `1024` to `65535` internal port for SOCKS5 proxy |
+
-| `SHADOWSOCKS_PASSWORD` | | Passsword to use to connect to the SOCKS5 proxy |
+- Mullvad
-| `TZ` | | Specify a timezone to use i.e. `Europe/London` |
+
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your user ID |
    | `COUNTRY` | | One of the [Mullvad countries](https://mullvad.net/en/servers/#openvpn) | VPN server country |
    | `CITY` | | One of the [Mullvad cities](https://mullvad.net/en/servers/#openvpn) | VPN server city |
    | `ISP` | | One of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) | VPN server ISP |
    | `PORT` | | `80`, `443` or `1401` for TCP; `53`, `1194`, `1195`, `1196`, `1197`, `1300`, `1301`, `1302`, `1303` or `1400` for UDP. Defaults to TCP `443` and UDP `1194` | Custom VPN port to use |
    💡 [Mullvad IPv6 Wiki page](https://github.com/qdm12/gluetun/wiki/Mullvad-IPv6)
 - Windscribe
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your username |
    | 🏁 `PASSWORD` | | | Your password |
    | `REGION` | | One of the [Windscribe regions](https://windscribe.com/status) | VPN server region |
    | `PORT` | | One from the [this list of ports](https://windscribe.com/getconfig/openvpn) | Custom VPN port to use |
 - Surfshark
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your **service** username, found at the bottom of the [manual setup page](https://account.surfshark.com/setup/manual) |
    | 🏁 `PASSWORD` | | | Your **service** password |
    | `REGION` | | One of the [Surfshark regions](https://github.com/qdm12/gluetun/wiki/Surfshark-Servers) | VPN server region |
 - Cyberghost
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your username |
    | 🏁 `PASSWORD` | | | Your password |
    | 🏁 `CLIENT_KEY` | | | Your device client key content, **see below** |
    | `REGION` | | One of the Cyberghost regions, [Wiki page](https://github.com/qdm12/gluetun/wiki/Cyberghost-Servers) | VPN server country |
    | `CYBERGHOST_GROUP` | `Premium UDP Europe` | One of the server groups (see above Wiki page) | Server group |
    To specify your client key, you can either:
    - Bind mount it at `/files/client.key`, for example with `-v /yourpath/client.key:/files/client.key:ro`
    - Convert it to a single line value using:
        ```sh
        docker run -it --rm -v /yourpath/client.key:/files/client.key:ro qmcgaw/private-internet-access clientkey
        ```
        And use the line produced as the value for the environment variable `CLIENT_KEY`.
 - Vyprvpn
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your username |
    | 🏁 `PASSWORD` | | | Your password |
    | `REGION` | | One of the [VyprVPN regions](https://www.vyprvpn.com/server-locations) | VPN server region |
 - NordVPN
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your username |
    | 🏁 `PASSWORD` | | | Your password |
    | `REGION` | | One of the NordVPN server country, i.e. `Switzerland` | VPN server country |
    | `SERVER_NUMBER` | | Server integer number | Optional server number. For example `251` for `Italy #251` |
 - PureVPN
    | Variable | Default | Choices | Description |
    | --- | --- | --- | --- |
    | 🏁 `USER` | | | Your user ID |
    | 🏁 `REGION` | | One of the [PureVPN regions](https://support.purevpn.com/vpn-servers) | VPN server region |
    | `COUNTRY` | | One of the [PureVPN countries](https://support.purevpn.com/vpn-servers) | VPN server country |
    | `CITY` | | One of the [PureVPN cities](https://support.purevpn.com/vpn-servers) | VPN server city |
 ### DNS over TLS
 None of the following values are required.
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `DOT` | `on` | `on`, `off` | Activate DNS over TLS with Unbound |
 | `DOT_PROVIDERS` | `cloudflare` | `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` | Comma delimited list of DNS over TLS providers |
 | `DOT_CACHING` | `on` | `on`, `off` | Unbound caching |
 | `DOT_IPV6` | `off` | `on`, `off` | DNS IPv6 resolution |
 | `DOT_PRIVATE_ADDRESS` | All private CIDRs ranges | | Comma separated list of CIDRs or single IP addresses Unbound won't resolve to. Note that the default setting prevents DNS rebinding |
 | `DOT_VERBOSITY` | `1` | `0` to `5` | Unbound verbosity level |
 | `DOT_VERBOSITY_DETAILS` | `0` | `0` to `4` | Unbound details verbosity level |
 | `DOT_VALIDATION_LOGLEVEL` | `0` | `0` to `2` | Unbound validation log level |
 | `DNS_UPDATE_PERIOD` | `24h` | i.e. `0`, `30s`, `5m`, `24h` | Period to update block lists and cryptographic files and restart Unbound. Set to `0` to deactivate updates |
 | `BLOCK_MALICIOUS` | `on` | `on`, `off` | Block malicious hostnames and IPs with Unbound |
 | `BLOCK_SURVEILLANCE` | `off` | `on`, `off` | Block surveillance hostnames and IPs with Unbound |
 | `BLOCK_ADS` | `off` | `on`, `off` | Block ads hostnames and IPs with Unbound |
 | `UNBLOCK` | |i.e. `domain1.com,x.domain2.co.uk` | Comma separated list of domain names to leave unblocked with Unbound |
 | `DNS_PLAINTEXT_ADDRESS` | `1.1.1.1` | Any IP address | IP address to use as DNS resolver if `DOT` is `off` |
 | `DNS_KEEP_NAMESERVER` | `off` | `on` or `off` | Keep the nameservers in /etc/resolv.conf untouched, but disabled DNS blocking features |
 ### Firewall
 That one is important if you want to connect to the container from your LAN for example, using Shadowsocks or Tinyproxy.
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `FIREWALL` | `on` | `on` or `off` | Turn on or off the container built-in firewall. You should use it for **debugging purposes** only. |
 | `EXTRA_SUBNETS` | | i.e. `192.168.1.0/24,192.168.10.121,10.0.0.5/28` | Comma separated subnets allowed in the container firewall |
 | `FIREWALL_VPN_INPUT_PORTS` | | i.e. `1000,8080` | Comma separated list of ports to allow from the VPN server side (useful for **vyprvpn** port forwarding) |
 | `FIREWALL_DEBUG` | `off` | `on` or `off` | Prints every firewall related command. You should use it for **debugging purposes** only. |
 ### Shadowsocks
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `SHADOWSOCKS` | `off` | `on`, `off` | Enable the internal Shadowsocks proxy |
 | `SHADOWSOCKS_LOG` | `off` | `on`, `off` | Enable logging |
 | `SHADOWSOCKS_PORT` | `8388` | `1024` to `65535` | Internal port number for Shadowsocks to listen on |
 | `SHADOWSOCKS_PASSWORD` | |  | Password to use to connect to Shadowsocks |
 | `SHADOWSOCKS_METHOD` | `chacha20-ietf-poly1305` | `chacha20-ietf-poly1305`, `aes-128-gcm`, `aes-256-gcm` | Method to use for Shadowsocks |
 ### Tinyproxy
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `TINYPROXY` | `off` | `on`, `off` | Enable the internal HTTP proxy tinyproxy |
 | `TINYPROXY_LOG` | `Info` | `Info`, `Connect`, `Notice`, `Warning`, `Error`, `Critical` | Tinyproxy log level |
 | `TINYPROXY_PORT` | `8888` | `1024` to `65535` | Internal port number for Tinyproxy to listen on |
 | `TINYPROXY_USER` | | | Username to use to connect to Tinyproxy |
 | `TINYPROXY_PASSWORD` | | | Password to use to connect to Tinyproxy |
 ### System
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `TZ` | | i.e. `Europe/London` | Specify a timezone to use to have correct log times |
 | `UID` | `1000` | | User ID to run as non root and for ownership of files written |
 | `GID` | `1000` | | Group ID to run as non root and for ownership of files written |
 ### Other
 | Variable | Default | Choices | Description |
 | --- | --- | --- | --- |
 | `PUBLICIP_PERIOD` | `12h` | Valid duration | Period to check for public IP address. Set to `0` to disable. |
 | `VERSION_INFORMATION` | `on` | `on`, `off` | Logs a message indicating if a newer version is available once the VPN is connected |
 | `UPDATER_PERIOD` | `0` | Valid duration string such as `24h` | Period to update all VPN servers information in memory and to /gluetun/servers.json. Set to `0` to disable. This does a burst of DNS over TLS requests, which may be blocked if you set `BLOCK_MALICIOUS=on` for example. |
 ## Connect to it
 There are various ways to achieve this, depending on your use case.
- <details><summary>Connect containers in the same docker-compose.yml as PIA</summary><p>
+- <details><summary>Connect containers in the same docker-compose.yml as Gluetun</summary><p>
-    Add `network_mode: "service:pia"` to your *docker-compose.yml* (no need for `depends_on`)
+    Add `network_mode: "service:gluetun"` to your *docker-compose.yml* (no need for `depends_on`)
    </p></details>
- <details><summary>Connect other containers to PIA</summary><p>
+- <details><summary>Connect other containers to Gluetun</summary><p>
-    Add `--network=container:pia` when launching the container, provided PIA is already running
+    Add `--network=container:gluetun` when launching the container, provided Gluetun is already running
    </p></details>
 - <details><summary>Connect containers from another docker-compose.yml</summary><p>
-    Add `network_mode: "container:pia"` to your *docker-compose.yml*, provided PIA is already running
+    Add `network_mode: "container:gluetun"` to your *docker-compose.yml*, provided Gluetun is already running
    </p></details>
 - <details><summary>Connect LAN devices through the built-in HTTP proxy *Tinyproxy* (i.e. with Chrome, Kodi, etc.)</summary><p>
@@ -175,50 +287,49 @@ There are various ways to achieve this, depending on your use case.
    You might want to use Shadowsocks instead which tunnels UDP as well as TCP, whereas Tinyproxy only tunnels TCP.
    1. Setup a HTTP proxy client, such as [SwitchyOmega for Chrome](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en)
-    1. Ensure the PIA container is launched with:
+    1. Ensure the Gluetun container is launched with:
        - port `8888` published `-p 8888:8888/tcp`
        - your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
    1. With your HTTP proxy client, connect to the Docker host (i.e. `192.168.1.10`) on port `8888`. You need to enter your credentials if you set them with `TINYPROXY_USER` and `TINYPROXY_PASSWORD`.
    1. If you set `TINYPROXY_LOG` to `Info`, more information will be logged in the Docker logs
    </p></details>
- <details><summary>Connect LAN devices through the built-in SOCKS5 proxy *Shadowsocks* (per app, system wide, etc.)</summary><p>
+- <details><summary>Connect LAN devices through the built-in *Shadowsocks* proxy (per app, system wide, etc.)</summary><p>
-    1. Setup a SOCKS5 proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html)
+    1. Setup a Shadowsocks proxy client, there is a list of [ShadowSocks clients for **all platforms**](https://shadowsocks.org/en/download/clients.html)
-        - **note** some clients do not tunnel UDP so your DNS queries will be done locally and not through PIA and its built in DNS over TLS
+        - **note** some clients do not tunnel UDP so your DNS queries will be done locally and not through Gluetun and its built in DNS over TLS
        - Clients that support such UDP tunneling are, as far as I know:
            - iOS: Potatso Lite
            - OSX: ShadowsocksX
            - Android: Shadowsocks by Max Lv
-    1. Ensure the PIA container is launched with:
+    1. Ensure the Gluetun container is launched with:
        - port `8388` published `-p 8388:8388/tcp -p 8388:8388/udp`
        - your LAN subnet, i.e. `192.168.1.0/24`, set as `-e EXTRA_SUBNETS=192.168.1.0/24`
-    1. With your SOCKS5 proxy client
+    1. With your Shadowsocks proxy client
        - Enter the Docker host (i.e. `192.168.1.10`) as the server IP
        - Enter port TCP (and UDP, if available) `8388` as the server port
        - Use the password you have set with `SHADOWSOCKS_PASSWORD`
-        - Choose the encryption method/algorithm `chacha20-ietf-poly1305`
+        - Choose the encryption method/algorithm to the method you specified in `SHADOWSOCKS_METHOD`
-    1. If you set `SHADOWSOCKS_LOG` to `on`, more information will be logged in the Docker logs
+    1. If you set `SHADOWSOCKS_LOG` to `on`, (a lot) more information will be logged in the Docker logs
    </p></details>
- <details><summary>Access ports of containers connected to PIA</summary><p>
+- <details><summary>Access ports of containers connected to Gluetun</summary><p>
-    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to PIA,
+    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to Gluetun,
-    publish ports `8000` and `9000` for the PIA container and access them as you would with any other container
+    publish ports `8000` and `9000` for the Gluetun container and access them as you would with any other container
    </p></details>
- <details><summary>Access ports of containers connected to PIA, all in the same docker-compose.yml</summary><p>
+- <details><summary>Access ports of containers connected to Gluetun, all in the same docker-compose.yml</summary><p>
-    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to PIA, publish port `8000` and `9000` for the PIA container.
+    In example, to access port `8000` of container `xyz`  and `9000` of container `abc` connected to Gluetun, publish port `8000` and `9000` for the Gluetun container.
    The docker-compose.yml file would look like:
    ```yml
    version: '3.7'
    services:
-      pia:
+      gluetun:
        image: qmcgaw/private-internet-access
-        container_name: pia
+        container_name: gluetun
        init: true
        cap_add:
          - NET_ADMIN
        environment:
@@ -230,111 +341,48 @@ There are various ways to achieve this, depending on your use case.
      abc:
        image: abc
        container_name: abc
-        network_mode: "service:pia"
+        network_mode: "service:gluetun"
      xyz:
        image: xyz
        container_name: xyz
-        network_mode: "service:pia"
+        network_mode: "service:gluetun"
    ```
    </p></details>
-## Port forwarding
+## Private Internet Access port forwarding
-By setting `PORT_FORWARDING` environment variable to `on`, the forwarded port will be read and written to the file specified in `PORT_FORWARDING_STATUS_FILE` (by default, this is set to `/forwarded_port`). If the location for this file does not exist, it will be created automatically.
+When `PORT_FORWARDING=on`, a port will be forwarded on the VPN server side and written to the file specified by `PORT_FORWARDING_STATUS_FILE=/tmp/gluetun/forwarded_port`.
 It can be useful to mount this file as a volume to read it from other containers, for example to configure a torrenting client.
-You can mount this file as a volume to read it from other containers.
+For `VPNSP=private internet access` (default), you will keep the same forwarded port for 60 days as long as you bind mount the `/gluetun` directory.
-Note that not all regions support port forwarding.
+You can also use the HTTP control server (see below) to get the port forwarded.
-## For the paranoids
+## HTTP control server
- You can review the code which consists in:
+[Wiki page](https://github.com/qdm12/gluetun/wiki/HTTP-Control-server)
    - [Dockerfile](https://github.com/qdm12/private-internet-access-docker/blob/master/Dockerfile)
    - [main.go](https://github.com/qdm12/private-internet-access-docker/blob/master/cmd/main.go), the main code entrypoint
    - [internal package](https://github.com/qdm12/private-internet-access-docker/blob/master/internal)
    - [github.com/qdm12/golibs](https://github.com/qdm12/golibs) dependency
    - [github.com/qdm12/files](https://github.com/qdm12/files) for files downloaded at start (DNS root hints, block lists, etc.)
 - Build the image yourself:
-    ```bash
+## Development and contributing
    docker build -t qmcgaw/private-internet-access https://github.com/qdm12/private-internet-access-docker.git
    ```
- The download and parsing of all needed files is done at start (openvpn config files, Unbound files, block lists, etc.)
+- Contribute with code: start with [this Wiki page](https://github.com/qdm12/gluetun/wiki/Developement-setup)
- Use `-e ENCRYPTION=strong -e BLOCK_MALICIOUS=on`
+- [The list of existing contributors 👍](https://github.com/qdm12/gluetun/blob/master/.github/CONTRIBUTING.md#Contributors)
- You can test DNSSEC using [internet.nl/connection](https://www.internet.nl/connection/)
+- [Github workflows](https://github.com/qdm12/gluetun/actions) to know what's building
- Check DNS leak tests with [https://www.dnsleaktest.com](https://www.dnsleaktest.com)
+- [List of issues and feature requests](https://github.com/qdm12/gluetun/issues)
 - DNS Leaks tests might not work because of [this](https://github.com/qdm12/cloudflare-dns-server#verify-dns-connection) (*TLDR*: DNS server is a local caching intermediary)
 ## Troubleshooting
 - If openvpn fails to start, you may need to:
    - Install the tun kernel module on your host with `insmod /lib/modules/tun.ko` or `modprobe tun`
    - Add `--device=/dev/net/tun` to your docker run command (equivalent for docker-compose, kubernetes, etc.)
 - Fallback to a previous Docker image tags:
    - `v1` tag, stable shell scripting based (no support)
    - `old` tag, latest shell scripting version (no support)
    - `v2`... waiting for `latest` to become more stable
 - Fallback to a precise previous version
    1. Clone the repository on your machine
        ```sh
        git clone https://github.com/qdm12/private-internet-access-docker.git pia
        cd pia
        ```
    1. Look up which commit you want to go back to [here](https://github.com/qdm12/private-internet-access-docker/commits/master), i.e. `942cc7d4d10545b6f5f89c907b7dd1dbc39368e0`
    1. Revert to this commit locally
        ```sh
        git reset --hard 942cc7d4d10545b6f5f89c907b7dd1dbc39368e0
        ```
    1. Build the Docker image
        ```sh
        docker build -t qmcgaw/private-internet-access .
        ```
 ## Development
 ### Using VSCode and Docker
 1. Install [Docker](https://docs.docker.com/install)
    - On Windows, share a drive with Docker Desktop and have the project on that partition
 1. With [Visual Studio Code](https://code.visualstudio.com/download), install the [remote containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers)
 1. In Visual Studio Code, press on `F1` and select `Remote-Containers: Open Folder in Container...`
 1. Your dev environment is ready to go!... and it's running in a container :+1:
 ## TODOs
 - Support other VPN providers
    - Mullvad
    - Windscribe
 - Gotify support for notificactions
 - Periodic update of malicious block lists with Unbound restart
 - Improve healthcheck
    - Check IP address belongs to selected region
    - Check for DNS provider somehow if this is even possible
 - Support for other VPN protocols
    - Wireguard (wireguard-go)
 - Show new versions/commits at start
 - Colors & emojis
    - Setup
    - Logging streams
 - More unit tests
 - Write in Go
    - DNS over TLS to replace Unbound
    - HTTP proxy to replace tinyproxy
    - use [go-Shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2)
    - DNS over HTTPS, maybe use [github.com/likexian/doh-go](https://github.com/likexian/doh-go)
    - use [iptables-go](https://github.com/coreos/go-iptables) to replace iptables
    - wireguard-go
    - Openvpn to replace openvpn
 ## License
-This repository is under an [MIT license](https://github.com/qdm12/private-internet-access-docker/master/license)
+This repository is under an [MIT license](https://github.com/qdm12/gluetun/master/license)
 ## Support
 Sponsor me on [Github](https://github.com/sponsors/qdm12), donate to [paypal.me/qmcgaw](https://www.paypal.me/qmcgaw) or subscribe to a VPN provider through one of my affiliate links:
 [![https://github.com/sponsors/qdm12](https://raw.githubusercontent.com/qdm12/gluetun/master/doc/sponsors.jpg)](https://github.com/sponsors/qdm12)
 [![https://www.paypal.me/qmcgaw](https://raw.githubusercontent.com/qdm12/gluetun/master/doc/paypal.jpg)](https://www.paypal.me/qmcgaw)
 [![https://windscribe.com/?affid=mh7nyafu](https://raw.githubusercontent.com/qdm12/gluetun/master/doc/windscribe.jpg)](https://windscribe.com/?affid=mh7nyafu)
 Feel also free to have a look at [the Kanban board](https://github.com/qdm12/gluetun/projects/1) and [contribute](#Development-and-contributing) to the code or the issues discussion.
 Many thanks to @Frepke, @Ralph521, G. Mendez, M. Otmar Weber, J. Perez and A. Cooper for supporting me financially 🥇👍
--- a/ci.sh
+++ b/ci.sh
@@ -1,21 +0,0 @@
 #!/bin/bash
 if [ "$TRAVIS_PULL_REQUEST" = "true" ] || [ "$TRAVIS_BRANCH" != "master" ]; then
  docker buildx build \
    --progress plain \
    --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le,linux/s390x \
    .
  exit $?
 fi
 echo $DOCKER_PASSWORD | docker login -u qmcgaw --password-stdin &> /dev/null
 TAG="${TRAVIS_TAG:-latest}"
 echo "Building Docker images for \"$DOCKER_REPO:$TAG\""
 docker buildx build \
    --progress plain \
    --platform=linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le,linux/s390x \
    --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
    --build-arg VCS_REF=`git rev-parse --short HEAD` \
    --build-arg VERSION=$TAG \
    -t $DOCKER_REPO:$TAG \
    --push \
    .
--- a/cmd/gluetun/main.go
+++ b/cmd/gluetun/main.go
@@ -0,0 +1,414 @@
 package main
 import (
 	"context"
 	"fmt"
 	"net"
 	"net/http"
 	"os"
 	"os/signal"
 	"strings"
 	"sync"
 	"syscall"
 	"time"
 	"github.com/qdm12/gluetun/internal/alpine"
 	"github.com/qdm12/gluetun/internal/cli"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/dns"
 	"github.com/qdm12/gluetun/internal/firewall"
 	gluetunLogging "github.com/qdm12/gluetun/internal/logging"
 	"github.com/qdm12/gluetun/internal/openvpn"
 	"github.com/qdm12/gluetun/internal/params"
 	"github.com/qdm12/gluetun/internal/publicip"
 	"github.com/qdm12/gluetun/internal/routing"
 	"github.com/qdm12/gluetun/internal/server"
 	"github.com/qdm12/gluetun/internal/settings"
 	"github.com/qdm12/gluetun/internal/shadowsocks"
 	"github.com/qdm12/gluetun/internal/storage"
 	"github.com/qdm12/gluetun/internal/tinyproxy"
 	"github.com/qdm12/gluetun/internal/updater"
 	versionpkg "github.com/qdm12/gluetun/internal/version"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/golibs/logging"
 	"github.com/qdm12/golibs/network"
 )
 //nolint:gochecknoglobals
 var (
 	version   = "unknown"
 	commit    = "unknown"
 	buildDate = "an unknown date"
 )
 func main() {
 	ctx := context.Background()
 	os.Exit(_main(ctx, os.Args))
 }
 func _main(background context.Context, args []string) int { //nolint:gocognit,gocyclo
 	if len(args) > 1 { // cli operation
 		var err error
 		switch args[1] {
 		case "healthcheck":
 			err = cli.HealthCheck()
 		case "clientkey":
 			err = cli.ClientKey(args[2:])
 		case "openvpnconfig":
 			err = cli.OpenvpnConfig()
 		case "update":
 			err = cli.Update(args[2:])
 		default:
 			err = fmt.Errorf("command %q is unknown", args[1])
 		}
 		if err != nil {
 			fmt.Println(err)
 			return 1
 		}
 		return 0
 	}
 	ctx, cancel := context.WithCancel(background)
 	defer cancel()
 	logger := createLogger()
 	httpClient := &http.Client{Timeout: 15 * time.Second}
 	client := network.NewClient(15 * time.Second)
 	// Create configurators
 	fileManager := files.NewFileManager()
 	alpineConf := alpine.NewConfigurator(fileManager)
 	ovpnConf := openvpn.NewConfigurator(logger, fileManager)
 	dnsConf := dns.NewConfigurator(logger, client, fileManager)
 	routingConf := routing.NewRouting(logger, fileManager)
 	firewallConf := firewall.NewConfigurator(logger, routingConf, fileManager)
 	tinyProxyConf := tinyproxy.NewConfigurator(fileManager, logger)
 	streamMerger := command.NewStreamMerger()
 	paramsReader := params.NewReader(logger, fileManager)
 	fmt.Println(gluetunLogging.Splash(version, commit, buildDate))
 	printVersions(ctx, logger, map[string]func(ctx context.Context) (string, error){
 		"OpenVPN":   ovpnConf.Version,
 		"Unbound":   dnsConf.Version,
 		"IPtables":  firewallConf.Version,
 		"TinyProxy": tinyProxyConf.Version,
 	})
 	allSettings, err := settings.GetAllSettings(paramsReader)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	logger.Info(allSettings.String())
 	// TODO run this in a loop or in openvpn to reload from file without restarting
 	storage := storage.New(logger)
 	const updateServerFile = true
 	allServers, err := storage.SyncServers(constants.GetAllServers(), updateServerFile)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	// Should never change
 	uid, gid := allSettings.System.UID, allSettings.System.GID
 	err = alpineConf.CreateUser("nonrootuser", uid)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	err = fileManager.SetOwnership("/etc/unbound", uid, gid)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	err = fileManager.SetOwnership("/etc/tinyproxy", uid, gid)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	if allSettings.Firewall.Debug {
 		firewallConf.SetDebug()
 		routingConf.SetDebug()
 	}
 	defaultInterface, defaultGateway, err := routingConf.DefaultRoute()
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	localSubnet, err := routingConf.LocalSubnet()
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	firewallConf.SetNetworkInformation(defaultInterface, defaultGateway, localSubnet)
 	if err := ovpnConf.CheckTUN(); err != nil {
 		logger.Warn(err)
 		err = ovpnConf.CreateTUN()
 		if err != nil {
 			logger.Error(err)
 			return 1
 		}
 	}
 	tunnelReadyCh, dnsReadyCh := make(chan struct{}), make(chan struct{})
 	signalTunnelReady := func() { tunnelReadyCh <- struct{}{} }
 	signalDNSReady := func() { dnsReadyCh <- struct{}{} }
 	defer close(tunnelReadyCh)
 	defer close(dnsReadyCh)
 	if allSettings.Firewall.Enabled {
 		err := firewallConf.SetEnabled(ctx, true) // disabled by default
 		if err != nil {
 			logger.Error(err)
 			return 1
 		}
 	}
 	err = firewallConf.SetAllowedSubnets(ctx, allSettings.Firewall.AllowedSubnets)
 	if err != nil {
 		logger.Error(err)
 		return 1
 	}
 	for _, vpnPort := range allSettings.Firewall.VPNInputPorts {
 		err = firewallConf.SetAllowedPort(ctx, vpnPort, string(constants.TUN))
 		if err != nil {
 			logger.Error(err)
 			return 1
 		}
 	}
 	wg := &sync.WaitGroup{}
 	go collectStreamLines(ctx, streamMerger, logger, signalTunnelReady)
 	openvpnLooper := openvpn.NewLooper(allSettings.VPNSP, allSettings.OpenVPN, uid, gid, allServers,
 		ovpnConf, firewallConf, routingConf, logger, httpClient, fileManager, streamMerger, cancel)
 	wg.Add(1)
 	// wait for restartOpenvpn
 	go openvpnLooper.Run(ctx, wg)
 	updaterOptions := updater.NewOptions("127.0.0.1")
 	updaterLooper := updater.NewLooper(updaterOptions, allSettings.UpdaterPeriod, allServers, storage, openvpnLooper.SetAllServers, httpClient, logger)
 	wg.Add(1)
 	// wait for updaterLooper.Restart() or its ticket launched with RunRestartTicker
 	go updaterLooper.Run(ctx, wg)
 	unboundLooper := dns.NewLooper(dnsConf, allSettings.DNS, logger, streamMerger, uid, gid)
 	wg.Add(1)
 	// wait for unboundLooper.Restart or its ticker launched with RunRestartTicker
 	go unboundLooper.Run(ctx, wg, signalDNSReady)
 	publicIPLooper := publicip.NewLooper(client, logger, fileManager, allSettings.System.IPStatusFilepath, allSettings.PublicIPPeriod, uid, gid)
 	wg.Add(1)
 	go publicIPLooper.Run(ctx, wg)
 	wg.Add(1)
 	go publicIPLooper.RunRestartTicker(ctx, wg)
 	publicIPLooper.SetPeriod(allSettings.PublicIPPeriod) // call after RunRestartTicker
 	tinyproxyLooper := tinyproxy.NewLooper(tinyProxyConf, firewallConf, allSettings.TinyProxy, logger, streamMerger, uid, gid, defaultInterface)
 	restartTinyproxy := tinyproxyLooper.Restart
 	wg.Add(1)
 	go tinyproxyLooper.Run(ctx, wg)
 	shadowsocksLooper := shadowsocks.NewLooper(firewallConf, allSettings.ShadowSocks, logger, defaultInterface)
 	restartShadowsocks := shadowsocksLooper.Restart
 	wg.Add(1)
 	go shadowsocksLooper.Run(ctx, wg)
 	if allSettings.TinyProxy.Enabled {
 		restartTinyproxy()
 	}
 	if allSettings.ShadowSocks.Enabled {
 		restartShadowsocks()
 	}
 	wg.Add(1)
 	go routeReadyEvents(ctx, wg, tunnelReadyCh, dnsReadyCh,
 		unboundLooper, updaterLooper, publicIPLooper, routingConf, logger, httpClient,
 		allSettings.VersionInformation, allSettings.OpenVPN.Provider.PortForwarding.Enabled, openvpnLooper.PortForward,
 	)
 	httpServer := server.New("0.0.0.0:8000", logger, openvpnLooper, unboundLooper, updaterLooper)
 	wg.Add(1)
 	go httpServer.Run(ctx, wg)
 	// Start openvpn for the first time
 	openvpnLooper.Restart()
 	signalsCh := make(chan os.Signal, 1)
 	signal.Notify(signalsCh,
 		syscall.SIGINT,
 		syscall.SIGTERM,
 		os.Interrupt,
 	)
 	shutdownErrorsCount := 0
 	select {
 	case signal := <-signalsCh:
 		logger.Warn("Caught OS signal %s, shutting down", signal)
 		cancel()
 	case <-ctx.Done():
 		logger.Warn("context canceled, shutting down")
 	}
 	logger.Info("Clearing ip status file %s", allSettings.System.IPStatusFilepath)
 	if err := fileManager.Remove(string(allSettings.System.IPStatusFilepath)); err != nil {
 		logger.Error(err)
 		shutdownErrorsCount++
 	}
 	if allSettings.OpenVPN.Provider.PortForwarding.Enabled {
 		logger.Info("Clearing forwarded port status file %s", allSettings.OpenVPN.Provider.PortForwarding.Filepath)
 		if err := fileManager.Remove(string(allSettings.OpenVPN.Provider.PortForwarding.Filepath)); err != nil {
 			logger.Error(err)
 			shutdownErrorsCount++
 		}
 	}
 	const shutdownGracePeriod = 5 * time.Second
 	waiting, waited := context.WithTimeout(context.Background(), shutdownGracePeriod)
 	go func() {
 		defer waited()
 		wg.Wait()
 	}()
 	<-waiting.Done()
 	if waiting.Err() == context.DeadlineExceeded {
 		if shutdownErrorsCount > 0 {
 			logger.Warn("Shutdown had %d errors", shutdownErrorsCount)
 		}
 		logger.Warn("Shutdown timed out")
 		return 1
 	}
 	if shutdownErrorsCount > 0 {
 		logger.Warn("Shutdown had %d errors")
 		return 1
 	}
 	logger.Info("Shutdown successful")
 	return 0
 }
 func createLogger() logging.Logger {
 	logger, err := logging.NewLogger(logging.ConsoleEncoding, logging.InfoLevel, -1)
 	if err != nil {
 		panic(err)
 	}
 	return logger
 }
 func printVersions(ctx context.Context, logger logging.Logger, versionFunctions map[string]func(ctx context.Context) (string, error)) {
 	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
 	defer cancel()
 	for name, f := range versionFunctions {
 		version, err := f(ctx)
 		if err != nil {
 			logger.Error(err)
 		} else {
 			logger.Info("%s version: %s", name, version)
 		}
 	}
 }
 func collectStreamLines(ctx context.Context, streamMerger command.StreamMerger, logger logging.Logger, signalTunnelReady func()) {
 	// Blocking line merging paramsReader for all programs: openvpn, tinyproxy, unbound and shadowsocks
 	logger.Info("Launching standard output merger")
 	streamMerger.CollectLines(ctx, func(line string) {
 		line, level := gluetunLogging.PostProcessLine(line)
 		if line == "" {
 			return
 		}
 		switch level {
 		case logging.InfoLevel:
 			logger.Info(line)
 		case logging.WarnLevel:
 			logger.Warn(line)
 		case logging.ErrorLevel:
 			logger.Error(line)
 		}
 		switch {
 		case strings.Contains(line, "Initialization Sequence Completed"):
 			signalTunnelReady()
 		case strings.Contains(line, "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"):
 			logger.Warn("This means that either...")
 			logger.Warn("1. The VPN server IP address you are trying to connect to is no longer valid, see https://github.com/qdm12/gluetun/wiki/Update-servers-information")
 			logger.Warn("2. The VPN server crashed, try changing region")
 			logger.Warn("3. Your Internet connection is not working, ensure it works")
 			logger.Warn("Feel free to create an issue at https://github.com/qdm12/gluetun/issues/new/choose")
 		}
 	}, func(err error) {
 		logger.Warn(err)
 	})
 }
 //nolint:gocognit
 func routeReadyEvents(ctx context.Context, wg *sync.WaitGroup, tunnelReadyCh, dnsReadyCh <-chan struct{},
 	unboundLooper dns.Looper, updaterLooper updater.Looper, publicIPLooper publicip.Looper,
 	routing routing.Routing, logger logging.Logger, httpClient *http.Client,
 	versionInformation, portForwardingEnabled bool, startPortForward func(vpnGateway net.IP)) {
 	defer wg.Done()
 	tickerWg := &sync.WaitGroup{}
 	// for linters only
 	var restartTickerContext context.Context
 	var restartTickerCancel context.CancelFunc = func() {}
 	for {
 		select {
 		case <-ctx.Done():
 			restartTickerCancel() // for linters only
 			tickerWg.Wait()
 			return
 		case <-tunnelReadyCh: // blocks until openvpn is connected
 			unboundLooper.Restart()
 			restartTickerCancel() // stop previous restart tickers
 			tickerWg.Wait()
 			restartTickerContext, restartTickerCancel = context.WithCancel(ctx)
 			tickerWg.Add(2)
 			go unboundLooper.RunRestartTicker(restartTickerContext, tickerWg)
 			go updaterLooper.RunRestartTicker(restartTickerContext, tickerWg)
 			defaultInterface, _, err := routing.DefaultRoute()
 			if err != nil {
 				logger.Warn(err)
 			} else {
 				vpnDestination, err := routing.VPNDestinationIP(defaultInterface)
 				if err != nil {
 					logger.Warn(err)
 				} else {
 					logger.Info("VPN routing IP address: %s", vpnDestination)
 				}
 			}
 			if portForwardingEnabled {
 				// TODO make instantaneous once v3 go out of service
 				const waitDuration = 5 * time.Second
 				timer := time.NewTimer(waitDuration)
 				select {
 				case <-ctx.Done():
 					if !timer.Stop() {
 						<-timer.C
 					}
 					continue
 				case <-timer.C:
 					// vpnGateway required only for PIA v4
 					vpnGateway, err := routing.VPNLocalGatewayIP()
 					if err != nil {
 						logger.Error(err)
 					}
 					logger.Info("VPN gateway IP address: %s", vpnGateway)
 					startPortForward(vpnGateway)
 				}
 			}
 		case <-dnsReadyCh:
 			publicIPLooper.Restart() // TODO do not restart if disabled
 			if !versionInformation {
 				break
 			}
 			message, err := versionpkg.GetMessage(version, commit, httpClient)
 			if err != nil {
 				logger.Error(err)
 				break
 			}
 			logger.Info(message)
 		}
 	}
 }
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -1,190 +0,0 @@
 package main
 import (
 	"context"
 	"fmt"
 	"net"
 	"os"
 	"time"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/files"
 	libhealthcheck "github.com/qdm12/golibs/healthcheck"
 	"github.com/qdm12/golibs/logging"
 	"github.com/qdm12/golibs/network"
 	"github.com/qdm12/golibs/signals"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 	"github.com/qdm12/private-internet-access-docker/internal/dns"
 	"github.com/qdm12/private-internet-access-docker/internal/env"
 	"github.com/qdm12/private-internet-access-docker/internal/firewall"
 	"github.com/qdm12/private-internet-access-docker/internal/healthcheck"
 	"github.com/qdm12/private-internet-access-docker/internal/openvpn"
 	"github.com/qdm12/private-internet-access-docker/internal/params"
 	"github.com/qdm12/private-internet-access-docker/internal/pia"
 	"github.com/qdm12/private-internet-access-docker/internal/settings"
 	"github.com/qdm12/private-internet-access-docker/internal/shadowsocks"
 	"github.com/qdm12/private-internet-access-docker/internal/splash"
 	"github.com/qdm12/private-internet-access-docker/internal/tinyproxy"
 )
 const (
 	uid, gid = 1000, 1000
 )
 func main() {
 	logger, err := logging.NewLogger(logging.ConsoleEncoding, logging.InfoLevel, -1)
 	if err != nil {
 		panic(err)
 	}
 	if libhealthcheck.Mode(os.Args) {
 		if err := healthcheck.HealthCheck(); err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		os.Exit(0)
 	}
 	paramsReader := params.NewParamsReader(logger)
 	fmt.Println(splash.Splash(paramsReader))
 	e := env.New(logger)
 	client := network.NewClient(15 * time.Second)
 	// Create configurators
 	fileManager := files.NewFileManager()
 	ovpnConf := openvpn.NewConfigurator(logger, fileManager)
 	dnsConf := dns.NewConfigurator(logger, client, fileManager)
 	firewallConf := firewall.NewConfigurator(logger, fileManager)
 	piaConf := pia.NewConfigurator(client, fileManager, firewallConf, logger)
 	tinyProxyConf := tinyproxy.NewConfigurator(fileManager, logger)
 	shadowsocksConf := shadowsocks.NewConfigurator(fileManager, logger)
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 	streamMerger := command.NewStreamMerger(ctx)
 	e.PrintVersion("OpenVPN", ovpnConf.Version)
 	e.PrintVersion("Unbound", dnsConf.Version)
 	e.PrintVersion("IPtables", firewallConf.Version)
 	e.PrintVersion("TinyProxy", tinyProxyConf.Version)
 	e.PrintVersion("ShadowSocks", shadowsocksConf.Version)
 	allSettings, err := settings.GetAllSettings(paramsReader)
 	e.FatalOnError(err)
 	logger.Info(allSettings.String())
 	if err := ovpnConf.CheckTUN(); err != nil {
 		logger.Warn(err)
 		err = ovpnConf.CreateTUN()
 		e.FatalOnError(err)
 	}
 	err = ovpnConf.WriteAuthFile(allSettings.PIA.User, allSettings.PIA.Password, uid, gid)
 	e.FatalOnError(err)
 	// Temporarily reset chain policies allowing Kubernetes sidecar to
 	// successfully restart the container. Without this, the existing rules will
 	// pre-exist, preventing the nslookup of the PIA region address. These will
 	// simply be redundant at Docker runtime as they will already be set this way
 	// Thanks to @npawelek https://github.com/npawelek
 	err = firewallConf.AcceptAll()
 	e.FatalOnError(err)
 	go func() {
 		// Blocking line merging reader for all programs: openvpn, tinyproxy, unbound and shadowsocks
 		logger.Info("Launching standard output merger")
 		err = streamMerger.CollectLines(func(line string) { logger.Info(line) })
 		e.FatalOnError(err)
 	}()
 	if allSettings.DNS.Enabled {
 		initialDNSToUse := constants.DNSProviderMapping()[allSettings.DNS.Providers[0]]
 		dnsConf.UseDNSInternally(initialDNSToUse.IPs[0])
 		err = dnsConf.DownloadRootHints(uid, gid)
 		e.FatalOnError(err)
 		err = dnsConf.DownloadRootKey(uid, gid)
 		e.FatalOnError(err)
 		err = dnsConf.MakeUnboundConf(allSettings.DNS, uid, gid)
 		e.FatalOnError(err)
 		stream, waitFn, err := dnsConf.Start(allSettings.DNS.VerbosityDetailsLevel)
 		e.FatalOnError(err)
 		go func() {
 			e.FatalOnError(waitFn())
 		}()
 		go streamMerger.Merge("unbound", stream)
 		dnsConf.UseDNSInternally(net.IP{127, 0, 0, 1})       // use Unbound
 		err = dnsConf.UseDNSSystemWide(net.IP{127, 0, 0, 1}) // use Unbound
 		e.FatalOnError(err)
 		err = dnsConf.WaitForUnbound()
 		e.FatalOnError(err)
 	}
 	VPNIPs, port, err := piaConf.BuildConf(allSettings.PIA.Region, allSettings.OpenVPN.NetworkProtocol, allSettings.PIA.Encryption, uid, gid)
 	e.FatalOnError(err)
 	defaultInterface, defaultGateway, defaultSubnet, err := firewallConf.GetDefaultRoute()
 	e.FatalOnError(err)
 	err = firewallConf.AddRoutesVia(allSettings.Firewall.AllowedSubnets, defaultGateway, defaultInterface)
 	e.FatalOnError(err)
 	err = firewallConf.Clear()
 	e.FatalOnError(err)
 	err = firewallConf.BlockAll()
 	e.FatalOnError(err)
 	err = firewallConf.CreateGeneralRules()
 	e.FatalOnError(err)
 	err = firewallConf.CreateVPNRules(constants.TUN, VPNIPs, defaultInterface, port, allSettings.OpenVPN.NetworkProtocol)
 	e.FatalOnError(err)
 	err = firewallConf.CreateLocalSubnetsRules(defaultSubnet, allSettings.Firewall.AllowedSubnets, defaultInterface)
 	e.FatalOnError(err)
 	if allSettings.TinyProxy.Enabled {
 		err = tinyProxyConf.MakeConf(allSettings.TinyProxy.LogLevel, allSettings.TinyProxy.Port, allSettings.TinyProxy.User, allSettings.TinyProxy.Password, uid, gid)
 		e.FatalOnError(err)
 		err = firewallConf.AllowAnyIncomingOnPort(allSettings.TinyProxy.Port)
 		e.FatalOnError(err)
 		stream, waitFn, err := tinyProxyConf.Start()
 		e.FatalOnError(err)
 		go func() {
 			if err := waitFn(); err != nil {
 				logger.Error(err)
 			}
 		}()
 		go streamMerger.Merge("tinyproxy", stream)
 	}
 	if allSettings.ShadowSocks.Enabled {
 		err = shadowsocksConf.MakeConf(allSettings.ShadowSocks.Port, allSettings.ShadowSocks.Password, uid, gid)
 		e.FatalOnError(err)
 		err = firewallConf.AllowAnyIncomingOnPort(allSettings.ShadowSocks.Port)
 		e.FatalOnError(err)
 		stream, waitFn, err := shadowsocksConf.Start("0.0.0.0", allSettings.ShadowSocks.Port, allSettings.ShadowSocks.Password, allSettings.ShadowSocks.Log)
 		e.FatalOnError(err)
 		go func() {
 			if err := waitFn(); err != nil {
 				logger.Error(err)
 			}
 		}()
 		go streamMerger.Merge("shadowsocks", stream)
 	}
 	if allSettings.PIA.PortForwarding.Enabled {
 		time.AfterFunc(10*time.Second, func() {
 			port, err := piaConf.GetPortForward()
 			if err != nil {
 				logger.Error("port forwarding:", err)
 			}
 			if err := piaConf.WritePortForward(allSettings.PIA.PortForwarding.Filepath, port); err != nil {
 				logger.Error("port forwarding:", err)
 			}
 			if err := piaConf.AllowPortForwardFirewall(constants.TUN, port); err != nil {
 				logger.Error("port forwarding:", err)
 			}
 		})
 	}
 	stream, waitFn, err := ovpnConf.Start()
 	e.FatalOnError(err)
 	go streamMerger.Merge("openvpn", stream)
 	go signals.WaitForExit(func(signal string) int {
 		logger.Warn("Caught OS signal %s, shutting down", signal)
 		time.Sleep(100 * time.Millisecond) // wait for other processes to exit
 		return 0
 	})
 	e.FatalOnError(waitFn())
 }
--- a/doc/paypal.jpg
+++ b/doc/paypal.jpg
--- a/doc/sponsors.jpg
+++ b/doc/sponsors.jpg
--- a/doc/windscribe.jpg
+++ b/doc/windscribe.jpg
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,37 +1,41 @@
 version: "3.7"
 services:
-  pia:
+  gluetun:
    build: https://github.com/qdm12/private-internet-access-docker.git
    image: qmcgaw/private-internet-access
-    container_name: pia
+    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    init: true
    ports:
-      - 8888:8888/tcp
+      - 8888:8888/tcp # Tinyproxy
-      - 8388:8388/tcp
+      - 8388:8388/tcp # Shadowsocks
-      - 8388:8388/udp
+      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control server
    # command:
    volumes:
      - /yourpath:/gluetun
    environment:
      # More variables are available, see the readme table
      - VPNSP=private internet access
      # Timezone for accurate logs times
      - TZ=
      # All VPN providers
      - USER=js89ds7
      # All VPN providers but Mullvad
      - PASSWORD=8fd9s239G
-      - ENCRYPTION=strong
+
-      - PROTOCOL=udp
+      # Cyberghost only
-      - REGION=CA Montreal
+      - CLIENT_KEY=
-      - DOT=on
+
-      - DOT_PROVIDERS=cloudflare
+      # All VPN providers but Mullvad
-      - BLOCK_MALICIOUS=on
+      - REGION=Austria
-      - BLOCK_SURVEILLANCE=off
+
-      - BLOCK_ADS=off
+      # Mullvad only
-      - UNBLOCK=
+      - COUNTRY=Sweden
      # Allow for example your LAN, set to: 192.168.1.0/24
      - EXTRA_SUBNETS=
      - TINYPROXY=off
      - TINYPROXY_LOG=Info
      - TINYPROXY_USER=
      - TINYPROXY_PASSWORD=
      - SHADOWSOCKS=off
      - SHADOWSOCKS_LOG=on
      - SHADOWSOCKS_PORT=8388
      - SHADOWSOCKS_PASSWORD=
    restart: always
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,13 @@
-module github.com/qdm12/private-internet-access-docker
+module github.com/qdm12/gluetun
-go 1.13
+go 1.15
 require (
-	github.com/kyokomi/emoji v2.1.0+incompatible
+	github.com/fatih/color v1.9.0
-	github.com/qdm12/golibs v0.0.0-20200208153322-66b2eb719e21
+	github.com/golang/mock v1.4.4
-	github.com/stretchr/testify v1.4.0
+	github.com/kyokomi/emoji v2.2.4+incompatible
-	golang.org/x/sys v0.0.0-20190412213103-97732733099d
+	github.com/qdm12/golibs v0.0.0-20200712151944-a0325873bf5a
 	github.com/qdm12/ss-server v0.0.0-20200819005413-6b516c299307
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed
 )
--- a/go.sum
+++ b/go.sum
@@ -10,6 +10,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb h1:D4uzjWwKYQ5XnAvUbuvHW93esHg7F8N/OYeBBcJoTr0=
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
@@ -35,6 +37,10 @@ github.com/go-openapi/swag v0.17.0 h1:iqrgMg7Q7SvtbWLlltPrkMs0UBJI6oTSs79JFRUi88
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/validate v0.17.0 h1:pqoViQz3YLOGIhAmD0N4Lt6pa/3Gnj3ymKqQwq8iS6U=
 github.com/go-openapi/validate v0.17.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/golang/mock v1.4.3 h1:GV+pQPG/EUUbkh47niozDcADz6go/dUwhVzdUQHIVRw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -46,10 +52,15 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kyokomi/emoji v2.1.0+incompatible h1:+DYU2RgpI6OHG4oQkM5KlqD3Wd3UPEsX8jamTo1Mp6o=
+github.com/kyokomi/emoji v2.2.4+incompatible h1:np0woGKwx9LiHAQmwZx79Oc0rHpNw3o+3evou4BEPv4=
-github.com/kyokomi/emoji v2.1.0+incompatible/go.mod h1:mZ6aGCD7yk8j6QY6KICwnZ2pxoszVseX1DNoGtU2tBA=
+github.com/kyokomi/emoji v2.2.4+incompatible/go.mod h1:mZ6aGCD7yk8j6QY6KICwnZ2pxoszVseX1DNoGtU2tBA=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329 h1:2gxZ0XQIU/5z3Z3bUBu+FXuk2pFbkN6tcwi/pjyaDic=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mr-tron/base58 v1.1.3 h1:v+sk57XuaCKGXpWtVBX8YJzO7hMGx4Aajh4TQbdEFdc=
@@ -61,8 +72,12 @@ github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/qdm12/golibs v0.0.0-20200208153322-66b2eb719e21 h1:Nza/Ar6tPYhDzkiNzbaJZHl4+GUXTqbtjGXuWenkqpQ=
+github.com/qdm12/golibs v0.0.0-20200712151944-a0325873bf5a h1:IyS72qFm+iXipadmUKXmpJScKXXK2GrD8yYfxXsnIYs=
-github.com/qdm12/golibs v0.0.0-20200208153322-66b2eb719e21/go.mod h1:YULaFjj6VGmhjak6f35sUWwEleHUmngN5IQ3kdvd6XE=
+github.com/qdm12/golibs v0.0.0-20200712151944-a0325873bf5a/go.mod h1:pikkTN7g7zRuuAnERwqW1yAFq6pYmxrxpjiwGvb0Ysc=
 github.com/qdm12/ss-server v0.0.0-20200819005413-6b516c299307 h1:+LhVxIKpZgUM8ZcopIuc3Yjk+p76dWRdYLQiAA7caZM=
 github.com/qdm12/ss-server v0.0.0-20200819005413-6b516c299307/go.mod h1:ABVUkxubboL3vqBkOwDV9glX1/x7SnYrckBe5d+M/zw=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -70,6 +85,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 go.uber.org/atomic v1.5.0 h1:OI5t8sDa1Or+q8AeE+yKeB/SDYioSHAgcVljj9JIETY=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/multierr v1.3.0 h1:sFPn2GLc3poCkfrpIXGhBD2X0CMIo4Q/zSULXrj/+uc=
@@ -81,6 +98,8 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -91,11 +110,17 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwL
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5 h1:hKsoRgsbwY1NafxrwTs+k64bikrLBkAgPir1TNCj3Zs=
@@ -109,5 +134,9 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/internal/alpine/alpine.go
+++ b/internal/alpine/alpine.go
@@ -0,0 +1,25 @@
 package alpine
 import (
 	"os/user"
 	"github.com/qdm12/golibs/files"
 )
 type Configurator interface {
 	CreateUser(username string, uid int) error
 }
 type configurator struct {
 	fileManager files.FileManager
 	lookupUID   func(uid string) (*user.User, error)
 	lookupUser  func(username string) (*user.User, error)
 }
 func NewConfigurator(fileManager files.FileManager) Configurator {
 	return &configurator{
 		fileManager: fileManager,
 		lookupUID:   user.LookupId,
 		lookupUser:  user.Lookup,
 	}
 }
--- a/internal/alpine/users.go
+++ b/internal/alpine/users.go
@@ -0,0 +1,38 @@
 package alpine
 import (
 	"fmt"
 	"os/user"
 )
 // CreateUser creates a user in Alpine with the given UID
 func (c *configurator) CreateUser(username string, uid int) error {
 	UIDStr := fmt.Sprintf("%d", uid)
 	u, err := c.lookupUID(UIDStr)
 	_, unknownUID := err.(user.UnknownUserIdError)
 	if err != nil && !unknownUID {
 		return fmt.Errorf("cannot create user: %w", err)
 	} else if u != nil {
 		if u.Username == username {
 			return nil
 		}
 		return fmt.Errorf("user with ID %d exists with username %q instead of %q", uid, u.Username, username)
 	}
 	u, err = c.lookupUser(username)
 	_, unknownUsername := err.(user.UnknownUserError)
 	if err != nil && !unknownUsername {
 		return fmt.Errorf("cannot create user: %w", err)
 	} else if u != nil {
 		return fmt.Errorf("cannot create user: user with name %s already exists for ID %s instead of %d", username, u.Uid, uid)
 	}
 	passwd, err := c.fileManager.ReadFile("/etc/passwd")
 	if err != nil {
 		return fmt.Errorf("cannot create user: %w", err)
 	}
 	passwd = append(passwd, []byte(fmt.Sprintf("%s:x:%d:::/dev/null:/sbin/nologin\n", username, uid))...)
 	if err := c.fileManager.WriteToFile("/etc/passwd", passwd); err != nil {
 		return fmt.Errorf("cannot create user: %w", err)
 	}
 	return nil
 }
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -0,0 +1,138 @@
 package cli
 import (
 	"context"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/params"
 	"github.com/qdm12/gluetun/internal/provider"
 	"github.com/qdm12/gluetun/internal/settings"
 	"github.com/qdm12/gluetun/internal/storage"
 	"github.com/qdm12/gluetun/internal/updater"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/golibs/logging"
 )
 func ClientKey(args []string) error {
 	flagSet := flag.NewFlagSet("clientkey", flag.ExitOnError)
 	filepath := flagSet.String("path", "/files/client.key", "file path to the client.key file")
 	if err := flagSet.Parse(args); err != nil {
 		return err
 	}
 	fileManager := files.NewFileManager()
 	data, err := fileManager.ReadFile(*filepath)
 	if err != nil {
 		return err
 	}
 	s := string(data)
 	s = strings.ReplaceAll(s, "\n", "")
 	s = strings.ReplaceAll(s, "\r", "")
 	s = strings.TrimPrefix(s, "-----BEGIN PRIVATE KEY-----")
 	s = strings.TrimSuffix(s, "-----END PRIVATE KEY-----")
 	fmt.Println(s)
 	return nil
 }
 func HealthCheck() error {
 	client := &http.Client{Timeout: time.Second}
 	response, err := client.Get("http://localhost:8000/health")
 	if err != nil {
 		return err
 	}
 	defer response.Body.Close()
 	if response.StatusCode == http.StatusOK {
 		return nil
 	}
 	b, err := ioutil.ReadAll(response.Body)
 	if err != nil {
 		return err
 	}
 	return fmt.Errorf("HTTP status code %s with message: %s", response.Status, string(b))
 }
 func OpenvpnConfig() error {
 	logger, err := logging.NewLogger(logging.ConsoleEncoding, logging.InfoLevel, -1)
 	if err != nil {
 		return err
 	}
 	paramsReader := params.NewReader(logger, files.NewFileManager())
 	allSettings, err := settings.GetAllSettings(paramsReader)
 	if err != nil {
 		return err
 	}
 	allServers, err := storage.New(logger).SyncServers(constants.GetAllServers(), false)
 	if err != nil {
 		return err
 	}
 	providerConf := provider.New(allSettings.OpenVPN.Provider.Name, allServers, time.Now)
 	connection, err := providerConf.GetOpenVPNConnection(allSettings.OpenVPN.Provider.ServerSelection)
 	if err != nil {
 		return err
 	}
 	lines := providerConf.BuildConf(
 		connection,
 		allSettings.OpenVPN.Verbosity,
 		allSettings.System.UID,
 		allSettings.System.GID,
 		allSettings.OpenVPN.Root,
 		allSettings.OpenVPN.Cipher,
 		allSettings.OpenVPN.Auth,
 		allSettings.OpenVPN.Provider.ExtraConfigOptions,
 	)
 	fmt.Println(strings.Join(lines, "\n"))
 	return nil
 }
 func Update(args []string) error {
 	options := updater.Options{CLI: true}
 	var flushToFile bool
 	flagSet := flag.NewFlagSet("update", flag.ExitOnError)
 	flagSet.BoolVar(&flushToFile, "file", false, "Write results to /gluetun/servers.json (for end users)")
 	flagSet.BoolVar(&options.Stdout, "stdout", false, "Write results to console to modify the program (for maintainers)")
 	flagSet.StringVar(&options.DNSAddress, "dns", "1.1.1.1", "DNS resolver address to use")
 	flagSet.BoolVar(&options.Cyberghost, "cyberghost", false, "Update Cyberghost servers")
 	flagSet.BoolVar(&options.Mullvad, "mullvad", false, "Update Mullvad servers")
 	flagSet.BoolVar(&options.Nordvpn, "nordvpn", false, "Update Nordvpn servers")
 	flagSet.BoolVar(&options.PIA, "pia", false, "Update Private Internet Access post-summer 2020 servers")
 	flagSet.BoolVar(&options.PIAold, "piaold", false, "Update Private Internet Access pre-summer 2020 servers")
 	flagSet.BoolVar(&options.Purevpn, "purevpn", false, "Update Purevpn servers")
 	flagSet.BoolVar(&options.Surfshark, "surfshark", false, "Update Surfshark servers")
 	flagSet.BoolVar(&options.Vyprvpn, "vyprvpn", false, "Update Vyprvpn servers")
 	flagSet.BoolVar(&options.Windscribe, "windscribe", false, "Update Windscribe servers")
 	if err := flagSet.Parse(args); err != nil {
 		return err
 	}
 	logger, err := logging.NewLogger(logging.ConsoleEncoding, logging.InfoLevel, -1)
 	if err != nil {
 		return err
 	}
 	if !flushToFile && !options.Stdout {
 		return fmt.Errorf("at least one of -file or -stdout must be specified")
 	}
 	ctx := context.Background()
 	httpClient := &http.Client{Timeout: 10 * time.Second}
 	storage := storage.New(logger)
 	const writeSync = false
 	currentServers, err := storage.SyncServers(constants.GetAllServers(), writeSync)
 	if err != nil {
 		return fmt.Errorf("cannot update servers: %w", err)
 	}
 	updater := updater.New(options, httpClient, currentServers, logger)
 	allServers, err := updater.UpdateServers(ctx)
 	if err != nil {
 		return err
 	}
 	if flushToFile {
 		if err := storage.FlushToFile(allServers); err != nil {
 			return fmt.Errorf("cannot update servers: %w", err)
 		}
 	}
 	return nil
 }
--- a/internal/constants/colors.go
+++ b/internal/constants/colors.go
@@ -0,0 +1,23 @@
 package constants
 import "github.com/fatih/color"
 func ColorUnbound() *color.Color {
 	return color.New(color.FgCyan)
 }
 func ColorTinyproxy() *color.Color {
 	return color.New(color.FgHiGreen)
 }
 func ColorShadowsocks() *color.Color {
 	return color.New(color.FgHiYellow)
 }
 func ColorShadowsocksError() *color.Color {
 	return color.New(color.FgHiRed)
 }
 func ColorOpenvpn() *color.Color {
 	return color.New(color.FgHiMagenta)
 }
--- a/internal/constants/cyberghost.go
+++ b/internal/constants/cyberghost.go
@@ -0,0 +1,230 @@
 package constants
 import (
 	"net"
 	"sort"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	CyberghostCertificate       = "MIIGWjCCBEKgAwIBAgIJAJxUG61mxDS7MA0GCSqGSIb3DQEBDQUAMHsxCzAJBgNVBAYTAlJPMRIwEAYDVQQHEwlCdWNoYXJlc3QxGDAWBgNVBAoTD0N5YmVyR2hvc3QgUy5BLjEbMBkGA1UEAxMSQ3liZXJHaG9zdCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGN5YmVyZ2hvc3Qucm8wHhcNMTcwNjE5MDgxNzI1WhcNMzcwNjE0MDgxNzI1WjB7MQswCQYDVQQGEwJSTzESMBAGA1UEBxMJQnVjaGFyZXN0MRgwFgYDVQQKEw9DeWJlckdob3N0IFMuQS4xGzAZBgNVBAMTEkN5YmVyR2hvc3QgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5mb0BjeWJlcmdob3N0LnJvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7O8+mji2FlQhJXn/G4VLrKPjGtxgQBAdjo0dZEQzKX08q14dLkslmOLgShStWKrOiLXGAvB1rPvvk613jtA0KjQLpgyLy9lIWohQKYjj5jrJYXMZMkbSHBYI9L8L7iezBEFYrjYKdDo51nq99wRFhKdbyKKjDh3e2L2SVEZLT1ogkK5gWzjvH+mjjtjUUicK+YjGwWOz6I+KKaG4Ve/D/cE6nCLbhHIMMnargZEu7sqA6BFeS4kEP/ZdCZoTSX2n43XV1q63nJt/v0KDetbZDciFVW9h9SVPG4qT44p0550N+Mom7zTX7S/ID5T9dplgU8sRGtIMrG0cIMD9zmpFgUnMusCrR7jJFr0sMAveTbgZg95LmstV6R6WKZkSFdUrE0DHl4dHoZvTFX+1LhwhHgjgDLaosX0vhG/C/7LpoVWimd6RRQT3M9o4Fa1TuhfvBzQ20QHrmRV/yKvGNK0xckZ6EZ/QY7Z55ORU15Tgab4ebnblYPWoEmn0mIYP3LFFeoR5OS1EX7+j4kPv+bwPGsmpHjxmZyq2Y7sJBpbOCJgbkn52WZdPBIRDpPdIHQ8pAJC4T0iMK9xvAwWNl/V6EYYNpR97osyEDXn+BTdAHlhJ5fck9KlwI9mb1Kg1bhbvbmaIAiOLenSULYf3j6rI1ygo3R2cCyybtuAq8M7z0OECAwEAAaOB4DCB3TAdBgNVHQ4EFgQU6tdK1g/He5qzjeAoM5eHt4in9iUwga0GA1UdIwSBpTCBooAU6tdK1g/He5qzjeAoM5eHt4in9iWhf6R9MHsxCzAJBgNVBAYTAlJPMRIwEAYDVQQHEwlCdWNoYXJlc3QxGDAWBgNVBAoTD0N5YmVyR2hvc3QgUy5BLjEbMBkGA1UEAxMSQ3liZXJHaG9zdCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGN5YmVyZ2hvc3Qucm+CCQCcVButZsQ0uzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQDNyQ92kj4qiNjnHk99qvnFw9qGfwB9ofaPL74zh0G5hEe3Wgb2o4fqUGnvUNgOu53gJksz3DcPQ8t40wfmm9I1Z8tiM9qrqvkuQ+nKcLgdooXtEsTybPIYDZ2cWR/5E0TKRvC7RFzKgQ4D77Vbi4TdaHiDV7ZNfU1iLCoBGcYm80hcUHEs5KIVLwUmcSOTmbZBySJxcSD0yUpS7nlZGwLY6VQrU+JFwDSisbXT4DXf3iSzp7FzW0/u/SFvWsPHrjE0hkPoZPalYvouaJEHKAhip0ZwSmitlxbBnmm8+K/3c9mLA5/uXrirfpuhhs8V3lyV2mczVtSiTl6gpi88gc//JY80JeHdupjO25T3XEzY9cpxecmkWaUEjLMx4wVoXQuUiPonfILM6OLwi+zUS8gQErdFeGvcQXbncPa4SdJuHkF8lgiX2i8S8fPGdXvU37E9bdAXwP5nZriYq1s0D59Qfvz+vLXVkmyZp6ztxjKjKolemPMak0Y5c1Q4RjNF6tmQoFuy/ACSkWy14Tzu2dFp7UiVbGg1FOvKhfs48zC2/IUQv1arqmPT/9LVq3B2DVT9UKXRUXX/f/jSSsVjkz4uUe2jUyL+XHX1nSmROTPHSAJ+oKf0BLnfqUxFkEUTwLnayssP2nwGgq35b7wEbTFIXdrjHGFUVQIDeERz8UThew=="
 	CyberghostClientCertificate = "MIIGrDCCBJSgAwIBAgIEAdTnfTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJSTzESMBAGA1UEBxMJQnVjaGFyZXN0MRgwFgYDVQQKEw9DeWJlckdob3N0IFMuQS4xGzAZBgNVBAMTEkN5YmVyR2hvc3QgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5mb0BjeWJlcmdob3N0LnJvMB4XDTIwMDcwNDE1MjkzNloXDTMwMDcwMjE1MjkzNlowfTELMAkGA1UEBhMCUk8xEjAQBgNVBAcMCUJ1Y2hhcmVzdDEYMBYGA1UECgwPQ3liZXJHaG9zdCBTLkEuMR0wGwYDVQQDDBRjLmoua2xhdmVyQGdtYWlsLmNvbTEhMB8GCSqGSIb3DQEJARYSaW5mb0BjeWJlcmdob3N0LnJvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAobp2NlGUHMNBe08YEOnVG3QJjF3ZaXbRhE/II9rmtgJTNZtDohGChvFlNRsExKzVrKxHCeuJkVffwzQ6fYk4/M1RdYLJUh0UVw3e4WdApw8E7TJZxDYm4SHQNXUvt1Rt5TjslcXxIpDZgrMSc/kHROYEL9tdgdzPZErUJehXyJPhEzIrzmAJh501x7WwKPz9ctSVlItyavqEWFF2vyUa6X9DYmD9mQTz5c+VXNO5DkXmPFBIaEVDnvFtcjGJ56yEvFnWVukL+OUX7ezowrIOFOcp9udjgpeiHq+XvsQ6ER0DJt25MiEId3NjkxtZ8BitDftTcLN/kt81hWKT7adMVc3kpIZ80cxrwRCttMd7sHAzKI9u7pMxv10eUOsIEY87ewBe3l6KvEnjA+9uIjim6gLLebDIaEH50Ee9PzNJ8fqQ2u54Ab4bt00/H1sUnJ6Ss/+WsQDOK1BsPRKKcnHZntOlHrs2Tu5+txKNU2cOapI8SjVULUNKrRXASbpfWnLUfri/HO742bJb/TjkOJcOxta3hTPFAhaRWBusVlB41XVHeuH5DAhugYXeSNK6/6Ul8YvKUNH/7QbxuGIGXfth19Xl4QLI1umyEjZopSlt3tOiO2V1soVNSQCCfxXVoCTMESMLjhkjWdmBDhdy2GTW7S4YoJfqVKiS18rYkN7I4ZMCAwEAAaOCATQwggEwMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDQGCWCGSAGG+EIBDQQnFiVDeWJlckdob3N0IEdlbmVyYXRlZCBVc2VyIENlcnRpZmljYXRlMBEGCWCGSAGG+EIBAQQEAwIHgDAdBgNVHQ4EFgQULwUtU5s6pL2NN9gPeEnKX0dhwiswga0GA1UdIwSBpTCBooAU6tdK1g/He5qzjeAoM5eHt4in9iWhf6R9MHsxCzAJBgNVBAYTAlJPMRIwEAYDVQQHEwlCdWNoYXJlc3QxGDAWBgNVBAoTD0N5YmVyR2hvc3QgUy5BLjEbMBkGA1UEAxMSQ3liZXJHaG9zdCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGN5YmVyZ2hvc3Qucm+CCQCcVButZsQ0uzANBgkqhkiG9w0BAQsFAAOCAgEAystGIMYhQWaEdTqlnLCytrr8657t+PuidZMNNIaPB3wN2Fi2xKf14DTg03mqxjmPPb+f+PVNIOV5PdWD4jcQwOP1GEboGV0DFzlRGeAtDcvKwdee4oASJbZq1CETqDaohQTxKEWC+UBk2F36nOaEI6Sab+Mb4cR9//PAwvzOqrXuGF5NuIOX7eFtCMQSgQq6lRRqTQjekm0Dxigx4JA92Jo2qZRwCJ0T3IXBJGL831HCFJbDWv8PV3lsfFb/i2+vr54uywFQVWWp18dYi97gipfuQ4zRg2Ldx5aXSmnhhKpg5ioZvtk043QofF12YORhobElqavRbvvhZvlCouvcuoq9QKi7IPe5SJZkZ1X7ezMesCwBzwFpt6vRUAcslsNFbcYS1iSENlY/PTcDqBhbKuc9yAhq+/aUgaY/8VF5RWVzSRZufbf3BPwOkE4K0UybaobO/YX0JOkCacAD+4tdR6YSXNIMMRAOCBQvxbxFXaHzhwhzBAjdsC56FrJKwXvQrRLU3tF4P0zFMeNTay8uTtUXugDK7EnklLESuYdpUJ8bUMlAUhJBi6UFI9/icMudxXvLRvhnBW9EtKib5JnVFUovcEUt+3EJbyst05nkL4YPjQS4TC9DHdo5SyRAy1TpiOCYTbretAFZRhh6ycUN5hBeN8GMQxiMreMtDV4PEIQ="
 )
 func CyberghostRegionChoices() (choices []string) {
 	uniqueChoices := map[string]struct{}{}
 	for _, server := range CyberghostServers() {
 		uniqueChoices[server.Region] = struct{}{}
 	}
 	for choice := range uniqueChoices {
 		choices = append(choices, choice)
 	}
 	sort.Slice(choices, func(i, j int) bool {
 		return choices[i] < choices[j]
 	})
 	return choices
 }
 func CyberghostGroupChoices() (choices []string) {
 	uniqueChoices := map[string]struct{}{}
 	for _, server := range CyberghostServers() {
 		uniqueChoices[server.Group] = struct{}{}
 	}
 	for choice := range uniqueChoices {
 		choices = append(choices, choice)
 	}
 	sort.Slice(choices, func(i, j int) bool {
 		return choices[i] < choices[j]
 	})
 	return choices
 }
 func CyberghostServers() []models.CyberghostServer {
 	return []models.CyberghostServer{
 		{Region: "Albania", Group: "Premium TCP Europe", IPs: []net.IP{{31, 171, 152, 99}, {31, 171, 152, 102}, {31, 171, 152, 104}, {31, 171, 152, 106}, {31, 171, 152, 107}, {31, 171, 152, 108}, {31, 171, 152, 109}, {31, 171, 152, 133}, {31, 171, 152, 139}, {31, 171, 152, 140}}},
 		{Region: "Albania", Group: "Premium UDP Europe", IPs: []net.IP{{31, 171, 152, 102}, {31, 171, 152, 103}, {31, 171, 152, 105}, {31, 171, 152, 106}, {31, 171, 152, 107}, {31, 171, 152, 109}, {31, 171, 152, 133}, {31, 171, 152, 136}, {31, 171, 152, 138}, {31, 171, 152, 139}}},
 		{Region: "Algeria", Group: "Premium TCP Europe", IPs: []net.IP{{45, 133, 91, 9}, {45, 133, 91, 11}, {45, 133, 91, 12}, {45, 133, 91, 16}, {45, 133, 91, 18}, {45, 133, 91, 19}, {45, 133, 91, 21}, {45, 133, 91, 26}, {45, 133, 91, 27}, {45, 133, 91, 28}}},
 		{Region: "Algeria", Group: "Premium UDP Europe", IPs: []net.IP{{45, 133, 91, 7}, {45, 133, 91, 9}, {45, 133, 91, 12}, {45, 133, 91, 16}, {45, 133, 91, 19}, {45, 133, 91, 20}, {45, 133, 91, 25}, {45, 133, 91, 26}, {45, 133, 91, 27}, {45, 133, 91, 29}}},
 		{Region: "Andorra", Group: "Premium TCP Europe", IPs: []net.IP{{45, 139, 49, 7}, {45, 139, 49, 11}, {45, 139, 49, 27}, {45, 139, 49, 151}, {45, 139, 49, 154}, {45, 139, 49, 158}, {45, 139, 49, 161}, {45, 139, 49, 162}, {45, 139, 49, 165}, {45, 139, 49, 166}}},
 		{Region: "Andorra", Group: "Premium UDP Europe", IPs: []net.IP{{45, 139, 49, 7}, {45, 139, 49, 21}, {45, 139, 49, 28}, {45, 139, 49, 128}, {45, 139, 49, 136}, {45, 139, 49, 146}, {45, 139, 49, 156}, {45, 139, 49, 163}, {45, 139, 49, 165}, {45, 139, 49, 171}}},
 		{Region: "Argentina", Group: "Premium UDP USA", IPs: []net.IP{{190, 106, 130, 19}, {190, 106, 130, 20}, {190, 106, 130, 26}, {190, 106, 130, 34}, {190, 106, 130, 36}, {190, 106, 130, 37}, {190, 106, 130, 38}, {190, 106, 130, 40}, {190, 106, 130, 42}, {190, 106, 130, 43}}},
 		{Region: "Argentina", Group: "Premium TCP USA", IPs: []net.IP{{190, 106, 130, 17}, {190, 106, 130, 18}, {190, 106, 130, 20}, {190, 106, 130, 37}, {190, 106, 130, 38}, {190, 106, 130, 40}, {190, 106, 130, 41}, {190, 106, 130, 42}, {190, 106, 130, 43}, {190, 106, 130, 45}}},
 		{Region: "Armenia", Group: "Premium UDP Europe", IPs: []net.IP{{45, 139, 50, 7}, {45, 139, 50, 9}, {45, 139, 50, 11}, {45, 139, 50, 12}, {45, 139, 50, 17}, {45, 139, 50, 22}, {45, 139, 50, 25}, {45, 139, 50, 27}, {45, 139, 50, 28}, {45, 139, 50, 29}}},
 		{Region: "Armenia", Group: "Premium TCP Europe", IPs: []net.IP{{45, 139, 50, 6}, {45, 139, 50, 11}, {45, 139, 50, 16}, {45, 139, 50, 17}, {45, 139, 50, 18}, {45, 139, 50, 21}, {45, 139, 50, 22}, {45, 139, 50, 24}, {45, 139, 50, 25}, {45, 139, 50, 28}}},
 		{Region: "Australia", Group: "Premium UDP Asia", IPs: []net.IP{{27, 50, 79, 9}, {27, 50, 79, 22}, {27, 50, 79, 23}, {27, 50, 79, 30}, {203, 26, 199, 68}, {203, 26, 199, 73}, {221, 121, 146, 40}, {221, 121, 146, 41}, {221, 121, 146, 55}, {221, 121, 146, 58}}},
 		{Region: "Australia", Group: "Premium TCP Asia", IPs: []net.IP{{27, 50, 79, 19}, {43, 242, 68, 3}, {43, 242, 68, 8}, {43, 242, 68, 11}, {103, 13, 101, 173}, {203, 26, 199, 66}, {221, 121, 146, 34}, {221, 121, 146, 42}, {221, 121, 146, 50}, {221, 121, 146, 52}}},
 		{Region: "Austria", Group: "Premium TCP Europe", IPs: []net.IP{{89, 187, 168, 147}, {89, 187, 168, 148}, {89, 187, 168, 150}, {89, 187, 168, 162}, {89, 187, 168, 165}, {89, 187, 168, 166}, {89, 187, 168, 169}, {89, 187, 168, 172}, {89, 187, 168, 174}, {89, 187, 168, 183}}},
 		{Region: "Austria", Group: "Premium UDP Europe", IPs: []net.IP{{89, 187, 168, 132}, {89, 187, 168, 136}, {89, 187, 168, 138}, {89, 187, 168, 146}, {89, 187, 168, 148}, {89, 187, 168, 163}, {89, 187, 168, 171}, {89, 187, 168, 172}, {89, 187, 168, 179}, {89, 187, 168, 180}}},
 		{Region: "Bahamas", Group: "Premium TCP USA", IPs: []net.IP{{45, 132, 143, 2}, {45, 132, 143, 4}, {45, 132, 143, 6}, {45, 132, 143, 20}, {45, 132, 143, 22}, {45, 132, 143, 23}, {45, 132, 143, 36}, {45, 132, 143, 39}, {45, 132, 143, 46}, {45, 132, 143, 48}}},
 		{Region: "Bahamas", Group: "Premium UDP USA", IPs: []net.IP{{45, 132, 143, 1}, {45, 132, 143, 4}, {45, 132, 143, 5}, {45, 132, 143, 13}, {45, 132, 143, 15}, {45, 132, 143, 17}, {45, 132, 143, 36}, {45, 132, 143, 41}, {45, 132, 143, 42}, {45, 132, 143, 44}}},
 		{Region: "Bangladesh", Group: "Premium UDP Asia", IPs: []net.IP{{45, 132, 142, 1}, {45, 132, 142, 6}, {45, 132, 142, 10}, {45, 132, 142, 11}, {45, 132, 142, 15}, {45, 132, 142, 16}, {45, 132, 142, 19}, {45, 132, 142, 26}, {45, 132, 142, 36}, {45, 132, 142, 47}}},
 		{Region: "Bangladesh", Group: "Premium TCP Asia", IPs: []net.IP{{45, 132, 142, 3}, {45, 132, 142, 4}, {45, 132, 142, 8}, {45, 132, 142, 16}, {45, 132, 142, 21}, {45, 132, 142, 32}, {45, 132, 142, 36}, {45, 132, 142, 37}, {45, 132, 142, 43}, {45, 132, 142, 48}}},
 		{Region: "Belarus", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 194, 7}, {45, 132, 194, 10}, {45, 132, 194, 20}, {45, 132, 194, 22}, {45, 132, 194, 27}, {45, 132, 194, 30}, {45, 132, 194, 38}, {45, 132, 194, 43}, {45, 132, 194, 45}, {45, 132, 194, 50}}},
 		{Region: "Belarus", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 194, 9}, {45, 132, 194, 14}, {45, 132, 194, 20}, {45, 132, 194, 24}, {45, 132, 194, 29}, {45, 132, 194, 32}, {45, 132, 194, 37}, {45, 132, 194, 45}, {45, 132, 194, 46}, {45, 132, 194, 48}}},
 		{Region: "Belgium", Group: "Premium UDP Europe", IPs: []net.IP{{5, 253, 205, 20}, {5, 253, 205, 25}, {5, 253, 205, 29}, {37, 120, 143, 168}, {185, 210, 217, 58}, {185, 232, 21, 122}, {185, 232, 21, 124}, {193, 9, 114, 211}, {193, 9, 114, 213}, {193, 9, 114, 216}}},
 		{Region: "Belgium", Group: "Premium TCP Europe", IPs: []net.IP{{5, 253, 205, 23}, {5, 253, 205, 27}, {37, 120, 143, 54}, {37, 120, 143, 60}, {37, 120, 143, 166}, {37, 120, 143, 173}, {185, 210, 217, 51}, {185, 210, 217, 252}, {185, 210, 217, 254}, {193, 9, 114, 227}}},
 		{Region: "Bosnia and Herzegovina", Group: "Premium UDP Europe", IPs: []net.IP{{185, 99, 3, 57}, {185, 99, 3, 58}, {185, 99, 3, 72}, {185, 99, 3, 73}, {185, 99, 3, 74}, {185, 99, 3, 130}, {185, 99, 3, 131}, {185, 99, 3, 134}, {185, 99, 3, 135}, {185, 99, 3, 136}}},
 		{Region: "Bosnia and Herzegovina", Group: "Premium TCP Europe", IPs: []net.IP{{185, 99, 3, 57}, {185, 99, 3, 58}, {185, 99, 3, 72}, {185, 99, 3, 73}, {185, 99, 3, 74}, {185, 99, 3, 130}, {185, 99, 3, 131}, {185, 99, 3, 134}, {185, 99, 3, 135}, {185, 99, 3, 136}}},
 		{Region: "Brazil", Group: "Premium UDP USA", IPs: []net.IP{{45, 231, 207, 71}, {45, 231, 207, 76}, {45, 231, 207, 77}, {177, 67, 81, 165}, {177, 67, 81, 172}, {181, 41, 203, 97}, {181, 41, 203, 99}, {181, 41, 203, 101}, {181, 41, 203, 106}, {181, 41, 203, 109}}},
 		{Region: "Brazil", Group: "Premium TCP USA", IPs: []net.IP{{45, 231, 207, 72}, {45, 231, 207, 74}, {45, 231, 207, 79}, {177, 67, 81, 166}, {177, 67, 81, 169}, {177, 67, 81, 171}, {181, 41, 203, 99}, {181, 41, 203, 106}, {181, 41, 203, 108}, {181, 41, 203, 110}}},
 		{Region: "Bulgaria", Group: "Premium TCP Europe", IPs: []net.IP{{37, 120, 152, 100}, {37, 120, 152, 102}, {37, 120, 152, 103}, {37, 120, 152, 104}, {37, 120, 152, 105}, {37, 120, 152, 106}, {37, 120, 152, 107}, {37, 120, 152, 108}, {37, 120, 152, 109}, {37, 120, 152, 110}}},
 		{Region: "Bulgaria", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 152, 99}, {37, 120, 152, 100}, {37, 120, 152, 101}, {37, 120, 152, 103}, {37, 120, 152, 104}, {37, 120, 152, 105}, {37, 120, 152, 107}, {37, 120, 152, 108}, {37, 120, 152, 109}, {37, 120, 152, 110}}},
 		{Region: "Cambodia", Group: "Premium UDP Asia", IPs: []net.IP{{188, 215, 235, 35}, {188, 215, 235, 36}, {188, 215, 235, 37}, {188, 215, 235, 45}, {188, 215, 235, 47}, {188, 215, 235, 48}, {188, 215, 235, 49}, {188, 215, 235, 53}, {188, 215, 235, 55}, {188, 215, 235, 56}}},
 		{Region: "Cambodia", Group: "Premium TCP Asia", IPs: []net.IP{{188, 215, 235, 36}, {188, 215, 235, 37}, {188, 215, 235, 38}, {188, 215, 235, 40}, {188, 215, 235, 41}, {188, 215, 235, 43}, {188, 215, 235, 47}, {188, 215, 235, 49}, {188, 215, 235, 55}, {188, 215, 235, 56}}},
 		{Region: "Canada", Group: "Premium UDP USA", IPs: []net.IP{{37, 120, 130, 145}, {37, 120, 130, 180}, {37, 120, 130, 203}, {37, 120, 205, 27}, {37, 120, 205, 30}, {89, 47, 234, 117}, {139, 28, 218, 94}, {176, 113, 74, 199}, {176, 113, 74, 205}, {176, 113, 74, 212}}},
 		{Region: "Canada", Group: "Premium TCP USA", IPs: []net.IP{{37, 120, 130, 173}, {37, 120, 130, 203}, {37, 120, 130, 210}, {37, 120, 205, 8}, {89, 47, 234, 88}, {104, 245, 145, 169}, {139, 28, 218, 88}, {176, 113, 74, 70}, {176, 113, 74, 89}, {176, 113, 74, 195}}},
 		{Region: "Chile", Group: "Premium UDP USA", IPs: []net.IP{{190, 105, 239, 129}, {190, 105, 239, 130}, {190, 105, 239, 131}, {190, 105, 239, 132}, {190, 105, 239, 133}, {190, 105, 239, 134}, {190, 105, 239, 135}, {190, 105, 239, 136}, {190, 105, 239, 137}, {190, 105, 239, 138}}},
 		{Region: "Chile", Group: "Premium TCP USA", IPs: []net.IP{{190, 105, 239, 129}, {190, 105, 239, 130}, {190, 105, 239, 131}, {190, 105, 239, 132}, {190, 105, 239, 133}, {190, 105, 239, 134}, {190, 105, 239, 135}, {190, 105, 239, 136}, {190, 105, 239, 137}, {190, 105, 239, 138}}},
 		{Region: "China", Group: "Premium TCP Asia", IPs: []net.IP{{45, 132, 193, 2}, {45, 132, 193, 3}, {45, 132, 193, 7}, {45, 132, 193, 10}, {45, 132, 193, 13}, {45, 132, 193, 15}, {45, 132, 193, 20}, {45, 132, 193, 31}, {45, 132, 193, 41}, {45, 132, 193, 47}}},
 		{Region: "China", Group: "Premium UDP Asia", IPs: []net.IP{{45, 132, 193, 7}, {45, 132, 193, 14}, {45, 132, 193, 23}, {45, 132, 193, 26}, {45, 132, 193, 30}, {45, 132, 193, 36}, {45, 132, 193, 44}, {45, 132, 193, 45}, {45, 132, 193, 46}, {45, 132, 193, 48}}},
 		{Region: "Colombia", Group: "Premium TCP USA", IPs: []net.IP{{190, 105, 229, 19}, {190, 105, 229, 20}, {190, 105, 229, 21}, {190, 105, 229, 22}}},
 		{Region: "Colombia", Group: "Premium UDP USA", IPs: []net.IP{{190, 105, 229, 19}, {190, 105, 229, 20}, {190, 105, 229, 21}, {190, 105, 229, 22}}},
 		{Region: "Costa Rica", Group: "Premium TCP USA", IPs: []net.IP{{143, 202, 160, 67}, {143, 202, 160, 68}, {143, 202, 160, 70}, {143, 202, 160, 71}, {143, 202, 160, 72}, {143, 202, 160, 73}, {143, 202, 160, 74}, {143, 202, 160, 75}, {143, 202, 160, 77}, {143, 202, 160, 78}}},
 		{Region: "Costa Rica", Group: "Premium UDP USA", IPs: []net.IP{{143, 202, 160, 67}, {143, 202, 160, 68}, {143, 202, 160, 69}, {143, 202, 160, 70}, {143, 202, 160, 71}, {143, 202, 160, 72}, {143, 202, 160, 73}, {143, 202, 160, 74}, {143, 202, 160, 75}, {143, 202, 160, 76}}},
 		{Region: "Cyprus", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 137, 7}, {45, 132, 137, 9}, {45, 132, 137, 11}, {45, 132, 137, 13}, {45, 132, 137, 20}, {45, 132, 137, 23}, {45, 132, 137, 26}, {45, 132, 137, 27}, {45, 132, 137, 28}, {45, 132, 137, 29}}},
 		{Region: "Cyprus", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 137, 7}, {45, 132, 137, 10}, {45, 132, 137, 14}, {45, 132, 137, 15}, {45, 132, 137, 17}, {45, 132, 137, 18}, {45, 132, 137, 21}, {45, 132, 137, 24}, {45, 132, 137, 27}, {45, 132, 137, 29}}},
 		{Region: "Czech Republic", Group: "Premium UDP Europe", IPs: []net.IP{{185, 216, 35, 227}, {185, 216, 35, 232}, {185, 216, 35, 236}, {195, 181, 161, 5}, {195, 181, 161, 6}, {195, 181, 161, 7}, {195, 181, 161, 10}, {195, 181, 161, 12}, {195, 181, 161, 15}, {195, 181, 161, 19}}},
 		{Region: "Czech Republic", Group: "Premium TCP Europe", IPs: []net.IP{{185, 216, 35, 230}, {185, 216, 35, 232}, {185, 216, 35, 236}, {195, 181, 161, 4}, {195, 181, 161, 8}, {195, 181, 161, 15}, {195, 181, 161, 18}, {195, 181, 161, 20}, {195, 181, 161, 24}, {195, 181, 161, 25}}},
 		{Region: "Denmark", Group: "Premium TCP Europe", IPs: []net.IP{{37, 120, 145, 85}, {37, 120, 145, 90}, {37, 120, 194, 37}, {37, 120, 194, 41}, {95, 174, 65, 164}, {95, 174, 65, 174}, {185, 206, 224, 231}, {185, 206, 224, 235}, {185, 206, 224, 236}, {185, 206, 224, 238}}},
 		{Region: "Denmark", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 145, 86}, {37, 120, 145, 88}, {37, 120, 194, 40}, {37, 120, 194, 42}, {37, 120, 194, 60}, {37, 120, 194, 62}, {95, 174, 65, 170}, {185, 206, 224, 231}, {185, 206, 224, 248}, {185, 206, 224, 250}}},
 		{Region: "Egypt", Group: "Premium TCP Europe", IPs: []net.IP{{188, 214, 122, 40}, {188, 214, 122, 44}, {188, 214, 122, 46}, {188, 214, 122, 47}, {188, 214, 122, 48}, {188, 214, 122, 51}, {188, 214, 122, 52}, {188, 214, 122, 56}, {188, 214, 122, 59}, {188, 214, 122, 60}}},
 		{Region: "Egypt", Group: "Premium UDP Europe", IPs: []net.IP{{188, 214, 122, 40}, {188, 214, 122, 41}, {188, 214, 122, 43}, {188, 214, 122, 46}, {188, 214, 122, 48}, {188, 214, 122, 51}, {188, 214, 122, 52}, {188, 214, 122, 55}, {188, 214, 122, 57}, {188, 214, 122, 60}}},
 		{Region: "Estonia", Group: "Premium UDP Europe", IPs: []net.IP{{77, 247, 111, 3}, {77, 247, 111, 4}, {77, 247, 111, 6}, {77, 247, 111, 9}, {77, 247, 111, 11}, {77, 247, 111, 51}, {77, 247, 111, 53}, {77, 247, 111, 57}, {77, 247, 111, 58}, {77, 247, 111, 62}}},
 		{Region: "Estonia", Group: "Premium TCP Europe", IPs: []net.IP{{77, 247, 111, 4}, {77, 247, 111, 7}, {77, 247, 111, 9}, {77, 247, 111, 10}, {77, 247, 111, 11}, {77, 247, 111, 52}, {77, 247, 111, 53}, {77, 247, 111, 55}, {77, 247, 111, 56}, {77, 247, 111, 57}}},
 		{Region: "Finland", Group: "Premium UDP Europe", IPs: []net.IP{{188, 126, 89, 102}, {188, 126, 89, 103}, {188, 126, 89, 104}, {188, 126, 89, 105}, {188, 126, 89, 112}, {188, 126, 89, 116}, {188, 126, 89, 124}, {188, 126, 89, 131}, {188, 126, 89, 137}, {188, 126, 89, 138}}},
 		{Region: "Finland", Group: "Premium TCP Europe", IPs: []net.IP{{188, 126, 89, 99}, {188, 126, 89, 106}, {188, 126, 89, 113}, {188, 126, 89, 121}, {188, 126, 89, 125}, {188, 126, 89, 131}, {188, 126, 89, 132}, {188, 126, 89, 142}, {188, 126, 89, 146}, {188, 126, 89, 155}}},
 		{Region: "France", Group: "Premium UDP Europe", IPs: []net.IP{{84, 17, 60, 9}, {84, 17, 60, 23}, {84, 17, 60, 28}, {84, 17, 60, 95}, {84, 17, 61, 110}, {84, 17, 61, 162}, {84, 17, 61, 171}, {84, 17, 61, 187}, {151, 106, 12, 248}, {194, 59, 249, 150}}},
 		{Region: "France", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 60, 53}, {84, 17, 60, 59}, {84, 17, 60, 99}, {84, 17, 60, 150}, {84, 17, 61, 53}, {84, 17, 61, 104}, {84, 17, 61, 158}, {84, 17, 61, 203}, {151, 106, 8, 45}, {151, 106, 12, 243}}},
 		{Region: "Georgia", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 138, 7}, {45, 132, 138, 11}, {45, 132, 138, 12}, {45, 132, 138, 13}, {45, 132, 138, 16}, {45, 132, 138, 19}, {45, 132, 138, 20}, {45, 132, 138, 21}, {45, 132, 138, 28}, {45, 132, 138, 29}}},
 		{Region: "Georgia", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 138, 6}, {45, 132, 138, 7}, {45, 132, 138, 8}, {45, 132, 138, 10}, {45, 132, 138, 14}, {45, 132, 138, 15}, {45, 132, 138, 17}, {45, 132, 138, 19}, {45, 132, 138, 22}, {45, 132, 138, 29}}},
 		{Region: "Germany", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 217, 40}, {84, 17, 48, 203}, {84, 17, 49, 94}, {84, 17, 49, 102}, {84, 17, 49, 188}, {154, 28, 188, 30}, {154, 28, 188, 99}, {154, 28, 188, 117}, {154, 28, 188, 131}, {193, 176, 86, 218}}},
 		{Region: "Germany", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 48, 13}, {84, 17, 48, 66}, {84, 17, 48, 72}, {84, 17, 48, 193}, {84, 17, 49, 129}, {154, 28, 188, 45}, {154, 28, 188, 58}, {154, 28, 188, 109}, {193, 176, 86, 215}, {212, 103, 50, 69}}},
 		{Region: "Greece", Group: "Premium UDP Europe", IPs: []net.IP{{154, 57, 3, 130}, {154, 57, 3, 131}, {154, 57, 3, 133}, {154, 57, 3, 134}, {154, 57, 3, 137}, {154, 57, 3, 138}, {188, 123, 126, 170}, {188, 123, 126, 174}, {188, 123, 126, 175}, {188, 123, 126, 176}}},
 		{Region: "Greece", Group: "Premium TCP Europe", IPs: []net.IP{{154, 57, 3, 130}, {154, 57, 3, 131}, {154, 57, 3, 133}, {154, 57, 3, 135}, {154, 57, 3, 136}, {154, 57, 3, 140}, {154, 57, 3, 141}, {188, 123, 126, 168}, {188, 123, 126, 174}, {188, 123, 126, 176}}},
 		{Region: "Greenland", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 209, 6}, {45, 131, 209, 8}, {45, 131, 209, 9}, {45, 131, 209, 15}, {45, 131, 209, 19}, {45, 131, 209, 20}, {45, 131, 209, 21}, {45, 131, 209, 25}, {45, 131, 209, 26}, {45, 131, 209, 29}}},
 		{Region: "Greenland", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 209, 7}, {45, 131, 209, 14}, {45, 131, 209, 16}, {45, 131, 209, 17}, {45, 131, 209, 18}, {45, 131, 209, 19}, {45, 131, 209, 20}, {45, 131, 209, 23}, {45, 131, 209, 26}, {45, 131, 209, 27}}},
 		{Region: "Hong Kong", Group: "Premium TCP Asia", IPs: []net.IP{{84, 17, 56, 131}, {84, 17, 56, 136}, {84, 17, 56, 152}, {84, 17, 56, 168}, {84, 17, 56, 170}, {84, 17, 56, 171}, {84, 17, 56, 174}, {84, 17, 56, 179}, {84, 17, 56, 180}, {84, 17, 56, 182}}},
 		{Region: "Hong Kong", Group: "Premium UDP Asia", IPs: []net.IP{{84, 17, 56, 135}, {84, 17, 56, 139}, {84, 17, 56, 140}, {84, 17, 56, 147}, {84, 17, 56, 148}, {84, 17, 56, 153}, {84, 17, 56, 164}, {84, 17, 56, 168}, {84, 17, 56, 179}, {84, 17, 56, 181}}},
 		{Region: "Hungary", Group: "Premium TCP Europe", IPs: []net.IP{{185, 104, 187, 83}, {185, 104, 187, 85}, {185, 104, 187, 89}, {185, 189, 114, 115}, {185, 189, 114, 116}, {185, 189, 114, 117}, {185, 189, 114, 118}, {185, 189, 114, 121}, {185, 189, 114, 124}, {185, 189, 114, 126}}},
 		{Region: "Hungary", Group: "Premium UDP Europe", IPs: []net.IP{{185, 104, 187, 85}, {185, 104, 187, 88}, {185, 104, 187, 91}, {185, 104, 187, 94}, {185, 189, 114, 116}, {185, 189, 114, 119}, {185, 189, 114, 120}, {185, 189, 114, 123}, {185, 189, 114, 124}, {185, 189, 114, 125}}},
 		{Region: "Iceland", Group: "Premium UDP Europe", IPs: []net.IP{{45, 133, 193, 3}, {45, 133, 193, 4}, {45, 133, 193, 5}, {45, 133, 193, 6}, {45, 133, 193, 7}, {45, 133, 193, 8}, {45, 133, 193, 9}, {45, 133, 193, 10}, {45, 133, 193, 12}, {45, 133, 193, 13}}},
 		{Region: "Iceland", Group: "Premium TCP Europe", IPs: []net.IP{{45, 133, 193, 3}, {45, 133, 193, 4}, {45, 133, 193, 5}, {45, 133, 193, 8}, {45, 133, 193, 9}, {45, 133, 193, 10}, {45, 133, 193, 11}, {45, 133, 193, 12}, {45, 133, 193, 13}, {45, 133, 193, 14}}},
 		{Region: "India", Group: "Premium UDP Europe", IPs: []net.IP{{43, 241, 71, 116}, {43, 241, 71, 118}, {43, 241, 71, 119}, {43, 241, 71, 120}, {43, 241, 71, 124}, {43, 241, 71, 125}, {43, 241, 71, 148}, {43, 241, 71, 150}, {43, 241, 71, 154}, {43, 241, 71, 155}}},
 		{Region: "India", Group: "Premium TCP Europe", IPs: []net.IP{{43, 241, 71, 116}, {43, 241, 71, 120}, {43, 241, 71, 121}, {43, 241, 71, 122}, {43, 241, 71, 125}, {43, 241, 71, 148}, {43, 241, 71, 151}, {43, 241, 71, 153}, {43, 241, 71, 155}, {43, 241, 71, 157}}},
 		{Region: "Indonesia", Group: "Premium UDP Asia", IPs: []net.IP{{113, 20, 29, 243}, {113, 20, 29, 244}, {113, 20, 29, 245}, {113, 20, 29, 246}, {113, 20, 29, 247}, {113, 20, 29, 249}, {113, 20, 29, 251}, {113, 20, 29, 252}, {113, 20, 29, 253}, {113, 20, 29, 254}}},
 		{Region: "Indonesia", Group: "Premium TCP Asia", IPs: []net.IP{{113, 20, 29, 243}, {113, 20, 29, 245}, {113, 20, 29, 246}, {113, 20, 29, 248}, {113, 20, 29, 249}, {113, 20, 29, 250}, {113, 20, 29, 251}, {113, 20, 29, 252}, {113, 20, 29, 253}, {113, 20, 29, 254}}},
 		{Region: "Iran", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 4, 10}, {45, 131, 4, 13}, {45, 131, 4, 14}, {45, 131, 4, 15}, {45, 131, 4, 17}, {45, 131, 4, 20}, {45, 131, 4, 21}, {45, 131, 4, 22}, {45, 131, 4, 24}, {45, 131, 4, 28}}},
 		{Region: "Iran", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 4, 7}, {45, 131, 4, 11}, {45, 131, 4, 12}, {45, 131, 4, 13}, {45, 131, 4, 19}, {45, 131, 4, 21}, {45, 131, 4, 26}, {45, 131, 4, 27}, {45, 131, 4, 28}, {45, 131, 4, 29}}},
 		{Region: "Ireland", Group: "Premium TCP Europe", IPs: []net.IP{{77, 81, 139, 36}, {77, 81, 139, 38}, {77, 81, 139, 39}, {77, 81, 139, 40}, {84, 247, 48, 3}, {84, 247, 48, 5}, {84, 247, 48, 11}, {84, 247, 48, 12}, {84, 247, 48, 27}, {84, 247, 48, 28}}},
 		{Region: "Ireland", Group: "Premium UDP Europe", IPs: []net.IP{{77, 81, 139, 42}, {77, 81, 139, 45}, {84, 247, 48, 3}, {84, 247, 48, 6}, {84, 247, 48, 7}, {84, 247, 48, 8}, {84, 247, 48, 20}, {84, 247, 48, 22}, {84, 247, 48, 24}, {84, 247, 48, 29}}},
 		{Region: "Isle of Man", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 140, 7}, {45, 132, 140, 8}, {45, 132, 140, 9}, {45, 132, 140, 11}, {45, 132, 140, 13}, {45, 132, 140, 15}, {45, 132, 140, 18}, {45, 132, 140, 20}, {45, 132, 140, 24}, {45, 132, 140, 25}}},
 		{Region: "Isle of Man", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 140, 7}, {45, 132, 140, 8}, {45, 132, 140, 15}, {45, 132, 140, 20}, {45, 132, 140, 21}, {45, 132, 140, 22}, {45, 132, 140, 23}, {45, 132, 140, 27}, {45, 132, 140, 28}, {45, 132, 140, 29}}},
 		{Region: "Israel", Group: "Premium TCP Europe", IPs: []net.IP{{160, 116, 0, 163}, {160, 116, 0, 165}, {160, 116, 0, 166}, {160, 116, 0, 167}, {160, 116, 0, 169}, {160, 116, 0, 170}, {160, 116, 0, 171}, {160, 116, 0, 172}, {160, 116, 0, 173}, {160, 116, 0, 174}}},
 		{Region: "Israel", Group: "Premium UDP Europe", IPs: []net.IP{{160, 116, 0, 163}, {160, 116, 0, 164}, {160, 116, 0, 165}, {160, 116, 0, 166}, {160, 116, 0, 167}, {160, 116, 0, 168}, {160, 116, 0, 169}, {160, 116, 0, 171}, {160, 116, 0, 172}, {160, 116, 0, 173}}},
 		{Region: "Italy", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 58, 5}, {84, 17, 58, 8}, {84, 17, 58, 22}, {84, 17, 58, 97}, {84, 17, 58, 121}, {87, 101, 94, 119}, {185, 217, 71, 135}, {185, 217, 71, 142}, {185, 217, 71, 147}, {212, 102, 55, 115}}},
 		{Region: "Italy", Group: "Premium UDP Europe", IPs: []net.IP{{84, 17, 58, 9}, {84, 17, 58, 96}, {84, 17, 58, 97}, {84, 17, 58, 105}, {87, 101, 94, 115}, {87, 101, 94, 124}, {185, 217, 71, 135}, {185, 217, 71, 149}, {212, 102, 55, 98}, {212, 102, 55, 122}}},
 		{Region: "Japan", Group: "Premium UDP Asia", IPs: []net.IP{{156, 146, 35, 3}, {156, 146, 35, 6}, {156, 146, 35, 12}, {156, 146, 35, 21}, {156, 146, 35, 25}, {156, 146, 35, 30}, {156, 146, 35, 35}, {156, 146, 35, 39}, {156, 146, 35, 46}, {156, 146, 35, 50}}},
 		{Region: "Japan", Group: "Premium TCP Asia", IPs: []net.IP{{156, 146, 35, 3}, {156, 146, 35, 5}, {156, 146, 35, 17}, {156, 146, 35, 29}, {156, 146, 35, 32}, {156, 146, 35, 35}, {156, 146, 35, 36}, {156, 146, 35, 41}, {156, 146, 35, 47}, {156, 146, 35, 48}}},
 		{Region: "Kazakhstan", Group: "Premium TCP Europe", IPs: []net.IP{{45, 133, 88, 10}, {45, 133, 88, 11}, {45, 133, 88, 13}, {45, 133, 88, 14}, {45, 133, 88, 15}, {45, 133, 88, 17}, {45, 133, 88, 20}, {45, 133, 88, 21}, {45, 133, 88, 27}, {45, 133, 88, 28}}},
 		{Region: "Kazakhstan", Group: "Premium UDP Europe", IPs: []net.IP{{45, 133, 88, 6}, {45, 133, 88, 9}, {45, 133, 88, 11}, {45, 133, 88, 13}, {45, 133, 88, 14}, {45, 133, 88, 17}, {45, 133, 88, 20}, {45, 133, 88, 22}, {45, 133, 88, 25}, {45, 133, 88, 28}}},
 		{Region: "Kenya", Group: "Premium TCP Asia", IPs: []net.IP{{62, 12, 118, 195}, {62, 12, 118, 196}, {62, 12, 118, 197}, {62, 12, 118, 198}, {62, 12, 118, 199}, {62, 12, 118, 200}, {62, 12, 118, 201}, {62, 12, 118, 202}, {62, 12, 118, 203}, {62, 12, 118, 204}}},
 		{Region: "Kenya", Group: "Premium UDP Asia", IPs: []net.IP{{62, 12, 118, 195}, {62, 12, 118, 196}, {62, 12, 118, 197}, {62, 12, 118, 198}, {62, 12, 118, 199}, {62, 12, 118, 200}, {62, 12, 118, 201}, {62, 12, 118, 202}, {62, 12, 118, 203}, {62, 12, 118, 204}}},
 		{Region: "Korea", Group: "Premium UDP Asia", IPs: []net.IP{{27, 255, 75, 233}, {27, 255, 75, 236}, {27, 255, 75, 237}, {27, 255, 75, 244}, {27, 255, 75, 247}, {27, 255, 75, 249}, {27, 255, 75, 250}, {27, 255, 75, 252}, {27, 255, 75, 253}, {27, 255, 75, 254}}},
 		{Region: "Korea", Group: "Premium TCP Asia", IPs: []net.IP{{27, 255, 75, 228}, {27, 255, 75, 231}, {27, 255, 75, 233}, {27, 255, 75, 237}, {27, 255, 75, 243}, {27, 255, 75, 246}, {27, 255, 75, 248}, {27, 255, 75, 250}, {27, 255, 75, 252}, {27, 255, 75, 254}}},
 		{Region: "Latvia", Group: "Premium UDP Europe", IPs: []net.IP{{109, 248, 148, 244}, {109, 248, 148, 246}, {109, 248, 148, 252}, {109, 248, 148, 253}, {109, 248, 149, 19}, {109, 248, 149, 20}, {109, 248, 149, 23}, {109, 248, 149, 24}, {109, 248, 149, 27}, {109, 248, 149, 29}}},
 		{Region: "Latvia", Group: "Premium TCP Europe", IPs: []net.IP{{109, 248, 148, 243}, {109, 248, 148, 244}, {109, 248, 148, 251}, {109, 248, 148, 252}, {109, 248, 148, 254}, {109, 248, 149, 21}, {109, 248, 149, 24}, {109, 248, 149, 25}, {109, 248, 149, 28}, {109, 248, 149, 29}}},
 		{Region: "Liechtenstein", Group: "Premium TCP Europe", IPs: []net.IP{{45, 139, 48, 7}, {45, 139, 48, 8}, {45, 139, 48, 10}, {45, 139, 48, 11}, {45, 139, 48, 13}, {45, 139, 48, 19}, {45, 139, 48, 22}, {45, 139, 48, 24}, {45, 139, 48, 25}, {45, 139, 48, 29}}},
 		{Region: "Liechtenstein", Group: "Premium UDP Europe", IPs: []net.IP{{45, 139, 48, 7}, {45, 139, 48, 12}, {45, 139, 48, 13}, {45, 139, 48, 14}, {45, 139, 48, 16}, {45, 139, 48, 21}, {45, 139, 48, 22}, {45, 139, 48, 23}, {45, 139, 48, 25}, {45, 139, 48, 27}}},
 		{Region: "Lithuania", Group: "Premium UDP Europe", IPs: []net.IP{{85, 206, 162, 209}, {85, 206, 162, 211}, {85, 206, 162, 215}, {85, 206, 162, 218}, {85, 206, 162, 220}, {85, 206, 162, 222}, {85, 206, 165, 18}, {85, 206, 165, 20}, {85, 206, 165, 23}, {85, 206, 165, 26}}},
 		{Region: "Lithuania", Group: "Premium TCP Europe", IPs: []net.IP{{85, 206, 162, 210}, {85, 206, 162, 214}, {85, 206, 162, 215}, {85, 206, 162, 218}, {85, 206, 162, 219}, {85, 206, 162, 220}, {85, 206, 162, 221}, {85, 206, 165, 17}, {85, 206, 165, 18}, {85, 206, 165, 19}}},
 		{Region: "Luxembourg", Group: "Premium UDP Europe", IPs: []net.IP{{5, 253, 204, 8}, {5, 253, 204, 10}, {5, 253, 204, 11}, {5, 253, 204, 14}, {5, 253, 204, 19}, {5, 253, 204, 21}, {5, 253, 204, 23}, {5, 253, 204, 27}, {5, 253, 204, 29}, {5, 253, 204, 30}}},
 		{Region: "Luxembourg", Group: "Premium TCP Europe", IPs: []net.IP{{5, 253, 204, 5}, {5, 253, 204, 9}, {5, 253, 204, 10}, {5, 253, 204, 12}, {5, 253, 204, 13}, {5, 253, 204, 19}, {5, 253, 204, 22}, {5, 253, 204, 26}, {5, 253, 204, 27}, {5, 253, 204, 28}}},
 		{Region: "Macao", Group: "Premium UDP Asia", IPs: []net.IP{{45, 137, 197, 9}, {45, 137, 197, 10}, {45, 137, 197, 12}, {45, 137, 197, 14}, {45, 137, 197, 18}, {45, 137, 197, 25}, {45, 137, 197, 29}, {45, 137, 197, 30}, {45, 137, 197, 33}, {45, 137, 197, 45}}},
 		{Region: "Macao", Group: "Premium TCP Asia", IPs: []net.IP{{45, 137, 197, 1}, {45, 137, 197, 14}, {45, 137, 197, 16}, {45, 137, 197, 17}, {45, 137, 197, 26}, {45, 137, 197, 28}, {45, 137, 197, 30}, {45, 137, 197, 40}, {45, 137, 197, 42}, {45, 137, 197, 48}}},
 		{Region: "Macedonia", Group: "Premium UDP Europe", IPs: []net.IP{{185, 225, 28, 3}, {185, 225, 28, 4}, {185, 225, 28, 5}, {185, 225, 28, 6}, {185, 225, 28, 7}, {185, 225, 28, 8}, {185, 225, 28, 9}, {185, 225, 28, 10}, {185, 225, 28, 11}, {185, 225, 28, 12}}},
 		{Region: "Macedonia", Group: "Premium TCP Europe", IPs: []net.IP{{185, 225, 28, 3}, {185, 225, 28, 4}, {185, 225, 28, 5}, {185, 225, 28, 6}, {185, 225, 28, 7}, {185, 225, 28, 8}, {185, 225, 28, 9}, {185, 225, 28, 10}, {185, 225, 28, 11}, {185, 225, 28, 12}}},
 		{Region: "Malaysia", Group: "Premium UDP Asia", IPs: []net.IP{{139, 5, 177, 69}, {139, 5, 177, 70}, {139, 5, 177, 71}, {139, 5, 177, 72}, {139, 5, 177, 73}, {139, 5, 177, 74}, {139, 5, 177, 75}, {139, 5, 177, 76}, {139, 5, 177, 77}, {139, 5, 177, 78}}},
 		{Region: "Malaysia", Group: "Premium TCP Asia", IPs: []net.IP{{139, 5, 177, 69}, {139, 5, 177, 70}, {139, 5, 177, 71}, {139, 5, 177, 72}, {139, 5, 177, 73}, {139, 5, 177, 74}, {139, 5, 177, 75}, {139, 5, 177, 76}, {139, 5, 177, 77}, {139, 5, 177, 78}}},
 		{Region: "Malta", Group: "Premium UDP Europe", IPs: []net.IP{{45, 137, 198, 9}, {45, 137, 198, 11}, {45, 137, 198, 18}, {45, 137, 198, 20}, {45, 137, 198, 24}, {45, 137, 198, 25}, {45, 137, 198, 26}, {45, 137, 198, 27}, {45, 137, 198, 28}, {45, 137, 198, 29}}},
 		{Region: "Malta", Group: "Premium TCP Europe", IPs: []net.IP{{45, 137, 198, 8}, {45, 137, 198, 10}, {45, 137, 198, 12}, {45, 137, 198, 14}, {45, 137, 198, 17}, {45, 137, 198, 19}, {45, 137, 198, 20}, {45, 137, 198, 22}, {45, 137, 198, 27}, {45, 137, 198, 28}}},
 		{Region: "Mexico", Group: "Premium TCP USA", IPs: []net.IP{{45, 133, 180, 99}, {45, 133, 180, 100}, {45, 133, 180, 103}, {45, 133, 180, 104}, {45, 133, 180, 109}, {45, 133, 180, 115}, {45, 133, 180, 118}, {45, 133, 180, 119}, {45, 133, 180, 120}, {45, 133, 180, 123}}},
 		{Region: "Mexico", Group: "Premium UDP USA", IPs: []net.IP{{45, 133, 180, 101}, {45, 133, 180, 103}, {45, 133, 180, 106}, {45, 133, 180, 107}, {45, 133, 180, 109}, {45, 133, 180, 110}, {45, 133, 180, 119}, {45, 133, 180, 121}, {45, 133, 180, 122}, {45, 133, 180, 123}}},
 		{Region: "Moldova", Group: "Premium TCP Europe", IPs: []net.IP{{178, 175, 130, 243}, {178, 175, 130, 245}, {178, 175, 130, 246}, {178, 175, 130, 250}, {178, 175, 130, 251}, {178, 175, 130, 252}, {178, 175, 130, 254}, {178, 175, 142, 131}, {178, 175, 142, 133}, {178, 175, 142, 134}}},
 		{Region: "Moldova", Group: "Premium UDP Europe", IPs: []net.IP{{178, 175, 130, 243}, {178, 175, 130, 246}, {178, 175, 130, 250}, {178, 175, 130, 251}, {178, 175, 130, 253}, {178, 175, 130, 254}, {178, 175, 142, 131}, {178, 175, 142, 132}, {178, 175, 142, 133}, {178, 175, 142, 134}}},
 		{Region: "Monaco", Group: "Premium TCP Europe", IPs: []net.IP{{45, 137, 199, 6}, {45, 137, 199, 8}, {45, 137, 199, 11}, {45, 137, 199, 12}, {45, 137, 199, 13}, {45, 137, 199, 15}, {45, 137, 199, 16}, {45, 137, 199, 18}, {45, 137, 199, 23}, {45, 137, 199, 26}}},
 		{Region: "Monaco", Group: "Premium UDP Europe", IPs: []net.IP{{45, 137, 199, 6}, {45, 137, 199, 7}, {45, 137, 199, 10}, {45, 137, 199, 12}, {45, 137, 199, 13}, {45, 137, 199, 19}, {45, 137, 199, 20}, {45, 137, 199, 23}, {45, 137, 199, 25}, {45, 137, 199, 29}}},
 		{Region: "Mongolia", Group: "Premium UDP Asia", IPs: []net.IP{{45, 139, 51, 4}, {45, 139, 51, 11}, {45, 139, 51, 12}, {45, 139, 51, 15}, {45, 139, 51, 16}, {45, 139, 51, 27}, {45, 139, 51, 29}, {45, 139, 51, 32}, {45, 139, 51, 46}, {45, 139, 51, 48}}},
 		{Region: "Mongolia", Group: "Premium TCP Asia", IPs: []net.IP{{45, 139, 51, 5}, {45, 139, 51, 7}, {45, 139, 51, 15}, {45, 139, 51, 17}, {45, 139, 51, 18}, {45, 139, 51, 20}, {45, 139, 51, 21}, {45, 139, 51, 39}, {45, 139, 51, 41}, {45, 139, 51, 45}}},
 		{Region: "Montenegro", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 208, 8}, {45, 131, 208, 9}, {45, 131, 208, 10}, {45, 131, 208, 17}, {45, 131, 208, 19}, {45, 131, 208, 20}, {45, 131, 208, 23}, {45, 131, 208, 25}, {45, 131, 208, 26}, {45, 131, 208, 28}}},
 		{Region: "Montenegro", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 208, 6}, {45, 131, 208, 7}, {45, 131, 208, 8}, {45, 131, 208, 9}, {45, 131, 208, 13}, {45, 131, 208, 18}, {45, 131, 208, 21}, {45, 131, 208, 23}, {45, 131, 208, 27}, {45, 131, 208, 29}}},
 		{Region: "Morocco", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 211, 9}, {45, 131, 211, 11}, {45, 131, 211, 12}, {45, 131, 211, 16}, {45, 131, 211, 18}, {45, 131, 211, 19}, {45, 131, 211, 21}, {45, 131, 211, 24}, {45, 131, 211, 27}, {45, 131, 211, 28}}},
 		{Region: "Morocco", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 211, 8}, {45, 131, 211, 14}, {45, 131, 211, 15}, {45, 131, 211, 17}, {45, 131, 211, 19}, {45, 131, 211, 21}, {45, 131, 211, 22}, {45, 131, 211, 23}, {45, 131, 211, 25}, {45, 131, 211, 26}}},
 		{Region: "Netherlands", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 47, 53}, {84, 17, 47, 55}, {84, 17, 47, 64}, {84, 17, 47, 73}, {84, 17, 47, 102}, {84, 17, 47, 107}, {84, 17, 47, 110}, {84, 17, 47, 112}, {139, 28, 217, 200}, {195, 181, 172, 80}}},
 		{Region: "Netherlands", Group: "Premium UDP Europe", IPs: []net.IP{{84, 17, 47, 45}, {84, 17, 47, 68}, {84, 17, 47, 75}, {84, 17, 47, 92}, {84, 17, 47, 105}, {195, 181, 172, 69}, {195, 181, 172, 70}, {195, 181, 172, 77}, {195, 181, 172, 78}, {195, 181, 172, 79}}},
 		{Region: "New Zealand", Group: "Premium TCP Asia", IPs: []net.IP{{114, 141, 194, 2}, {114, 141, 194, 4}, {114, 141, 194, 5}, {114, 141, 194, 7}, {114, 141, 194, 8}, {114, 141, 194, 9}, {114, 141, 194, 10}, {114, 141, 194, 11}, {114, 141, 194, 13}, {114, 141, 194, 14}}},
 		{Region: "New Zealand", Group: "Premium UDP Asia", IPs: []net.IP{{114, 141, 194, 2}, {114, 141, 194, 3}, {114, 141, 194, 4}, {114, 141, 194, 6}, {114, 141, 194, 7}, {114, 141, 194, 8}, {114, 141, 194, 9}, {114, 141, 194, 10}, {114, 141, 194, 12}, {114, 141, 194, 13}}},
 		{Region: "Nigeria", Group: "Premium UDP Europe", IPs: []net.IP{{45, 137, 196, 6}, {45, 137, 196, 10}, {45, 137, 196, 14}, {45, 137, 196, 15}, {45, 137, 196, 17}, {45, 137, 196, 20}, {45, 137, 196, 24}, {45, 137, 196, 26}, {45, 137, 196, 28}, {45, 137, 196, 29}}},
 		{Region: "Nigeria", Group: "Premium TCP Europe", IPs: []net.IP{{45, 137, 196, 6}, {45, 137, 196, 7}, {45, 137, 196, 8}, {45, 137, 196, 15}, {45, 137, 196, 16}, {45, 137, 196, 19}, {45, 137, 196, 23}, {45, 137, 196, 24}, {45, 137, 196, 27}, {45, 137, 196, 28}}},
 		{Region: "Norway", Group: "Premium TCP Europe", IPs: []net.IP{{45, 12, 223, 136}, {45, 12, 223, 139}, {45, 12, 223, 141}, {82, 102, 27, 93}, {185, 206, 225, 230}, {185, 206, 225, 232}, {185, 206, 225, 235}, {185, 253, 97, 235}, {185, 253, 97, 251}, {185, 253, 97, 253}}},
 		{Region: "Norway", Group: "Premium UDP Europe", IPs: []net.IP{{45, 12, 223, 134}, {82, 102, 27, 92}, {185, 206, 225, 29}, {185, 206, 225, 30}, {185, 206, 225, 231}, {185, 206, 225, 233}, {185, 206, 225, 234}, {185, 253, 97, 236}, {185, 253, 97, 243}, {185, 253, 97, 245}}},
 		{Region: "Pakistan", Group: "Premium UDP Europe", IPs: []net.IP{{103, 76, 3, 244}, {103, 76, 3, 245}, {103, 76, 3, 246}, {103, 76, 3, 247}, {103, 76, 3, 248}, {103, 76, 3, 249}, {103, 76, 3, 250}, {103, 76, 3, 251}, {103, 76, 3, 252}, {103, 76, 3, 253}}},
 		{Region: "Pakistan", Group: "Premium TCP Europe", IPs: []net.IP{{103, 76, 3, 244}, {103, 76, 3, 245}, {103, 76, 3, 246}, {103, 76, 3, 247}, {103, 76, 3, 248}, {103, 76, 3, 249}, {103, 76, 3, 250}, {103, 76, 3, 251}, {103, 76, 3, 252}, {103, 76, 3, 253}}},
 		{Region: "Panama", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 210, 6}, {45, 131, 210, 7}, {45, 131, 210, 10}, {45, 131, 210, 13}, {45, 131, 210, 14}, {45, 131, 210, 19}, {45, 131, 210, 24}, {45, 131, 210, 25}, {45, 131, 210, 28}, {45, 131, 210, 29}}},
 		{Region: "Panama", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 210, 7}, {45, 131, 210, 8}, {45, 131, 210, 9}, {45, 131, 210, 10}, {45, 131, 210, 12}, {45, 131, 210, 13}, {45, 131, 210, 16}, {45, 131, 210, 17}, {45, 131, 210, 20}, {45, 131, 210, 24}}},
 		{Region: "Philippines", Group: "Premium UDP Asia", IPs: []net.IP{{188, 214, 125, 35}, {188, 214, 125, 37}, {188, 214, 125, 40}, {188, 214, 125, 41}, {188, 214, 125, 44}, {188, 214, 125, 47}, {188, 214, 125, 54}, {188, 214, 125, 57}, {188, 214, 125, 58}, {188, 214, 125, 59}}},
 		{Region: "Philippines", Group: "Premium TCP Asia", IPs: []net.IP{{188, 214, 125, 35}, {188, 214, 125, 39}, {188, 214, 125, 40}, {188, 214, 125, 43}, {188, 214, 125, 44}, {188, 214, 125, 50}, {188, 214, 125, 57}, {188, 214, 125, 58}, {188, 214, 125, 60}, {188, 214, 125, 62}}},
 		{Region: "Poland", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 156, 8}, {37, 120, 156, 10}, {37, 120, 156, 12}, {37, 120, 156, 13}, {37, 120, 156, 19}, {37, 120, 156, 22}, {37, 120, 156, 23}, {37, 120, 156, 24}, {51, 75, 56, 37}, {51, 75, 56, 44}}},
 		{Region: "Poland", Group: "Premium TCP Europe", IPs: []net.IP{{37, 120, 156, 6}, {37, 120, 156, 8}, {37, 120, 156, 10}, {37, 120, 156, 12}, {37, 120, 156, 13}, {37, 120, 156, 20}, {37, 120, 156, 21}, {37, 120, 156, 27}, {51, 75, 56, 34}, {51, 75, 56, 43}}},
 		{Region: "Portugal", Group: "Premium UDP Europe", IPs: []net.IP{{89, 26, 243, 2}, {89, 26, 243, 98}, {89, 26, 243, 100}, {89, 26, 243, 112}, {89, 26, 243, 113}, {89, 26, 243, 115}, {89, 26, 243, 194}, {89, 26, 243, 195}, {89, 26, 243, 198}, {89, 26, 243, 199}}},
 		{Region: "Portugal", Group: "Premium TCP Europe", IPs: []net.IP{{89, 26, 243, 1}, {89, 26, 243, 98}, {89, 26, 243, 100}, {89, 26, 243, 112}, {89, 26, 243, 113}, {89, 26, 243, 114}, {89, 26, 243, 194}, {89, 26, 243, 195}, {89, 26, 243, 197}, {89, 26, 243, 198}}},
 		{Region: "Qatar", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 7, 6}, {45, 131, 7, 10}, {45, 131, 7, 13}, {45, 131, 7, 15}, {45, 131, 7, 16}, {45, 131, 7, 22}, {45, 131, 7, 24}, {45, 131, 7, 26}, {45, 131, 7, 27}, {45, 131, 7, 28}}},
 		{Region: "Qatar", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 7, 7}, {45, 131, 7, 9}, {45, 131, 7, 13}, {45, 131, 7, 16}, {45, 131, 7, 17}, {45, 131, 7, 18}, {45, 131, 7, 19}, {45, 131, 7, 20}, {45, 131, 7, 26}, {45, 131, 7, 27}}},
 		{Region: "Romania", Group: "NoSpy UDP Europe", IPs: []net.IP{{85, 9, 20, 132}, {85, 9, 20, 133}, {85, 9, 20, 134}, {85, 9, 20, 139}, {85, 9, 20, 144}, {85, 9, 20, 145}, {85, 9, 20, 147}, {85, 9, 20, 148}, {85, 9, 20, 154}, {85, 9, 20, 249}}},
 		{Region: "Romania", Group: "Premium TCP Europe", IPs: []net.IP{{193, 176, 84, 43}, {193, 176, 84, 45}, {193, 176, 84, 47}, {193, 176, 84, 52}, {193, 176, 84, 120}, {193, 176, 85, 79}, {193, 176, 85, 91}, {193, 176, 85, 99}, {193, 176, 85, 105}, {193, 176, 85, 116}}},
 		{Region: "Romania", Group: "NoSpy TCP Europe", IPs: []net.IP{{85, 9, 20, 132}, {85, 9, 20, 134}, {85, 9, 20, 137}, {85, 9, 20, 148}, {85, 9, 20, 149}, {85, 9, 20, 150}, {85, 9, 20, 151}, {85, 9, 20, 155}, {85, 9, 20, 248}, {85, 9, 20, 249}}},
 		{Region: "Romania", Group: "Premium UDP Europe", IPs: []net.IP{{193, 176, 84, 84}, {193, 176, 84, 124}, {193, 176, 84, 126}, {193, 176, 85, 68}, {193, 176, 85, 72}, {193, 176, 85, 81}, {193, 176, 85, 85}, {193, 176, 85, 104}, {193, 176, 85, 108}, {193, 176, 85, 116}}},
 		{Region: "Russian Federation", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 192, 6}, {45, 132, 192, 16}, {45, 132, 192, 28}, {45, 132, 192, 46}, {45, 132, 192, 52}, {45, 132, 192, 57}, {45, 132, 192, 70}, {45, 132, 192, 71}, {45, 132, 192, 76}, {45, 132, 192, 92}}},
 		{Region: "Russian Federation", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 192, 9}, {45, 132, 192, 11}, {45, 132, 192, 22}, {45, 132, 192, 36}, {45, 132, 192, 39}, {45, 132, 192, 44}, {45, 132, 192, 51}, {45, 132, 192, 74}, {45, 132, 192, 79}, {45, 132, 192, 92}}},
 		{Region: "Saudi Arabia", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 6, 6}, {45, 131, 6, 7}, {45, 131, 6, 8}, {45, 131, 6, 15}, {45, 131, 6, 16}, {45, 131, 6, 18}, {45, 131, 6, 19}, {45, 131, 6, 22}, {45, 131, 6, 28}, {45, 131, 6, 29}}},
 		{Region: "Saudi Arabia", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 6, 10}, {45, 131, 6, 11}, {45, 131, 6, 13}, {45, 131, 6, 14}, {45, 131, 6, 16}, {45, 131, 6, 17}, {45, 131, 6, 24}, {45, 131, 6, 25}, {45, 131, 6, 27}, {45, 131, 6, 28}}},
 		{Region: "Serbia", Group: "Premium TCP Europe", IPs: []net.IP{{37, 120, 193, 180}, {37, 120, 193, 181}, {37, 120, 193, 183}, {37, 120, 193, 184}, {37, 120, 193, 186}, {37, 120, 193, 187}, {141, 98, 103, 36}, {141, 98, 103, 38}, {141, 98, 103, 40}, {141, 98, 103, 46}}},
 		{Region: "Serbia", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 193, 181}, {37, 120, 193, 182}, {37, 120, 193, 183}, {37, 120, 193, 187}, {37, 120, 193, 189}, {141, 98, 103, 35}, {141, 98, 103, 36}, {141, 98, 103, 38}, {141, 98, 103, 44}, {141, 98, 103, 45}}},
 		{Region: "Singapore", Group: "Premium UDP Asia", IPs: []net.IP{{84, 17, 39, 162}, {84, 17, 39, 164}, {84, 17, 39, 166}, {84, 17, 39, 167}, {84, 17, 39, 169}, {84, 17, 39, 170}, {84, 17, 39, 174}, {84, 17, 39, 177}, {84, 17, 39, 179}, {84, 17, 39, 182}}},
 		{Region: "Singapore", Group: "Premium TCP Asia", IPs: []net.IP{{84, 17, 39, 163}, {84, 17, 39, 164}, {84, 17, 39, 165}, {84, 17, 39, 168}, {84, 17, 39, 170}, {84, 17, 39, 173}, {84, 17, 39, 177}, {84, 17, 39, 179}, {84, 17, 39, 181}, {84, 17, 39, 184}}},
 		{Region: "Slovakia", Group: "Premium UDP Europe", IPs: []net.IP{{185, 245, 85, 227}, {185, 245, 85, 228}, {185, 245, 85, 229}, {185, 245, 85, 230}, {185, 245, 85, 231}, {185, 245, 85, 232}, {185, 245, 85, 233}, {185, 245, 85, 234}, {185, 245, 85, 235}, {185, 245, 85, 236}}},
 		{Region: "Slovakia", Group: "Premium TCP Europe", IPs: []net.IP{{185, 245, 85, 227}, {185, 245, 85, 228}, {185, 245, 85, 229}, {185, 245, 85, 230}, {185, 245, 85, 231}, {185, 245, 85, 232}, {185, 245, 85, 233}, {185, 245, 85, 234}, {185, 245, 85, 235}, {185, 245, 85, 236}}},
 		{Region: "Slovenia", Group: "Premium UDP Europe", IPs: []net.IP{{146, 247, 25, 79}, {146, 247, 25, 80}, {146, 247, 25, 82}, {146, 247, 25, 83}, {146, 247, 25, 85}, {146, 247, 25, 86}, {146, 247, 25, 87}, {146, 247, 25, 88}, {146, 247, 25, 89}, {146, 247, 25, 90}}},
 		{Region: "Slovenia", Group: "Premium TCP Europe", IPs: []net.IP{{146, 247, 25, 79}, {146, 247, 25, 80}, {146, 247, 25, 81}, {146, 247, 25, 82}, {146, 247, 25, 83}, {146, 247, 25, 84}, {146, 247, 25, 85}, {146, 247, 25, 86}, {146, 247, 25, 87}, {146, 247, 25, 88}}},
 		{Region: "South Africa", Group: "Premium UDP Europe", IPs: []net.IP{{197, 85, 7, 26}, {197, 85, 7, 27}, {197, 85, 7, 28}, {197, 85, 7, 29}, {197, 85, 7, 30}, {197, 85, 7, 31}, {197, 85, 7, 131}, {197, 85, 7, 132}, {197, 85, 7, 133}, {197, 85, 7, 134}}},
 		{Region: "South Africa", Group: "Premium UDP Asia", IPs: []net.IP{{165, 73, 248, 214}, {165, 73, 248, 215}, {165, 73, 248, 216}, {165, 73, 248, 220}, {165, 73, 248, 221}, {165, 73, 248, 222}, {165, 73, 248, 229}, {165, 73, 248, 230}, {165, 73, 248, 232}, {165, 73, 248, 234}}},
 		{Region: "South Africa", Group: "Premium TCP Asia", IPs: []net.IP{{165, 73, 248, 211}, {165, 73, 248, 212}, {165, 73, 248, 216}, {165, 73, 248, 219}, {165, 73, 248, 227}, {165, 73, 248, 230}, {165, 73, 248, 232}, {165, 73, 248, 233}, {165, 73, 248, 234}, {165, 73, 248, 235}}},
 		{Region: "South Africa", Group: "Premium TCP Europe", IPs: []net.IP{{197, 85, 7, 26}, {197, 85, 7, 27}, {197, 85, 7, 28}, {197, 85, 7, 29}, {197, 85, 7, 30}, {197, 85, 7, 31}, {197, 85, 7, 131}, {197, 85, 7, 132}, {197, 85, 7, 133}, {197, 85, 7, 134}}},
 		{Region: "Spain", Group: "Premium UDP Europe", IPs: []net.IP{{37, 120, 142, 147}, {37, 120, 142, 155}, {37, 120, 142, 167}, {37, 120, 142, 169}, {37, 120, 142, 170}, {84, 17, 62, 131}, {84, 17, 62, 142}, {84, 17, 62, 145}, {84, 17, 62, 147}, {185, 93, 3, 113}}},
 		{Region: "Spain", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 62, 133}, {84, 17, 62, 141}, {84, 17, 62, 142}, {185, 93, 3, 105}, {185, 93, 3, 109}, {185, 93, 3, 111}, {185, 93, 182, 133}, {185, 93, 182, 136}, {185, 93, 182, 140}, {185, 93, 182, 141}}},
 		{Region: "Sri Lanka", Group: "Premium UDP Europe", IPs: []net.IP{{45, 132, 136, 7}, {45, 132, 136, 9}, {45, 132, 136, 11}, {45, 132, 136, 13}, {45, 132, 136, 16}, {45, 132, 136, 17}, {45, 132, 136, 20}, {45, 132, 136, 23}, {45, 132, 136, 26}, {45, 132, 136, 29}}},
 		{Region: "Sri Lanka", Group: "Premium TCP Europe", IPs: []net.IP{{45, 132, 136, 7}, {45, 132, 136, 9}, {45, 132, 136, 10}, {45, 132, 136, 11}, {45, 132, 136, 13}, {45, 132, 136, 17}, {45, 132, 136, 22}, {45, 132, 136, 25}, {45, 132, 136, 26}, {45, 132, 136, 29}}},
 		{Region: "Sweden", Group: "Premium TCP Europe", IPs: []net.IP{{46, 246, 65, 137}, {46, 246, 65, 139}, {46, 246, 65, 218}, {91, 132, 138, 60}, {188, 126, 64, 105}, {188, 126, 66, 10}, {188, 126, 66, 14}, {188, 126, 66, 29}, {188, 126, 73, 207}, {188, 126, 73, 209}}},
 		{Region: "Sweden", Group: "Premium UDP Europe", IPs: []net.IP{{46, 246, 65, 131}, {46, 246, 65, 140}, {46, 246, 65, 170}, {46, 246, 65, 189}, {46, 246, 65, 200}, {46, 246, 65, 203}, {46, 246, 65, 212}, {91, 132, 138, 52}, {188, 126, 73, 199}, {188, 126, 73, 220}}},
 		{Region: "Switzerland", Group: "Premium UDP Europe", IPs: []net.IP{{84, 17, 52, 10}, {84, 17, 52, 14}, {84, 17, 52, 17}, {84, 17, 52, 21}, {185, 32, 222, 17}, {185, 32, 222, 18}, {185, 32, 222, 111}, {195, 225, 118, 45}, {195, 225, 118, 58}, {195, 225, 118, 61}}},
 		{Region: "Switzerland", Group: "Premium TCP Europe", IPs: []net.IP{{84, 17, 52, 5}, {84, 17, 52, 33}, {84, 17, 52, 45}, {84, 17, 52, 62}, {84, 17, 52, 69}, {84, 17, 52, 80}, {91, 132, 136, 171}, {185, 32, 222, 13}, {195, 225, 118, 44}, {195, 225, 118, 52}}},
 		{Region: "Taiwan", Group: "Premium UDP Asia", IPs: []net.IP{{45, 133, 181, 100}, {45, 133, 181, 104}, {45, 133, 181, 106}, {45, 133, 181, 109}, {45, 133, 181, 110}, {45, 133, 181, 114}, {45, 133, 181, 117}, {45, 133, 181, 119}, {45, 133, 181, 124}, {45, 133, 181, 125}}},
 		{Region: "Taiwan", Group: "Premium TCP Asia", IPs: []net.IP{{45, 133, 181, 99}, {45, 133, 181, 103}, {45, 133, 181, 104}, {45, 133, 181, 105}, {45, 133, 181, 107}, {45, 133, 181, 110}, {45, 133, 181, 112}, {45, 133, 181, 113}, {45, 133, 181, 116}, {45, 133, 181, 123}}},
 		{Region: "Thailand", Group: "Premium TCP Asia", IPs: []net.IP{{119, 59, 98, 214}, {119, 59, 98, 239}, {119, 59, 98, 240}, {119, 59, 98, 244}, {119, 59, 121, 162}, {119, 59, 121, 168}, {119, 59, 121, 169}, {119, 59, 121, 170}, {119, 59, 121, 171}, {119, 59, 121, 173}}},
 		{Region: "Thailand", Group: "Premium UDP Asia", IPs: []net.IP{{119, 59, 98, 238}, {119, 59, 98, 240}, {119, 59, 98, 244}, {119, 59, 98, 249}, {119, 59, 121, 166}, {119, 59, 121, 167}, {119, 59, 121, 168}, {119, 59, 121, 170}, {119, 59, 121, 172}, {119, 59, 121, 175}}},
 		{Region: "Turkey", Group: "Premium UDP Europe", IPs: []net.IP{{188, 213, 34, 5}, {188, 213, 34, 9}, {188, 213, 34, 14}, {188, 213, 34, 30}, {188, 213, 34, 35}, {188, 213, 34, 39}, {188, 213, 34, 42}, {188, 213, 34, 45}, {188, 213, 34, 103}, {188, 213, 34, 110}}},
 		{Region: "Turkey", Group: "Premium TCP Europe", IPs: []net.IP{{188, 213, 34, 10}, {188, 213, 34, 12}, {188, 213, 34, 25}, {188, 213, 34, 30}, {188, 213, 34, 36}, {188, 213, 34, 42}, {188, 213, 34, 102}, {188, 213, 34, 103}, {188, 213, 34, 104}, {188, 213, 34, 110}}},
 		{Region: "Ukraine", Group: "Premium TCP Europe", IPs: []net.IP{{31, 28, 161, 20}, {31, 28, 163, 40}, {31, 28, 163, 51}, {62, 149, 7, 168}, {62, 149, 29, 35}, {62, 149, 29, 40}, {62, 149, 29, 41}, {62, 149, 29, 48}, {62, 149, 29, 52}, {62, 149, 29, 56}}},
 		{Region: "Ukraine", Group: "Premium UDP Europe", IPs: []net.IP{{31, 28, 163, 35}, {31, 28, 163, 45}, {31, 28, 163, 51}, {31, 28, 163, 55}, {62, 149, 7, 167}, {62, 149, 29, 38}, {62, 149, 29, 40}, {62, 149, 29, 46}, {62, 149, 29, 47}, {62, 149, 29, 50}}},
 		{Region: "United Arab Emirates", Group: "Premium TCP Europe", IPs: []net.IP{{45, 131, 5, 6}, {45, 131, 5, 12}, {45, 131, 5, 13}, {45, 131, 5, 15}, {45, 131, 5, 17}, {45, 131, 5, 21}, {45, 131, 5, 22}, {45, 131, 5, 24}, {45, 131, 5, 28}, {45, 131, 5, 29}}},
 		{Region: "United Arab Emirates", Group: "Premium UDP Europe", IPs: []net.IP{{45, 131, 5, 6}, {45, 131, 5, 7}, {45, 131, 5, 10}, {45, 131, 5, 11}, {45, 131, 5, 12}, {45, 131, 5, 14}, {45, 131, 5, 17}, {45, 131, 5, 24}, {45, 131, 5, 26}, {45, 131, 5, 27}}},
 		{Region: "United Kingdom", Group: "Premium UDP Europe", IPs: []net.IP{{84, 17, 51, 18}, {84, 17, 51, 62}, {89, 238, 138, 245}, {89, 238, 167, 46}, {89, 238, 167, 56}, {95, 154, 200, 153}, {95, 154, 200, 155}, {95, 154, 200, 187}, {95, 154, 200, 188}, {141, 98, 100, 73}}},
 		{Region: "United Kingdom", Group: "Premium TCP Europe", IPs: []net.IP{{37, 120, 133, 165}, {84, 17, 51, 32}, {84, 17, 51, 106}, {84, 17, 51, 124}, {89, 238, 167, 45}, {95, 154, 200, 147}, {95, 154, 200, 165}, {95, 154, 200, 172}, {95, 154, 200, 179}, {141, 98, 100, 59}}},
 		{Region: "United States", Group: "Premium TCP USA", IPs: []net.IP{{23, 105, 191, 33}, {23, 106, 83, 26}, {37, 120, 157, 131}, {45, 89, 173, 221}, {84, 17, 40, 70}, {89, 187, 182, 6}, {91, 132, 137, 86}, {173, 234, 158, 179}, {173, 234, 158, 184}, {185, 250, 220, 39}}},
 		{Region: "United States", Group: "Premium UDP USA", IPs: []net.IP{{89, 187, 171, 143}, {108, 62, 235, 183}, {143, 244, 51, 169}, {156, 146, 37, 29}, {156, 146, 37, 106}, {156, 146, 37, 120}, {172, 255, 125, 138}, {173, 208, 44, 90}, {185, 242, 5, 120}, {185, 242, 5, 249}}},
 		{Region: "Venezuela", Group: "Premium TCP Europe", IPs: []net.IP{{45, 133, 89, 8}, {45, 133, 89, 10}, {45, 133, 89, 12}, {45, 133, 89, 16}, {45, 133, 89, 17}, {45, 133, 89, 18}, {45, 133, 89, 20}, {45, 133, 89, 22}, {45, 133, 89, 27}, {45, 133, 89, 28}}},
 		{Region: "Venezuela", Group: "Premium UDP Europe", IPs: []net.IP{{45, 133, 89, 6}, {45, 133, 89, 7}, {45, 133, 89, 15}, {45, 133, 89, 16}, {45, 133, 89, 17}, {45, 133, 89, 20}, {45, 133, 89, 22}, {45, 133, 89, 26}, {45, 133, 89, 28}, {45, 133, 89, 29}}},
 		{Region: "Vietnam", Group: "Premium UDP Asia", IPs: []net.IP{{45, 117, 79, 114}, {45, 117, 79, 118}, {45, 117, 79, 124}, {45, 117, 79, 125}, {103, 238, 214, 131}, {103, 238, 214, 132}, {103, 238, 214, 133}, {103, 238, 214, 134}, {103, 238, 214, 135}, {103, 238, 214, 137}}},
 		{Region: "Vietnam", Group: "Premium TCP Asia", IPs: []net.IP{{45, 117, 79, 114}, {45, 117, 79, 116}, {45, 117, 79, 124}, {45, 117, 79, 125}, {103, 238, 214, 131}, {103, 238, 214, 132}, {103, 238, 214, 133}, {103, 238, 214, 135}, {103, 238, 214, 136}, {103, 238, 214, 140}}},
 	}
 }
--- a/internal/constants/dns.go
+++ b/internal/constants/dns.go
@@ -1,83 +1,89 @@
-package constants
+package constants
-
+
-import (
+import (
-	"net"
+	"net"
-
+
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
-)
+)
-
+
-const (
+const (
-	// Cloudflare is a DNS over TLS provider
+	// Cloudflare is a DNS over TLS provider
-	Cloudflare models.DNSProvider = "cloudflare"
+	Cloudflare models.DNSProvider = "cloudflare"
-	// Google is a DNS over TLS provider
+	// Google is a DNS over TLS provider
-	Google models.DNSProvider = "google"
+	Google models.DNSProvider = "google"
-	// Quad9 is a DNS over TLS provider
+	// Quad9 is a DNS over TLS provider
-	Quad9 models.DNSProvider = "quad9"
+	Quad9 models.DNSProvider = "quad9"
-	// Quadrant is a DNS over TLS provider
+	// Quadrant is a DNS over TLS provider
-	Quadrant models.DNSProvider = "quadrant"
+	Quadrant models.DNSProvider = "quadrant"
-	// CleanBrowsing is a DNS over TLS provider
+	// CleanBrowsing is a DNS over TLS provider
-	CleanBrowsing models.DNSProvider = "cleanbrowsing"
+	CleanBrowsing models.DNSProvider = "cleanbrowsing"
-	// SecureDNS is a DNS over TLS provider
+	// SecureDNS is a DNS over TLS provider
-	SecureDNS models.DNSProvider = "securedns"
+	SecureDNS models.DNSProvider = "securedns"
-	// LibreDNS is a DNS over TLS provider
+	// LibreDNS is a DNS over TLS provider
-	LibreDNS models.DNSProvider = "libredns"
+	LibreDNS models.DNSProvider = "libredns"
-)
+)
-
+
-// DNSProviderMapping returns a constant mapping of dns provider name
+// DNSProviderMapping returns a constant mapping of dns provider name
-// to their data such as IP addresses or TLS host name.
+// to their data such as IP addresses or TLS host name.
-func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
+func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
-	return map[models.DNSProvider]models.DNSProviderData{
+	return map[models.DNSProvider]models.DNSProviderData{
-		Cloudflare: models.DNSProviderData{
+		Cloudflare: {
-			IPs:         []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}},
+			IPs:          []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x01}},
-			SupportsTLS: true,
+			SupportsTLS:  true,
-			Host:        models.DNSHost("cloudflare-dns.com"),
+			SupportsIPv6: true,
-		},
+			Host:         models.DNSHost("cloudflare-dns.com"),
-		Google: models.DNSProviderData{
+		},
-			IPs:         []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}},
+		Google: {
-			SupportsTLS: true,
+			IPs:          []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44}},
-			Host:        models.DNSHost("dns.google"),
+			SupportsTLS:  true,
-		},
+			SupportsIPv6: true,
-		Quad9: models.DNSProviderData{
+			Host:         models.DNSHost("dns.google"),
-			IPs:         []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}},
+		},
-			SupportsTLS: true,
+		Quad9: {
-			Host:        models.DNSHost("dns.quad9.net"),
+			IPs:          []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}},
-		},
+			SupportsTLS:  true,
-		Quadrant: models.DNSProviderData{
+			SupportsIPv6: true,
-			IPs:         []net.IP{{12, 159, 2, 159}},
+			Host:         models.DNSHost("dns.quad9.net"),
-			SupportsTLS: true,
+		},
-			Host:        models.DNSHost("dns-tls.qis.io"),
+		Quadrant: {
-		},
+			IPs:          []net.IP{{12, 159, 2, 159}, {0x20, 0x1, 0x18, 0x90, 0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x59}},
-		CleanBrowsing: models.DNSProviderData{
+			SupportsTLS:  true,
-			IPs:         []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}},
+			SupportsIPv6: true,
-			SupportsTLS: true,
+			Host:         models.DNSHost("dns-tls.qis.io"),
-			Host:        models.DNSHost("security-filter-dns.cleanbrowsing.org"),
+		},
-		},
+		CleanBrowsing: {
-		SecureDNS: models.DNSProviderData{
+			IPs:          []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}},
-			IPs:         []net.IP{{146, 185, 167, 43}},
+			SupportsTLS:  true,
-			SupportsTLS: true,
+			SupportsIPv6: true,
-			Host:        models.DNSHost("dot.securedns.eu"),
+			Host:         models.DNSHost("security-filter-dns.cleanbrowsing.org"),
-		},
+		},
-		LibreDNS: models.DNSProviderData{
+		SecureDNS: {
-			IPs:         []net.IP{{116, 203, 115, 192}},
+			IPs:          []net.IP{{146, 185, 167, 43}, {0x2a, 0x3, 0xb0, 0xc0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe, 0x9a, 0x30, 0x1}},
-			SupportsTLS: true,
+			SupportsTLS:  true,
-			Host:        models.DNSHost("dot.libredns.gr"),
+			SupportsIPv6: true,
-		},
+			Host:         models.DNSHost("dot.securedns.eu"),
-	}
+		},
-}
+		LibreDNS: {
-
+			IPs:         []net.IP{{116, 203, 115, 192}},
-// Block lists URLs
+			SupportsTLS: true,
-const (
+			Host:        models.DNSHost("dot.libredns.gr"),
-	AdsBlockListHostnamesURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-hostnames.updated"
+		},
-	AdsBlockListIPsURL                models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-ips.updated"
+	}
-	MaliciousBlockListHostnamesURL    models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated"
+}
-	MaliciousBlockListIPsURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated"
+
-	SurveillanceBlockListHostnamesURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-hostnames.updated"
+// Block lists URLs
-	SurveillanceBlockListIPsURL       models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-ips.updated"
+const (
-)
+	AdsBlockListHostnamesURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-hostnames.updated"
-
+	AdsBlockListIPsURL                models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-ips.updated"
-// DNS certificates to fetch
+	MaliciousBlockListHostnamesURL    models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated"
-// TODO obtain from source directly, see qdm12/updated)
+	MaliciousBlockListIPsURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated"
-const (
+	SurveillanceBlockListHostnamesURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-hostnames.updated"
-	NamedRootURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/named.root.updated"
+	SurveillanceBlockListIPsURL       models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-ips.updated"
-	RootKeyURL   models.URL = "https://raw.githubusercontent.com/qdm12/files/master/root.key.updated"
+)
-)
+
 // DNS certificates to fetch
 // TODO obtain from source directly, see qdm12/updated)
 const (
 	NamedRootURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/named.root.updated"
 	RootKeyURL   models.URL = "https://raw.githubusercontent.com/qdm12/files/master/root.key.updated"
 )
--- a/internal/constants/mullvad.go
+++ b/internal/constants/mullvad.go
@@ -0,0 +1,139 @@
 package constants
 import (
 	"net"
 	"sort"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	MullvadCertificate = "MIIGIzCCBAugAwIBAgIJAK6BqXN9GHI0MA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJTRTERMA8GA1UECAwIR290YWxhbmQxEzARBgNVBAcMCkdvdGhlbmJ1cmcxFDASBgNVBAoMC0FtYWdpY29tIEFCMRAwDgYDVQQLDAdNdWxsdmFkMRswGQYDVQQDDBJNdWxsdmFkIFJvb3QgQ0EgdjIxIzAhBgkqhkiG9w0BCQEWFHNlY3VyaXR5QG11bGx2YWQubmV0MB4XDTE4MTEwMjExMTYxMVoXDTI4MTAzMDExMTYxMVowgZ8xCzAJBgNVBAYTAlNFMREwDwYDVQQIDAhHb3RhbGFuZDETMBEGA1UEBwwKR290aGVuYnVyZzEUMBIGA1UECgwLQW1hZ2ljb20gQUIxEDAOBgNVBAsMB011bGx2YWQxGzAZBgNVBAMMEk11bGx2YWQgUm9vdCBDQSB2MjEjMCEGCSqGSIb3DQEJARYUc2VjdXJpdHlAbXVsbHZhZC5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCifDn75E/Zdx1qsy31rMEzuvbTXqZVZp4bjWbmcyyXqvnayRUHHoovG+lzc+HDL3HJV+kjxKpCMkEVWwjY159lJbQbm8kkYntBBREdzRRjjJpTb6haf/NXeOtQJ9aVlCc4dM66bEmyAoXkzXVZTQJ8h2FE55KVxHi5Sdy4XC5zm0wPa4DPDokNp1qm3A9Xicq3HsflLbMZRCAGuI+Jek6caHqiKjTHtujn6Gfxv2WsZ7SjerUAk+mvBo2sfKmB7octxG7yAOFFg7YsWL0AxddBWqgq5R/1WDJ9d1Cwun9WGRRQ1TLvzF1yABUerjjKrk89RCzYISwsKcgJPscaDqZgO6RIruY/xjuTtrnZSv+FXs+Woxf87P+QgQd76LC0MstTnys+AfTMuMPOLy9fMfEzs3LP0Nz6v5yjhX8ff7+3UUI3IcMxCvyxdTPClY5IvFdW7CCmmLNzakmx5GCItBWg/EIg1K1SG0jU9F8vlNZUqLKz42hWy/xB5C4QYQQ9ILdu4araPnrXnmd1D1QKVwKQ1DpWhNbpBDfE776/4xXD/tGM5O0TImp1NXul8wYsDi8g+e0pxNgY3Pahnj1yfG75Yw82spZanUH0QSNoMVMWnmV2hXGsWqypRq0pH8mPeLzeKa82gzsAZsouRD1k8wFlYA4z9HQFxqfcntTqXuwQcQIDAQABo2AwXjAdBgNVHQ4EFgQUfaEyaBpGNzsqttiSMETq+X/GJ0YwHwYDVR0jBBgwFoAUfaEyaBpGNzsqttiSMETq+X/GJ0YwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADH5izxu4V8Javal8EA4DxZxIHUsWCg5cuopB28PsyJYpyKipsBoI8+RXqbtrLLue4WQfNPZHLXlKi+A3GTrLdlnenYzXVipPd+n3vRZyofaB3Jtb03nirVWGa8FG21Xy/f4rPqwcW54lxrnnh0SA0hwuZ+b2yAWESBXPxrzVQdTWCqoFI6/aRnN8RyZn0LqRYoW7WDtKpLmfyvshBmmu4PCYSh/SYiFHgR9fsWzVcxdySDsmX8wXowuFfp8V9sFhD4TsebAaplaICOuLUgj+Yin5QzgB0F9Ci3Zh6oWwl64SL/OxxQLpzMWzr0lrWsQrS3PgC4+6JC4IpTXX5eUqfSvHPtbRKK0yLnd9hYgvZUBvvZvUFR/3/fW+mpBHbZJBu9+/1uux46M4rJ2FeaJUf9PhYCPuUj63yu0Grn0DreVKK1SkD5V6qXN0TmoxYyguhfsIPCpI1VsdaSWuNjJ+a/HIlKIU8vKp5iN/+6ZTPAg9Q7s3Ji+vfx/AhFtQyTpIYNszVzNZyobvkiMUlK+eUKGlHVQp73y6MmGIlbBbyzpEoedNU4uFu57mw4fYGHqYZmYqFaiNQv4tVrGkg6p+Ypyu1zOfIHF7eqlAOu/SyRTvZkt9VtSVEOVH7nDIGdrCC9U/g1Lqk8Td00Oj8xesyKzsG214Xd8m7/7GmJ7nXe5"
 )
 func MullvadCountryChoices() (choices []string) {
 	uniqueChoices := map[string]struct{}{}
 	for _, server := range MullvadServers() {
 		uniqueChoices[server.Country] = struct{}{}
 	}
 	for choice := range uniqueChoices {
 		choices = append(choices, choice)
 	}
 	sort.Slice(choices, func(i, j int) bool {
 		return choices[i] < choices[j]
 	})
 	return choices
 }
 func MullvadCityChoices() (choices []string) {
 	uniqueChoices := map[string]struct{}{}
 	for _, server := range MullvadServers() {
 		uniqueChoices[server.City] = struct{}{}
 	}
 	for choice := range uniqueChoices {
 		choices = append(choices, choice)
 	}
 	sort.Slice(choices, func(i, j int) bool {
 		return choices[i] < choices[j]
 	})
 	return choices
 }
 func MullvadISPChoices() (choices []string) {
 	uniqueChoices := map[string]struct{}{}
 	for _, server := range MullvadServers() {
 		uniqueChoices[server.ISP] = struct{}{}
 	}
 	for choice := range uniqueChoices {
 		choices = append(choices, choice)
 	}
 	sort.Slice(choices, func(i, j int) bool {
 		return choices[i] < choices[j]
 	})
 	return choices
 }
 //nolint:dupl
 func MullvadServers() []models.MullvadServer {
 	return []models.MullvadServer{
 		{Country: "Albania", City: "Tirana", ISP: "iRegister", Owned: false, IPs: []net.IP{{31, 171, 154, 210}}, IPsV6: []net.IP{{0x2a, 0x4, 0x27, 0xc0, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Australia", City: "Adelaide", ISP: "Intergrid", Owned: false, IPs: []net.IP{{116, 206, 231, 58}}, IPsV6: []net.IP{{0x24, 0x7, 0xa0, 0x80, 0x50, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Australia", City: "Brisbane", ISP: "Intergrid", Owned: false, IPs: []net.IP{{43, 245, 160, 162}}, IPsV6: []net.IP{{0x24, 0x7, 0xa0, 0x80, 0x20, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Australia", City: "Canberra", ISP: "Intergrid", Owned: false, IPs: []net.IP{{116, 206, 229, 98}}, IPsV6: []net.IP{{0x24, 0x7, 0xa0, 0x80, 0x40, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Australia", City: "Melbourne", ISP: "Intergrid", Owned: false, IPs: []net.IP{{116, 206, 228, 202}, {116, 206, 228, 242}, {116, 206, 230, 98}}, IPsV6: []net.IP{{0x24, 0x7, 0xa0, 0x80, 0x30, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x24, 0x7, 0xa0, 0x80, 0x30, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x24, 0x7, 0xa0, 0x80, 0x30, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "Australia", City: "Perth", ISP: "Intergrid", Owned: false, IPs: []net.IP{{103, 77, 235, 66}}, IPsV6: []net.IP{{0x24, 0x0, 0xfa, 0x80, 0x0, 0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Australia", City: "Sydney", ISP: "Intergrid", Owned: false, IPs: []net.IP{{43, 245, 162, 130}, {103, 77, 232, 130}, {103, 77, 232, 146}}, IPsV6: []net.IP{{0x24, 0x0, 0xfa, 0x80, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x24, 0x0, 0xfa, 0x80, 0x0, 0x1, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x24, 0x0, 0xfa, 0x80, 0x0, 0x1, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Australia", City: "Sydney", ISP: "M247", Owned: false, IPs: []net.IP{{89, 44, 10, 18}, {89, 44, 10, 34}, {89, 44, 10, 50}, {89, 44, 10, 194}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x84, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x84, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x84, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x84, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "Austria", City: "Vienna", ISP: "M247", Owned: false, IPs: []net.IP{{5, 253, 207, 34}, {86, 107, 21, 210}, {86, 107, 21, 226}, {86, 107, 21, 242}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x29, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x29, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x29, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x29, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4f}}},
 		{Country: "Belgium", City: "Brussels", ISP: "M247", Owned: false, IPs: []net.IP{{37, 120, 143, 138}, {37, 120, 218, 138}, {37, 120, 218, 146}, {91, 207, 57, 50}, {185, 104, 186, 202}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x27, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x27, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x27, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x27, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x27, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}}},
 		{Country: "Brazil", City: "Sao Paulo", ISP: "Heficed", Owned: false, IPs: []net.IP{{191, 101, 62, 178}}, IPsV6: []net.IP{{0x28, 0x3, 0x0, 0x80, 0x80, 0x3, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Brazil", City: "Sao Paulo", ISP: "Qnax", Owned: false, IPs: []net.IP{{177, 67, 80, 186}}, IPsV6: []net.IP{{0x28, 0x4, 0x53, 0x64, 0x21, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Bulgaria", City: "Sofia", ISP: "M247", Owned: false, IPs: []net.IP{{37, 120, 152, 114}, {37, 120, 152, 146}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x30, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x30, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Canada", City: "Montreal", ISP: "M247", Owned: false, IPs: []net.IP{{89, 36, 78, 18}, {89, 36, 78, 34}, {89, 36, 78, 50}, {89, 36, 78, 66}, {89, 36, 78, 82}, {89, 36, 78, 98}, {89, 36, 78, 114}, {89, 36, 78, 130}}, IPsV6: []net.IP{{0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x0, 0xc9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x9, 0x1, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}}},
 		{Country: "Canada", City: "Toronto", ISP: "Amanah", Owned: false, IPs: []net.IP{{162, 219, 176, 250}}, IPsV6: []net.IP{{0x26, 0x6, 0x60, 0x80, 0x10, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Canada", City: "Vancouver", ISP: "100TB", Owned: false, IPs: []net.IP{{172, 83, 40, 34}, {172, 83, 40, 38}}, IPsV6: []net.IP{{0x26, 0x7, 0xf7, 0xa0, 0x0, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0xd, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Canada", City: "Vancouver", ISP: "Esecuredata", Owned: false, IPs: []net.IP{{71, 19, 248, 240}, {71, 19, 249, 81}}, IPsV6: []net.IP{{0x26, 0x5, 0x0, 0x80, 0x0, 0x18, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x26, 0x5, 0x0, 0x80, 0x0, 0x19, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}},
 		{Country: "Czech Republic", City: "Prague", ISP: "M247", Owned: false, IPs: []net.IP{{185, 156, 174, 170}, {185, 216, 35, 242}, {217, 138, 199, 74}, {217, 138, 199, 82}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x33, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x33, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x33, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x33, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}}},
 		{Country: "Denmark", City: "Copenhagen", ISP: "31173", Owned: true, IPs: []net.IP{{45, 129, 56, 81}, {141, 98, 254, 71}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x8, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x8, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Denmark", City: "Copenhagen", ISP: "Asergo", Owned: false, IPs: []net.IP{{82, 103, 140, 213}}, IPsV6: []net.IP{{0x2a, 0x0, 0x90, 0x80, 0x0, 0x1, 0x9, 0x8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Denmark", City: "Copenhagen", ISP: "Blix", Owned: false, IPs: []net.IP{{134, 90, 149, 138}}, IPsV6: []net.IP{{0x2a, 0x2, 0xed, 0x1, 0x41, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Denmark", City: "Copenhagen", ISP: "M247", Owned: false, IPs: []net.IP{{89, 45, 7, 130}, {89, 45, 7, 146}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x37, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x37, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4f}}},
 		{Country: "Finland", City: "Helsinki", ISP: "Creanova", Owned: true, IPs: []net.IP{{185, 204, 1, 171}, {185, 204, 1, 172}, {185, 204, 1, 173}, {185, 204, 1, 174}, {185, 204, 1, 175}, {185, 204, 1, 176}, {185, 212, 149, 201}}, IPsV6: []net.IP{{0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xc, 0xf0, 0x40, 0x0, 0x0, 0x27, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}},
 		{Country: "France", City: "Paris", ISP: "31173", Owned: true, IPs: []net.IP{{193, 32, 126, 81}, {193, 32, 126, 82}, {193, 32, 126, 83}, {193, 32, 126, 84}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x9, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x9, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x9, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x9, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "France", City: "Paris", ISP: "M247", Owned: false, IPs: []net.IP{{89, 44, 9, 19}, {89, 44, 9, 35}, {194, 110, 113, 3}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x25, 0x0, 0xd0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x25, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x25, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}}},
 		{Country: "Germany", City: "Frankfurt", ISP: "31173", Owned: true, IPs: []net.IP{{185, 213, 155, 131}, {185, 213, 155, 132}, {185, 213, 155, 133}, {185, 213, 155, 134}, {185, 213, 155, 135}, {185, 213, 155, 136}, {185, 213, 155, 137}, {185, 213, 155, 138}, {185, 213, 155, 139}, {185, 213, 155, 140}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x6, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}}},
 		{Country: "Germany", City: "Frankfurt", ISP: "M247", Owned: false, IPs: []net.IP{{193, 27, 14, 2}, {193, 27, 14, 18}, {193, 27, 14, 34}, {193, 27, 14, 50}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x20, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x20, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x20, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x20, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4f}}},
 		{Country: "Greece", City: "Athens", ISP: "aweb", Owned: false, IPs: []net.IP{{185, 226, 67, 168}}, IPsV6: []net.IP{{0x2a, 0xc, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Hong Kong", City: "Hong Kong", ISP: "Leaseweb", Owned: false, IPs: []net.IP{{209, 58, 184, 146}, {209, 58, 185, 53}, {209, 58, 185, 186}}, IPsV6: []net.IP{{0x20, 0x1, 0xd, 0xf1, 0x8, 0x1, 0xa0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xd, 0xf1, 0x8, 0x1, 0xa0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xd, 0xf1, 0x8, 0x1, 0xa0, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Hong Kong", City: "Hong Kong", ISP: "M247", Owned: false, IPs: []net.IP{{89, 45, 6, 50}, {89, 45, 6, 66}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x92, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x92, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Hungary", City: "Budapest", ISP: "M247", Owned: false, IPs: []net.IP{{86, 106, 74, 34}, {86, 106, 74, 50}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x26, 0x0, 0xab, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x26, 0x0, 0xac, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "Ireland", City: "Dublin", ISP: "M247", Owned: false, IPs: []net.IP{{217, 138, 222, 82}, {217, 138, 222, 90}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x88, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x88, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Italy", City: "Milan", ISP: "M247", Owned: false, IPs: []net.IP{{89, 40, 182, 146}, {89, 40, 182, 210}, {192, 145, 127, 98}, {192, 145, 127, 114}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x24, 0x0, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x24, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x24, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x24, 0x0, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "Japan", City: "Tokyo", ISP: "M247", Owned: false, IPs: []net.IP{{217, 138, 252, 50}, {217, 138, 252, 162}, {217, 138, 252, 178}, {217, 138, 252, 194}, {217, 138, 252, 210}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x40, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x40, 0x0, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x40, 0x0, 0xb3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x40, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x40, 0x0, 0xb5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}}},
 		{Country: "Latvia", City: "Riga", ISP: "Makonix", Owned: false, IPs: []net.IP{{31, 170, 22, 2}}, IPsV6: []net.IP{{0x2a, 0x0, 0xc, 0x68, 0x0, 0x0, 0xcb, 0xcf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Luxembourg", City: "Luxembourg", ISP: "Evoluso", Owned: false, IPs: []net.IP{{92, 223, 89, 160}, {92, 223, 89, 182}}, IPsV6: []net.IP{{0x2a, 0x3, 0x90, 0xc0, 0x0, 0x83, 0x29, 0x53, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x90, 0xc0, 0x0, 0x83, 0x29, 0x53, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Moldova", City: "Chisinau", ISP: "Trabia", Owned: false, IPs: []net.IP{{178, 175, 142, 194}}, IPsV6: []net.IP{{0x2a, 0x0, 0x1d, 0xc0, 0x29, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Netherlands", City: "Amsterdam", ISP: "31173", Owned: true, IPs: []net.IP{{185, 65, 134, 131}, {185, 65, 134, 132}, {185, 65, 134, 133}, {185, 65, 134, 134}, {185, 65, 134, 135}, {185, 65, 134, 136}, {185, 65, 134, 139}, {185, 65, 134, 140}, {185, 65, 134, 141}, {185, 65, 134, 142}, {185, 65, 134, 143}, {185, 65, 134, 144}, {185, 65, 134, 145}, {185, 65, 134, 146}, {185, 65, 134, 147}, {185, 65, 134, 148}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x3, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8f}}},
 		{Country: "New Zealand", City: "Auckland", ISP: "Intergrid", Owned: false, IPs: []net.IP{{103, 231, 91, 114}}, IPsV6: []net.IP{{0x24, 0x0, 0xfa, 0x80, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Norway", City: "Oslo", ISP: "Blix", Owned: true, IPs: []net.IP{{91, 90, 44, 11}, {91, 90, 44, 12}, {91, 90, 44, 13}, {91, 90, 44, 14}, {91, 90, 44, 15}, {91, 90, 44, 16}, {91, 90, 44, 17}, {91, 90, 44, 18}}, IPsV6: []net.IP{{0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0x2, 0x20, 0xc8, 0x41, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}}},
 		{Country: "Poland", City: "Warsaw", ISP: "M247", Owned: false, IPs: []net.IP{{37, 120, 156, 162}, {37, 120, 211, 186}, {37, 120, 211, 194}, {37, 120, 211, 202}, {185, 244, 214, 210}, {185, 244, 214, 215}}, IPsV6: []net.IP{{0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0x0, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x13, 0xb, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Portugal", City: "Lisbon", ISP: "Dotsi", Owned: false, IPs: []net.IP{{5, 206, 231, 214}}, IPsV6: []net.IP{{0x2a, 0x0, 0x1c, 0x60, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Romania", City: "Bucharest", ISP: "M247", Owned: false, IPs: []net.IP{{185, 163, 110, 66}, {185, 163, 110, 82}, {185, 163, 110, 98}, {185, 163, 110, 114}}, IPsV6: []net.IP{{0x2a, 0x4, 0x9d, 0xc0, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1f}, {0x2a, 0x4, 0x9d, 0xc0, 0x0, 0x0, 0x0, 0x91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2f}, {0x2a, 0x4, 0x9d, 0xc0, 0x0, 0x0, 0x0, 0x92, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3f}, {0x2a, 0x4, 0x9d, 0xc0, 0x0, 0x0, 0x0, 0x93, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4f}}},
 		{Country: "Serbia", City: "Belgrade", ISP: "M247", Owned: false, IPs: []net.IP{{89, 38, 224, 98}, {89, 38, 224, 114}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x7d, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x7d, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}}},
 		{Country: "Serbia", City: "Nis", ISP: "ninet", Owned: false, IPs: []net.IP{{176, 104, 107, 118}}, IPsV6: []net.IP{{0x2a, 0x6, 0x1, 0x85, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Singapore", City: "Singapore", ISP: "Leaseweb", Owned: false, IPs: []net.IP{{103, 254, 153, 82}}, IPsV6: []net.IP{{0x20, 0x1, 0xd, 0xf1, 0x8, 0x0, 0xa0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}},
 		{Country: "Singapore", City: "Singapore", ISP: "M247", Owned: false, IPs: []net.IP{{89, 38, 225, 34}, {94, 198, 43, 2}, {94, 198, 43, 18}}, IPsV6: []net.IP{{0x2a, 0xa, 0xb6, 0x40, 0x0, 0x1, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0xa, 0xb6, 0x40, 0x0, 0x1, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xa, 0xb6, 0x40, 0x0, 0x1, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "Spain", City: "Madrid", ISP: "M247", Owned: false, IPs: []net.IP{{45, 152, 183, 26}, {45, 152, 183, 42}, {89, 238, 178, 34}, {89, 238, 178, 74}, {195, 206, 107, 146}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x23, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x23, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x23, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x23, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x23, 0x0, 0x59, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}}},
 		{Country: "Sweden", City: "Gothenburg", ISP: "31173", Owned: true, IPs: []net.IP{{185, 213, 154, 131}, {185, 213, 154, 132}, {185, 213, 154, 133}, {185, 213, 154, 134}, {185, 213, 154, 135}, {185, 213, 154, 136}, {185, 213, 154, 137}, {185, 213, 154, 138}, {185, 213, 154, 139}, {185, 213, 154, 140}, {185, 213, 154, 141}, {185, 213, 154, 142}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x5, 0xf0, 0x11, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}},
 		{Country: "Sweden", City: "Helsingborg", ISP: "31173", Owned: true, IPs: []net.IP{{185, 213, 152, 131}, {185, 213, 152, 132}, {185, 213, 152, 133}, {185, 213, 152, 134}, {185, 213, 152, 137}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x2, 0xf7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x2, 0xf7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x2, 0xf7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x2, 0xf7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x2, 0xf7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}},
 		{Country: "Sweden", City: "Malmö", ISP: "31173", Owned: true, IPs: []net.IP{{45, 83, 220, 81}, {45, 83, 220, 82}, {45, 83, 220, 83}, {45, 83, 220, 84}, {45, 83, 220, 85}, {45, 83, 220, 86}, {45, 83, 220, 87}, {45, 83, 220, 88}, {45, 83, 220, 89}, {45, 83, 220, 90}, {45, 83, 220, 91}, {45, 83, 220, 92}, {45, 83, 220, 93}, {141, 98, 255, 83}, {141, 98, 255, 84}, {141, 98, 255, 85}, {141, 98, 255, 86}, {141, 98, 255, 87}, {141, 98, 255, 88}, {141, 98, 255, 89}, {141, 98, 255, 90}, {141, 98, 255, 91}, {141, 98, 255, 92}, {141, 98, 255, 93}, {141, 98, 255, 94}, {193, 138, 218, 131}, {193, 138, 218, 132}, {193, 138, 218, 133}, {193, 138, 218, 134}, {193, 138, 218, 135}, {193, 138, 218, 136}, {193, 138, 218, 137}, {193, 138, 218, 138}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xe0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x1, 0xf4, 0x10, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}}},
 		{Country: "Sweden", City: "Stockholm", ISP: "31173", Owned: true, IPs: []net.IP{{185, 65, 135, 131}, {185, 65, 135, 133}, {185, 65, 135, 134}, {185, 65, 135, 135}, {185, 65, 135, 136}, {185, 65, 135, 137}, {185, 65, 135, 138}, {185, 65, 135, 139}, {185, 65, 135, 140}, {185, 65, 135, 141}, {185, 65, 135, 142}, {185, 65, 135, 143}, {185, 65, 135, 144}, {185, 65, 135, 145}, {185, 65, 135, 146}, {185, 65, 135, 147}, {185, 65, 135, 148}, {185, 65, 135, 149}, {185, 65, 135, 150}, {185, 65, 135, 151}, {185, 65, 135, 152}, {185, 65, 135, 153}, {185, 65, 135, 154}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4e}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xf}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x4, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4f}}},
 		{Country: "Switzerland", City: "Zurich", ISP: "31173", Owned: true, IPs: []net.IP{{193, 32, 127, 81}, {193, 32, 127, 82}, {193, 32, 127, 83}, {193, 32, 127, 84}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0xa, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0xa, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0xa, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0xa, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "Switzerland", City: "Zurich", ISP: "M247", Owned: false, IPs: []net.IP{{91, 193, 4, 2}, {91, 193, 4, 18}, {91, 193, 4, 34}, {91, 193, 4, 50}, {91, 193, 4, 66}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x28, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x28, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x28, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x28, 0x0, 0x87, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x28, 0x0, 0x97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "Switzerland", City: "Zurich", ISP: "PrivateLayer", Owned: false, IPs: []net.IP{{81, 17, 20, 34}, {179, 43, 128, 170}}, IPsV6: []net.IP{{0x2a, 0x2, 0x29, 0xb8, 0xdc, 0x1, 0x5, 0x97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x2, 0x29, 0xb8, 0xdc, 0x1, 0x18, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "UK", City: "London", ISP: "31173", Owned: true, IPs: []net.IP{{141, 98, 252, 131}, {141, 98, 252, 132}, {141, 98, 252, 133}, {141, 98, 252, 138}, {141, 98, 252, 139}, {141, 98, 252, 140}, {185, 195, 232, 84}, {185, 195, 232, 85}, {185, 195, 232, 86}}, IPsV6: []net.IP{{0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0x3, 0x1b, 0x20, 0x0, 0x7, 0xf0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}}},
 		{Country: "UK", City: "London", ISP: "M247", Owned: false, IPs: []net.IP{{45, 87, 215, 50}, {185, 200, 118, 178}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x31, 0x2, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x31, 0x2, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "UK", City: "Manchester", ISP: "M247", Owned: false, IPs: []net.IP{{37, 120, 159, 164}, {89, 238, 132, 36}, {194, 37, 96, 180}, {217, 151, 98, 68}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x21, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x21, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x21, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x21, 0x0, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "Atlanta, GA", ISP: "100TB", Owned: false, IPs: []net.IP{{66, 115, 180, 227}, {66, 115, 180, 228}, {66, 115, 180, 229}, {66, 115, 180, 230}, {107, 152, 108, 62}}, IPsV6: []net.IP{{0x26, 0x7, 0xf7, 0xa0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}}},
 		{Country: "USA", City: "Atlanta, GA", ISP: "Quadranet", Owned: false, IPs: []net.IP{{104, 129, 24, 242}}, IPsV6: []net.IP{{0x26, 0x7, 0xfc, 0xd0, 0xaa, 0x80, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "USA", City: "Chicago, IL", ISP: "Quadranet", Owned: false, IPs: []net.IP{{104, 129, 31, 26}}, IPsV6: []net.IP{{0x26, 0x7, 0xfc, 0xd0, 0xbb, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "Chicago, IL", ISP: "Tzulo", Owned: false, IPs: []net.IP{{68, 235, 43, 10}, {68, 235, 43, 18}, {68, 235, 43, 26}, {68, 235, 43, 34}, {68, 235, 43, 42}, {68, 235, 43, 50}, {68, 235, 43, 58}, {68, 235, 43, 66}, {68, 235, 43, 74}, {68, 235, 43, 122}}, IPsV6: []net.IP{{0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x59, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x26, 0x7, 0x90, 0x0, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "Dallas, TX", ISP: "100TB", Owned: false, IPs: []net.IP{{174, 127, 113, 3}, {174, 127, 113, 4}, {174, 127, 113, 5}, {174, 127, 113, 6}, {174, 127, 113, 7}}, IPsV6: []net.IP{{0x26, 0x6, 0x2e, 0x0, 0x80, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x26, 0x6, 0x2e, 0x0, 0x80, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x6, 0x2e, 0x0, 0x80, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x26, 0x6, 0x2e, 0x0, 0x80, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x26, 0x6, 0x2e, 0x0, 0x80, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}}},
 		{Country: "USA", City: "Dallas, TX", ISP: "M247", Owned: false, IPs: []net.IP{{193, 27, 13, 34}, {193, 27, 13, 50}, {193, 27, 13, 66}, {193, 27, 13, 82}, {193, 27, 13, 178}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x9a, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x9a, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x9a, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x9a, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x20, 0x1, 0xa, 0xc8, 0x0, 0x9a, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "Dallas, TX", ISP: "Quadranet", Owned: false, IPs: []net.IP{{96, 44, 145, 18}, {96, 44, 147, 130}}, IPsV6: []net.IP{{0x26, 0x7, 0xfc, 0xd0, 0xda, 0x80, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x26, 0x7, 0xfc, 0xd0, 0xda, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}},
 		{Country: "USA", City: "Denver, CO", ISP: "Tzulo", Owned: false, IPs: []net.IP{{198, 54, 128, 66}, {198, 54, 128, 74}, {198, 54, 128, 106}}, IPsV6: []net.IP{{0x26, 0x7, 0x90, 0x0, 0x20, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x7, 0x90, 0x0, 0x20, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x26, 0x7, 0x90, 0x0, 0x20, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}}},
 		{Country: "USA", City: "Los Angeles, CA", ISP: "100TB", Owned: false, IPs: []net.IP{{104, 200, 152, 66}, {107, 181, 168, 130}}, IPsV6: []net.IP{{0x26, 0x7, 0xf7, 0xa0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}},
 		{Country: "USA", City: "Los Angeles, CA", ISP: "M247", Owned: false, IPs: []net.IP{{89, 46, 114, 15}, {89, 46, 114, 28}, {89, 46, 114, 41}, {89, 46, 114, 54}, {89, 46, 114, 67}, {89, 46, 114, 80}, {89, 46, 114, 93}, {89, 46, 114, 106}, {89, 46, 114, 119}, {89, 46, 114, 132}, {89, 46, 114, 145}, {89, 46, 114, 158}, {89, 46, 114, 171}, {89, 46, 114, 184}, {89, 46, 114, 197}, {89, 46, 114, 210}, {89, 46, 114, 223}}, IPsV6: []net.IP{{0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f}}},
 		{Country: "USA", City: "Los Angeles, CA", ISP: "Tzulo", Owned: false, IPs: []net.IP{{198, 54, 129, 74}, {198, 54, 129, 82}}, IPsV6: []net.IP{{0x26, 0x7, 0x90, 0x0, 0x30, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x7, 0x90, 0x0, 0x30, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "Miami, FL", ISP: "M247", Owned: false, IPs: []net.IP{{94, 198, 42, 50}, {94, 198, 42, 66}, {94, 198, 42, 82}, {94, 198, 42, 98}, {193, 27, 12, 2}, {193, 27, 12, 18}}, IPsV6: []net.IP{{0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0xa, 0xd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x6, 0xa, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 		{Country: "USA", City: "New York, NY", ISP: "100TB", Owned: false, IPs: []net.IP{{107, 182, 226, 206}, {107, 182, 226, 218}}, IPsV6: []net.IP{{0x26, 0x6, 0x2e, 0x0, 0x80, 0x3, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x26, 0x6, 0x2e, 0x0, 0x80, 0x3, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}},
 		{Country: "USA", City: "New York, NY", ISP: "M247", Owned: false, IPs: []net.IP{{86, 106, 121, 15}, {86, 106, 121, 28}, {86, 106, 121, 41}, {86, 106, 121, 54}, {86, 106, 121, 67}, {86, 106, 121, 80}, {86, 106, 121, 93}, {86, 106, 121, 106}, {86, 106, 121, 119}, {86, 106, 121, 132}, {89, 46, 62, 15}, {89, 46, 62, 28}, {89, 46, 62, 41}, {89, 46, 62, 54}, {89, 46, 62, 67}, {89, 46, 62, 80}, {89, 46, 62, 93}, {89, 46, 62, 106}, {89, 46, 62, 119}, {89, 46, 62, 132}}, IPsV6: []net.IP{{0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x75, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xf}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0xa1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9f}, {0x2a, 0xd, 0x56, 0x0, 0x0, 0x24, 0xa, 0xa3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xf}}},
 		{Country: "USA", City: "Phoenix, AZ", ISP: "100TB", Owned: false, IPs: []net.IP{{107, 152, 99, 86}}, IPsV6: []net.IP{{0x26, 0x7, 0xf7, 0xa0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}}},
 		{Country: "USA", City: "Raleigh, NC", ISP: "Tzulo", Owned: false, IPs: []net.IP{{198, 54, 130, 34}, {198, 54, 130, 50}, {198, 54, 130, 66}}, IPsV6: []net.IP{{0x26, 0x7, 0x90, 0x0, 0x40, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1f}, {0x26, 0x7, 0x90, 0x0, 0x40, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2f}, {0x26, 0x7, 0x90, 0x0, 0x40, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3f}}},
 		{Country: "USA", City: "Salt Lake City, UT", ISP: "100TB", Owned: false, IPs: []net.IP{{69, 4, 234, 132}, {69, 4, 234, 133}, {69, 4, 234, 134}, {69, 4, 234, 135}, {69, 4, 234, 136}, {69, 4, 234, 137}}, IPsV6: []net.IP{{0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, {0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, {0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f}, {0x26, 0x6, 0x2e, 0x0, 0x0, 0x0, 0x0, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}}},
 		{Country: "USA", City: "Seattle, WA", ISP: "100TB", Owned: false, IPs: []net.IP{{104, 200, 129, 42}, {104, 200, 129, 110}, {104, 200, 129, 150}}, IPsV6: []net.IP{{0x26, 0x7, 0xf7, 0xa0, 0x0, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0xc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {0x26, 0x7, 0xf7, 0xa0, 0x0, 0xc, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "USA", City: "Seattle, WA", ISP: "Tzulo", Owned: false, IPs: []net.IP{{198, 54, 131, 34}, {198, 54, 131, 50}, {198, 54, 131, 66}}, IPsV6: []net.IP{{0x26, 0x7, 0x90, 0x0, 0x50, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1f}, {0x26, 0x7, 0x90, 0x0, 0x50, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2f}, {0x26, 0x7, 0x90, 0x0, 0x50, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3f}}},
 		{Country: "USA", City: "Secaucus, NJ", ISP: "Quadranet", Owned: false, IPs: []net.IP{{23, 226, 131, 130}, {23, 226, 131, 154}}, IPsV6: []net.IP{{0x26, 0x7, 0xfc, 0xd0, 0xcc, 0xc0, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, {0x26, 0x7, 0xfc, 0xd0, 0xcc, 0xc0, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}}},
 		{Country: "United Arab Emirates", City: "Dubai", ISP: "M247", Owned: false, IPs: []net.IP{{45, 9, 249, 34}}, IPsV6: []net.IP{{0x20, 0x1, 0xa, 0xc8, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}},
 	}
 }
--- a/internal/constants/nordvpn.go
+++ b/internal/constants/nordvpn.go
--- a/internal/constants/openvpn.go
+++ b/internal/constants/openvpn.go
@@ -1,7 +1,7 @@
 package constants
 import (
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
 )
 const (
--- a/internal/constants/paths.go
+++ b/internal/constants/paths.go
@@ -1,30 +1,32 @@
-package constants
+package constants
-
+
-import (
+import (
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
-)
+)
-
+
-const (
+const (
-	// UnboundConf is the file path to the Unbound configuration file
+	// UnboundConf is the file path to the Unbound configuration file
-	UnboundConf models.Filepath = "/etc/unbound/unbound.conf"
+	UnboundConf models.Filepath = "/etc/unbound/unbound.conf"
-	// ResolvConf is the file path to the system resolv.conf file
+	// ResolvConf is the file path to the system resolv.conf file
-	ResolvConf models.Filepath = "/etc/resolv.conf"
+	ResolvConf models.Filepath = "/etc/resolv.conf"
-	// CACertificates is the file path to the CA certificates file
+	// CACertificates is the file path to the CA certificates file
-	CACertificates models.Filepath = "/etc/ssl/certs/ca-certificates.crt"
+	CACertificates models.Filepath = "/etc/ssl/certs/ca-certificates.crt"
-	// OpenVPNAuthConf is the file path to the OpenVPN auth file
+	// OpenVPNAuthConf is the file path to the OpenVPN auth file
-	OpenVPNAuthConf models.Filepath = "/etc/openvpn/auth.conf"
+	OpenVPNAuthConf models.Filepath = "/etc/openvpn/auth.conf"
-	// OpenVPNConf is the file path to the OpenVPN client configuration file
+	// OpenVPNConf is the file path to the OpenVPN client configuration file
-	OpenVPNConf models.Filepath = "/etc/openvpn/target.ovpn"
+	OpenVPNConf models.Filepath = "/etc/openvpn/target.ovpn"
-	// TunnelDevice is the file path to tun device
+	// PIAPortForward is the file path to the port forwarding JSON information for PIA v4 servers
-	TunnelDevice models.Filepath = "/dev/net/tun"
+	PIAPortForward models.Filepath = "/gluetun/piaportforward.json"
-	// NetRoute is the path to the file containing information on the network route
+	// TunnelDevice is the file path to tun device
-	NetRoute models.Filepath = "/proc/net/route"
+	TunnelDevice models.Filepath = "/dev/net/tun"
-	// TinyProxyConf is the filepath to the tinyproxy configuration file
+	// NetRoute is the path to the file containing information on the network route
-	TinyProxyConf models.Filepath = "/etc/tinyproxy/tinyproxy.conf"
+	NetRoute models.Filepath = "/proc/net/route"
-	// ShadowsocksConf is the filepath to the shadowsocks configuration file
+	// TinyProxyConf is the filepath to the tinyproxy configuration file
-	ShadowsocksConf models.Filepath = "/etc/shadowsocks.json"
+	TinyProxyConf models.Filepath = "/etc/tinyproxy/tinyproxy.conf"
-	// RootHints is the filepath to the root.hints file used by Unbound
+	// ShadowsocksConf is the filepath to the shadowsocks configuration file
-	RootHints models.Filepath = "/etc/unbound/root.hints"
+	ShadowsocksConf models.Filepath = "/etc/shadowsocks.json"
-	// RootKey is the filepath to the root.key file used by Unbound
+	// RootHints is the filepath to the root.hints file used by Unbound
-	RootKey models.Filepath = "/etc/unbound/root.key"
+	RootHints models.Filepath = "/etc/unbound/root.hints"
-)
+	// RootKey is the filepath to the root.key file used by Unbound
 	RootKey models.Filepath = "/etc/unbound/root.key"
 )
--- a/internal/constants/pia.go
+++ b/internal/constants/pia.go
@@ -1,90 +1,209 @@
-package constants
+package constants
-
+
-import (
+import (
-	"fmt"
+	"net"
-	"strings"
+
-
+	"github.com/qdm12/gluetun/internal/models"
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
-)
+
-
+const (
-const (
+	PIAEncryptionPresetNormal = "normal"
-	// PIAEncryptionNormal is the normal level of encryption for communication with PIA servers
+	PIAEncryptionPresetStrong = "strong"
-	PIAEncryptionNormal models.PIAEncryption = "normal"
+	PiaX509CRLNormal          = "MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EWB4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Reze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqyMR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A=="
-	// PIAEncryptionStrong is the strong level of encryption for communication with PIA servers
+	PiaX509CRLStrong          = "MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMdKydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8PpLN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKvIdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbeyqxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOoxNeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZyo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA="
-	PIAEncryptionStrong models.PIAEncryption = "strong"
+	PIACertificateNormal      = "MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXDL1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzXlH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWpcdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RCOfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tLy8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZOsqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2VzczEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5jb22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAna5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xUryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK37pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyCGohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUtYDQ8z9v+DMO6iwyIDRiU"
-)
+	PIACertificateStrong      = "MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQwMzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVkhjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULNDe4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9KV2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SNDfCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZylp7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7pKwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzjtRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wijSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNzmeGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRtyWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCtpXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dvEm89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1GtF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZuLfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj35xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnXJUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJiyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ="
-
+)
-const (
+
-	PIAX509CRL_NORMAL     = "MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EWB4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Reze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqyMR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A=="
+func PIAGeoChoices() (choices []string) {
-	PIAX509CRL_STRONG     = "MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMdKydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8PpLN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKvIdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbeyqxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOoxNeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZyo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA="
+	servers := PIAServers()
-	PIACertificate_NORMAL = "MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXDL1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzXlH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWpcdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RCOfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tLy8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZOsqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2VzczEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5jb22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAna5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xUryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK37pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyCGohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUtYDQ8z9v+DMO6iwyIDRiU"
+	choices = make([]string, len(servers))
-	PIACertificate_STRONG = "MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQwMzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVkhjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULNDe4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9KV2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SNDfCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZylp7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7pKwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzjtRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wijSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNzmeGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRtyWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCtpXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dvEm89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1GtF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZuLfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj35xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnXJUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJiyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ="
+	for i := range servers {
-)
+		choices[i] = servers[i].Region
-
+	}
-func PIAGeoChoices() []string {
+	return choices
-	return []string{"AU Melbourne", "AU Perth", "AU Sydney", "Austria", "Belgium", "CA Montreal", "CA Toronto", "CA Vancouver", "Czech Republic", "DE Berlin", "DE Frankfurt", "Denmark", "Finland", "France", "Hong Kong", "Hungary", "India", "Ireland", "Israel", "Italy", "Japan", "Luxembourg", "Mexico", "Netherlands", "New Zealand", "Norway", "Poland", "Romania", "Singapore", "Spain", "Sweden", "Switzerland", "UAE", "UK London", "UK Manchester", "UK Southampton", "US Atlanta", "US California", "US Chicago", "US Denver", "US East", "US Florida", "US Houston", "US Las Vegas", "US New York City", "US Seattle", "US Silicon Valley", "US Texas", "US Washington DC", "US West"}
+}
-}
+
-
+func PIAServers() []models.PIAServer {
-func PIAGeoToSubdomainMapping(region models.PIARegion) (subdomain string, err error) {
+	return []models.PIAServer{
-	mapping := map[models.PIARegion]string{
+		{Region: "AU Melbourne", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "melbourne405", IPs: []net.IP{{103, 2, 198, 108}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "melbourne405", IPs: []net.IP{{103, 2, 198, 103}}}},
-		models.PIARegion("AU Melbourne"):      "au-melbourne",
+		{Region: "AU Perth", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "perth404", IPs: []net.IP{{43, 250, 205, 186}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "perth404", IPs: []net.IP{{43, 250, 205, 188}}}},
-		models.PIARegion("AU Perth"):          "au-perth",
+		{Region: "AU Sydney", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "sydney405", IPs: []net.IP{{27, 50, 76, 132}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "sydney405", IPs: []net.IP{{27, 50, 76, 132}}}},
-		models.PIARegion("AU Sydney"):         "au-sydney",
+		{Region: "Albania", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "tirana401", IPs: []net.IP{{31, 171, 154, 131}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "tirana401", IPs: []net.IP{{31, 171, 154, 137}}}},
-		models.PIARegion("Austria"):           "austria",
+		{Region: "Algeria", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "algiers402", IPs: []net.IP{{45, 133, 91, 209}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "algiers402", IPs: []net.IP{{45, 133, 91, 227}}}},
-		models.PIARegion("Belgium"):           "belgium",
+		{Region: "Andorra", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "andorra401", IPs: []net.IP{{45, 139, 49, 232}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "andorra401", IPs: []net.IP{{45, 139, 49, 238}}}},
-		models.PIARegion("CA Montreal"):       "ca-montreal",
+		{Region: "Argentina", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "buenosaires401", IPs: []net.IP{{190, 106, 134, 92}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "buenosaires401", IPs: []net.IP{{190, 106, 134, 89}}}},
-		models.PIARegion("CA Toronto"):        "ca-toronto",
+		{Region: "Armenia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "armenia402", IPs: []net.IP{{45, 139, 50, 229}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "armenia402", IPs: []net.IP{{45, 139, 50, 213}}}},
-		models.PIARegion("CA Vancouver"):      "ca-vancouver",
+		{Region: "Austria", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "vienna403", IPs: []net.IP{{156, 146, 60, 104}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "vienna403", IPs: []net.IP{{156, 146, 60, 100}}}},
-		models.PIARegion("Czech Republic"):    "czech",
+		{Region: "Bahamas", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "bahamas402", IPs: []net.IP{{45, 132, 143, 206}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "bahamas402", IPs: []net.IP{{45, 132, 143, 229}}}},
-		models.PIARegion("DE Berlin"):         "de-berlin",
+		{Region: "Belgium", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "brussels403", IPs: []net.IP{{5, 253, 205, 147}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "brussels403", IPs: []net.IP{{5, 253, 205, 153}}}},
-		models.PIARegion("DE Frankfurt"):      "de-frankfurt",
+		{Region: "Bosnia and Herzegovina", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "sarajevo401", IPs: []net.IP{{185, 212, 111, 76}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "sarajevo401", IPs: []net.IP{{185, 212, 111, 77}}}},
-		models.PIARegion("Denmark"):           "denmark",
+		{Region: "Brazil", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "saopaolo402", IPs: []net.IP{{188, 241, 177, 56}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "saopaolo402", IPs: []net.IP{{188, 241, 177, 51}}}},
-		models.PIARegion("Finland"):           "fi",
+		{Region: "Bulgaria", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "sofia401", IPs: []net.IP{{217, 138, 221, 131}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "sofia401", IPs: []net.IP{{217, 138, 221, 133}}}},
-		models.PIARegion("France"):            "france",
+		{Region: "CA Montreal", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "montreal403", IPs: []net.IP{{172, 98, 71, 62}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "montreal403", IPs: []net.IP{{172, 98, 71, 59}}}},
-		models.PIARegion("Hong Kong"):         "hk",
+		{Region: "CA Ontario", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "ontario402", IPs: []net.IP{{172, 83, 47, 138}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "ontario402", IPs: []net.IP{{172, 83, 47, 196}}}},
-		models.PIARegion("Hungary"):           "hungary",
+		{Region: "CA Toronto", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "toronto405", IPs: []net.IP{{172, 83, 47, 250}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "toronto405", IPs: []net.IP{{172, 83, 47, 251}}}},
-		models.PIARegion("India"):             "in",
+		{Region: "CA Vancouver", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "vancouver407", IPs: []net.IP{{172, 98, 89, 70}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "vancouver407", IPs: []net.IP{{172, 98, 89, 18}}}},
-		models.PIARegion("Ireland"):           "ireland",
+		{Region: "Cambodia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "cambodia401", IPs: []net.IP{{188, 215, 235, 105}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "cambodia401", IPs: []net.IP{{188, 215, 235, 102}}}},
-		models.PIARegion("Israel"):            "israel",
+		{Region: "China", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "china403", IPs: []net.IP{{86, 107, 104, 212}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "china403", IPs: []net.IP{{86, 107, 104, 216}}}},
-		models.PIARegion("Italy"):             "italy",
+		{Region: "Cyprus", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "cyprus402", IPs: []net.IP{{45, 132, 137, 220}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "cyprus402", IPs: []net.IP{{45, 132, 137, 225}}}},
-		models.PIARegion("Japan"):             "japan",
+		{Region: "Czech Republic", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "prague402", IPs: []net.IP{{212, 102, 39, 148}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "prague402", IPs: []net.IP{{212, 102, 39, 149}}}},
-		models.PIARegion("Luxembourg"):        "lu",
+		{Region: "DE Berlin", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "berlin410", IPs: []net.IP{{89, 36, 76, 153}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "berlin410", IPs: []net.IP{{89, 36, 76, 149}}}},
-		models.PIARegion("Mexico"):            "mexico",
+		{Region: "DE Frankfurt", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "frankfurt406", IPs: []net.IP{{212, 102, 57, 96}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "frankfurt406", IPs: []net.IP{{212, 102, 57, 106}}}},
-		models.PIARegion("Netherlands"):       "nl",
+		{Region: "Denmark", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "copenhagen402", IPs: []net.IP{{188, 126, 94, 93}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "copenhagen402", IPs: []net.IP{{188, 126, 94, 93}}}},
-		models.PIARegion("New Zealand"):       "nz",
+		{Region: "Egypt", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "cairo401", IPs: []net.IP{{188, 214, 122, 106}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "cairo401", IPs: []net.IP{{188, 214, 122, 104}}}},
-		models.PIARegion("Norway"):            "no",
+		{Region: "Estonia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "talinn402", IPs: []net.IP{{95, 153, 31, 73}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "talinn402", IPs: []net.IP{{95, 153, 31, 73}}}},
-		models.PIARegion("Poland"):            "poland",
+		{Region: "Finland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "helsinki402", IPs: []net.IP{{188, 126, 89, 45}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "helsinki402", IPs: []net.IP{{188, 126, 89, 45}}}},
-		models.PIARegion("Romania"):           "ro",
+		{Region: "France", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "paris402", IPs: []net.IP{{156, 146, 63, 159}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "paris402", IPs: []net.IP{{156, 146, 63, 159}}}},
-		models.PIARegion("Singapore"):         "sg",
+		{Region: "Georgia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "georgia401", IPs: []net.IP{{45, 132, 138, 245}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "georgia401", IPs: []net.IP{{45, 132, 138, 236}}}},
-		models.PIARegion("Spain"):             "spain",
+		{Region: "Greece", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "athens401", IPs: []net.IP{{154, 57, 3, 80}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "athens401", IPs: []net.IP{{154, 57, 3, 84}}}},
-		models.PIARegion("Sweden"):            "sweden",
+		{Region: "Greenland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "greenland402", IPs: []net.IP{{45, 131, 209, 222}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "greenland402", IPs: []net.IP{{45, 131, 209, 208}}}},
-		models.PIARegion("Switzerland"):       "swiss",
+		{Region: "Hong Kong", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "hongkong402", IPs: []net.IP{{86, 107, 104, 234}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "hongkong402", IPs: []net.IP{{86, 107, 104, 240}}}},
-		models.PIARegion("UAE"):               "ae",
+		{Region: "Hungary", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "budapest402", IPs: []net.IP{{86, 106, 74, 121}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "budapest402", IPs: []net.IP{{86, 106, 74, 125}}}},
-		models.PIARegion("UK London"):         "uk-london",
+		{Region: "Iceland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "reykjavik402", IPs: []net.IP{{45, 133, 193, 86}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "reykjavik402", IPs: []net.IP{{45, 133, 193, 86}}}},
-		models.PIARegion("UK Manchester"):     "uk-manchester",
+		{Region: "India", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "mumbai405", IPs: []net.IP{{45, 120, 139, 97}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "mumbai405", IPs: []net.IP{{45, 120, 139, 97}}}},
-		models.PIARegion("UK Southampton"):    "uk-southampton",
+		{Region: "Iran", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "iran402", IPs: []net.IP{{45, 131, 4, 219}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "iran402", IPs: []net.IP{{45, 131, 4, 218}}}},
-		models.PIARegion("US Atlanta"):        "us-atlanta",
+		{Region: "Ireland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "dublin404", IPs: []net.IP{{193, 56, 252, 28}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "dublin404", IPs: []net.IP{{193, 56, 252, 24}}}},
-		models.PIARegion("US California"):     "us-california",
+		{Region: "Isle of Man", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "douglas401", IPs: []net.IP{{45, 132, 140, 236}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "douglas401", IPs: []net.IP{{45, 132, 140, 244}}}},
-		models.PIARegion("US Chicago"):        "us-chicago",
+		{Region: "Israel", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "jerusalem401", IPs: []net.IP{{185, 77, 248, 19}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "jerusalem401", IPs: []net.IP{{185, 77, 248, 17}}}},
-		models.PIARegion("US Denver"):         "us-denver",
+		{Region: "Italy", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "milano402", IPs: []net.IP{{156, 146, 41, 20}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "milano402", IPs: []net.IP{{156, 146, 41, 42}}}},
-		models.PIARegion("US East"):           "us-east",
+		{Region: "Japan", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "tokyo401", IPs: []net.IP{{156, 146, 34, 135}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "tokyo401", IPs: []net.IP{{156, 146, 34, 157}}}},
-		models.PIARegion("US Florida"):        "us-florida",
+		{Region: "Kazakhstan", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "kazakhstan402", IPs: []net.IP{{45, 133, 88, 209}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "kazakhstan402", IPs: []net.IP{{45, 133, 88, 229}}}},
-		models.PIARegion("US Houston"):        "us-houston",
+		{Region: "Latvia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "riga401", IPs: []net.IP{{109, 248, 149, 12}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "riga401", IPs: []net.IP{{109, 248, 149, 12}}}},
-		models.PIARegion("US Las Vegas"):      "us-lasvegas",
+		{Region: "Liechtenstein", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "liechtenstein401", IPs: []net.IP{{45, 139, 48, 236}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "liechtenstein401", IPs: []net.IP{{45, 139, 48, 242}}}},
-		models.PIARegion("US New York City"):  "us-newyorkcity",
+		{Region: "Lithuania", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "vilnius401", IPs: []net.IP{{85, 206, 165, 163}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "vilnius401", IPs: []net.IP{{85, 206, 165, 163}}}},
-		models.PIARegion("US Seattle"):        "us-seattle",
+		{Region: "Luxembourg", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "luxembourg401", IPs: []net.IP{{92, 223, 89, 74}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "luxembourg401", IPs: []net.IP{{92, 223, 89, 78}}}},
-		models.PIARegion("US Silicon Valley"): "us-siliconvalley",
+		{Region: "Macedonia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "macedonia401", IPs: []net.IP{{185, 225, 28, 115}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "macedonia401", IPs: []net.IP{{185, 225, 28, 115}}}},
-		models.PIARegion("US Texas"):          "us-texas",
+		{Region: "Malta", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "malta401", IPs: []net.IP{{45, 137, 198, 238}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "malta401", IPs: []net.IP{{45, 137, 198, 244}}}},
-		models.PIARegion("US Washington DC"):  "us-washingtondc",
+		{Region: "Mexico", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "mexico403", IPs: []net.IP{{77, 81, 142, 8}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "mexico403", IPs: []net.IP{{77, 81, 142, 7}}}},
-		models.PIARegion("US West"):           "us-west",
+		{Region: "Moldova", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "chisinau401", IPs: []net.IP{{178, 175, 129, 43}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "chisinau401", IPs: []net.IP{{178, 175, 129, 44}}}},
-	}
+		{Region: "Monaco", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "monaco402", IPs: []net.IP{{45, 137, 199, 226}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "monaco402", IPs: []net.IP{{45, 137, 199, 218}}}},
-	subdomain, ok := mapping[region]
+		{Region: "Montenegro", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "montenegro402", IPs: []net.IP{{45, 131, 208, 212}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "montenegro402", IPs: []net.IP{{45, 131, 208, 212}}}},
-	if !ok {
+		{Region: "Morocco", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "morocco401", IPs: []net.IP{{45, 131, 211, 233}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "morocco401", IPs: []net.IP{{45, 131, 211, 248}}}},
-		return "", fmt.Errorf("PIA region %q does not exist and can only be one of ", strings.Join(PIAGeoChoices(), ","))
+		{Region: "Netherlands", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "amsterdam416", IPs: []net.IP{{212, 102, 35, 136}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "amsterdam416", IPs: []net.IP{{212, 102, 35, 136}}}},
-	}
+		{Region: "New Zealand", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "newzealand403", IPs: []net.IP{{43, 250, 207, 89}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "newzealand403", IPs: []net.IP{{43, 250, 207, 94}}}},
-	return subdomain, nil
+		{Region: "Norway", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "oslo403", IPs: []net.IP{{46, 246, 122, 124}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "oslo403", IPs: []net.IP{{46, 246, 122, 99}}}},
-}
+		{Region: "Panama", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "panama401", IPs: []net.IP{{45, 131, 210, 248}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "panama401", IPs: []net.IP{{45, 131, 210, 231}}}},
-
+		{Region: "Philippines", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "philippines401", IPs: []net.IP{{188, 214, 125, 142}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "philippines401", IPs: []net.IP{{188, 214, 125, 142}}}},
-const (
+		{Region: "Poland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "warsaw402", IPs: []net.IP{{194, 110, 114, 13}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "warsaw402", IPs: []net.IP{{194, 110, 114, 13}}}},
-	PIAPortForwardURL models.URL = "http://209.222.18.222:2000"
+		{Region: "Portugal", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "lisbon401", IPs: []net.IP{{89, 26, 241, 72}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "lisbon401", IPs: []net.IP{{89, 26, 241, 76}}}},
-)
+		{Region: "Qatar", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "qatar401", IPs: []net.IP{{45, 131, 7, 234}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "qatar401", IPs: []net.IP{{45, 131, 7, 232}}}},
 		{Region: "Romania", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "romania408", IPs: []net.IP{{143, 244, 54, 93}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "romania408", IPs: []net.IP{{143, 244, 54, 92}}}},
 		{Region: "Saudi Arabia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "saudiarabia401", IPs: []net.IP{{45, 131, 6, 238}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "saudiarabia401", IPs: []net.IP{{45, 131, 6, 231}}}},
 		{Region: "Serbia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "belgrade401", IPs: []net.IP{{37, 120, 193, 254}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "belgrade401", IPs: []net.IP{{37, 120, 193, 254}}}},
 		{Region: "Singapore", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "singapore401", IPs: []net.IP{{156, 146, 57, 210}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "singapore401", IPs: []net.IP{{156, 146, 57, 190}}}},
 		{Region: "Slovakia", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "bratislava401", IPs: []net.IP{{37, 120, 221, 93}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "bratislava401", IPs: []net.IP{{37, 120, 221, 83}}}},
 		{Region: "South Africa", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "johannesburg401", IPs: []net.IP{{154, 16, 93, 46}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "johannesburg401", IPs: []net.IP{{154, 16, 93, 44}}}},
 		{Region: "Spain", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "madrid402", IPs: []net.IP{{212, 102, 49, 33}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "madrid402", IPs: []net.IP{{212, 102, 49, 29}}}},
 		{Region: "Sri Lanka", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "srilanka402", IPs: []net.IP{{45, 132, 136, 224}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "srilanka402", IPs: []net.IP{{45, 132, 136, 216}}}},
 		{Region: "Sweden", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "stockholm404", IPs: []net.IP{{195, 246, 120, 140}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "stockholm404", IPs: []net.IP{{195, 246, 120, 116}}}},
 		{Region: "Switzerland", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "zurich404", IPs: []net.IP{{212, 102, 37, 104}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "zurich404", IPs: []net.IP{{212, 102, 37, 84}}}},
 		{Region: "Taiwan", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "taiwan401", IPs: []net.IP{{188, 214, 106, 76}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "taiwan401", IPs: []net.IP{{188, 214, 106, 71}}}},
 		{Region: "Turkey", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "istanbul401", IPs: []net.IP{{188, 213, 34, 71}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "istanbul401", IPs: []net.IP{{188, 213, 34, 76}}}},
 		{Region: "UK London", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "london412", IPs: []net.IP{{37, 235, 96, 109}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "london412", IPs: []net.IP{{37, 235, 96, 109}}}},
 		{Region: "UK Manchester", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "manchester460", IPs: []net.IP{{37, 120, 159, 136}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "manchester460", IPs: []net.IP{{37, 120, 159, 122}}}},
 		{Region: "UK Southampton", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "southampton401", IPs: []net.IP{{143, 244, 37, 223}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "southampton401", IPs: []net.IP{{143, 244, 37, 189}}}},
 		{Region: "US Atlanta", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "atlanta421", IPs: []net.IP{{154, 21, 21, 77}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "atlanta421", IPs: []net.IP{{154, 21, 21, 70}}}},
 		{Region: "US California", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "losangeles401", IPs: []net.IP{{37, 235, 107, 62}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "losangeles401", IPs: []net.IP{{37, 235, 107, 17}}}},
 		{Region: "US Chicago", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "chicago416", IPs: []net.IP{{154, 21, 114, 12}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "chicago416", IPs: []net.IP{{154, 21, 114, 12}}}},
 		{Region: "US Denver", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "denver402", IPs: []net.IP{{70, 39, 126, 157}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "denver402", IPs: []net.IP{{70, 39, 126, 175}}}},
 		{Region: "US East", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "newjersey402", IPs: []net.IP{{37, 235, 103, 74}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "newjersey402", IPs: []net.IP{{37, 235, 103, 131}}}},
 		{Region: "US Florida", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "miami405", IPs: []net.IP{{37, 235, 98, 169}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "miami405", IPs: []net.IP{{37, 235, 98, 188}}}},
 		{Region: "US Houston", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "houston418", IPs: []net.IP{{205, 251, 154, 205}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "houston418", IPs: []net.IP{{205, 251, 154, 208}}}},
 		{Region: "US Las Vegas", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "lasvegas402", IPs: []net.IP{{45, 89, 173, 178}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "lasvegas402", IPs: []net.IP{{45, 89, 173, 181}}}},
 		{Region: "US New York", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "newyork403", IPs: []net.IP{{156, 146, 54, 108}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "newyork403", IPs: []net.IP{{156, 146, 54, 63}}}},
 		{Region: "US Seattle", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "seattle417", IPs: []net.IP{{154, 21, 20, 187}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "seattle417", IPs: []net.IP{{154, 21, 20, 169}}}},
 		{Region: "US Silicon Valley", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "siliconvalley401", IPs: []net.IP{{154, 21, 212, 40}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "siliconvalley401", IPs: []net.IP{{154, 21, 212, 14}}}},
 		{Region: "US Texas", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "dallas401", IPs: []net.IP{{156, 146, 53, 180}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "dallas401", IPs: []net.IP{{156, 146, 53, 186}}}},
 		{Region: "US Washington DC", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "washington412", IPs: []net.IP{{23, 105, 168, 143}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "washington412", IPs: []net.IP{{23, 105, 168, 150}}}},
 		{Region: "US West", PortForward: false, OpenvpnUDP: models.PIAServerOpenvpn{CN: "phoenix407", IPs: []net.IP{{184, 170, 241, 67}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "phoenix407", IPs: []net.IP{{184, 170, 241, 121}}}},
 		{Region: "Ukraine", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "kiev402", IPs: []net.IP{{62, 149, 20, 23}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "kiev402", IPs: []net.IP{{62, 149, 20, 22}}}},
 		{Region: "United Arab Emirates", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "dubai403", IPs: []net.IP{{217, 138, 193, 146}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "dubai403", IPs: []net.IP{{217, 138, 193, 148}}}},
 		{Region: "Venezuela", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "venezuela402", IPs: []net.IP{{45, 133, 89, 217}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "venezuela402", IPs: []net.IP{{45, 133, 89, 217}}}},
 		{Region: "Vietnam", PortForward: true, OpenvpnUDP: models.PIAServerOpenvpn{CN: "vietnam401", IPs: []net.IP{{188, 214, 152, 76}}}, OpenvpnTCP: models.PIAServerOpenvpn{CN: "vietnam401", IPs: []net.IP{{188, 214, 152, 70}}}},
 	}
 }
 func PIAOldGeoChoices() (choices []string) {
 	servers := PIAOldServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Region
 	}
 	return choices
 }
 func PIAOldServers() []models.PIAOldServer {
 	return []models.PIAOldServer{
 		{Region: "AU Melbourne", IPs: []net.IP{{27, 50, 82, 131}, {43, 250, 204, 105}, {43, 250, 204, 107}, {43, 250, 204, 109}, {43, 250, 204, 111}, {43, 250, 204, 113}, {43, 250, 204, 115}, {43, 250, 204, 117}, {43, 250, 204, 119}, {43, 250, 204, 123}, {43, 250, 204, 125}}},
 		{Region: "AU Perth", IPs: []net.IP{{43, 250, 205, 59}, {43, 250, 205, 91}, {43, 250, 205, 93}, {43, 250, 205, 95}}},
 		{Region: "AU Sydney", IPs: []net.IP{{27, 50, 68, 23}, {27, 50, 70, 87}, {27, 50, 77, 251}, {27, 50, 81, 117}, {103, 13, 102, 123}, {103, 13, 102, 127}, {118, 127, 60, 51}, {221, 121, 145, 135}, {221, 121, 145, 137}, {221, 121, 145, 145}, {221, 121, 145, 147}, {221, 121, 145, 159}, {221, 121, 146, 203}, {221, 121, 148, 221}, {221, 121, 152, 215}}},
 		{Region: "Albania", IPs: []net.IP{{31, 171, 154, 114}}},
 		{Region: "Argentina", IPs: []net.IP{{190, 106, 134, 100}}},
 		{Region: "Austria", IPs: []net.IP{{89, 187, 168, 6}, {156, 146, 60, 129}}},
 		{Region: "Belgium", IPs: []net.IP{{77, 243, 191, 18}, {77, 243, 191, 19}, {77, 243, 191, 20}, {185, 232, 21, 26}}},
 		{Region: "Bosnia and Herzegovina", IPs: []net.IP{{185, 164, 35, 54}}},
 		{Region: "Bulgaria", IPs: []net.IP{{217, 138, 221, 66}}},
 		{Region: "CA Montreal", IPs: []net.IP{{172, 98, 71, 194}, {199, 36, 223, 130}, {199, 36, 223, 194}}},
 		{Region: "CA Ontario", IPs: []net.IP{{162, 219, 176, 26}, {162, 219, 176, 42}, {184, 75, 208, 2}, {184, 75, 208, 90}, {184, 75, 208, 114}, {184, 75, 208, 122}, {184, 75, 208, 130}, {184, 75, 208, 146}, {184, 75, 208, 170}, {184, 75, 208, 202}, {184, 75, 210, 18}, {184, 75, 210, 98}, {184, 75, 210, 106}, {184, 75, 213, 186}, {184, 75, 213, 218}, {184, 75, 214, 18}, {184, 75, 215, 18}, {184, 75, 215, 26}, {184, 75, 215, 66}, {184, 75, 215, 74}}},
 		{Region: "CA Toronto", IPs: []net.IP{{66, 115, 142, 130}, {66, 115, 145, 199}, {172, 98, 92, 66}, {172, 98, 92, 130}, {172, 98, 92, 194}}},
 		{Region: "CA Vancouver", IPs: []net.IP{{162, 216, 47, 66}, {162, 216, 47, 194}, {172, 98, 89, 130}, {172, 98, 89, 194}}},
 		{Region: "Czech Republic", IPs: []net.IP{{212, 102, 39, 1}}},
 		{Region: "DE Berlin", IPs: []net.IP{{185, 230, 127, 238}, {193, 176, 86, 122}, {193, 176, 86, 123}, {193, 176, 86, 134}, {193, 176, 86, 178}, {194, 36, 108, 6}}},
 		{Region: "DE Frankfurt", IPs: []net.IP{{195, 181, 170, 239}, {195, 181, 170, 240}, {195, 181, 170, 241}, {195, 181, 170, 242}, {195, 181, 170, 243}, {195, 181, 170, 244}, {212, 102, 57, 138}}},
 		{Region: "Denmark", IPs: []net.IP{{188, 126, 94, 34}}},
 		{Region: "Estonia", IPs: []net.IP{{77, 247, 111, 82}, {77, 247, 111, 98}, {77, 247, 111, 114}, {77, 247, 111, 130}}},
 		{Region: "Finland", IPs: []net.IP{{188, 126, 89, 4}, {188, 126, 89, 194}}},
 		{Region: "France", IPs: []net.IP{{156, 146, 63, 1}, {156, 146, 63, 65}}},
 		{Region: "Greece", IPs: []net.IP{{154, 57, 3, 91}, {154, 57, 3, 106}, {154, 57, 3, 145}}},
 		{Region: "Hungary", IPs: []net.IP{{185, 128, 26, 18}, {185, 128, 26, 19}, {185, 128, 26, 20}, {185, 128, 26, 21}, {185, 128, 26, 22}, {185, 128, 26, 23}, {185, 128, 26, 24}, {185, 189, 114, 98}}},
 		{Region: "Iceland", IPs: []net.IP{{45, 133, 193, 50}}},
 		{Region: "India", IPs: []net.IP{{45, 120, 139, 108}, {45, 120, 139, 109}, {150, 242, 12, 155}, {150, 242, 12, 171}, {150, 242, 12, 187}}},
 		{Region: "Ireland", IPs: []net.IP{{193, 56, 252, 210}, {193, 56, 252, 226}, {193, 56, 252, 242}, {193, 56, 252, 250}, {193, 56, 252, 251}, {193, 56, 252, 252}}},
 		{Region: "Israel", IPs: []net.IP{{31, 168, 172, 142}, {31, 168, 172, 143}, {31, 168, 172, 145}, {31, 168, 172, 146}}},
 		{Region: "Italy", IPs: []net.IP{{156, 146, 41, 129}, {156, 146, 41, 193}}},
 		{Region: "Japan", IPs: []net.IP{{156, 146, 34, 1}, {156, 146, 34, 65}}},
 		{Region: "Latvia", IPs: []net.IP{{46, 183, 217, 34}, {46, 183, 218, 130}, {46, 183, 218, 146}}},
 		{Region: "Lithuania", IPs: []net.IP{{85, 206, 165, 96}, {85, 206, 165, 112}, {85, 206, 165, 128}}},
 		{Region: "Luxembourg", IPs: []net.IP{{92, 223, 89, 133}, {92, 223, 89, 134}, {92, 223, 89, 135}, {92, 223, 89, 136}, {92, 223, 89, 137}, {92, 223, 89, 138}, {92, 223, 89, 140}, {92, 223, 89, 142}}},
 		{Region: "Moldova", IPs: []net.IP{{178, 17, 172, 242}, {178, 17, 173, 194}, {178, 175, 128, 34}}},
 		{Region: "Netherlands", IPs: []net.IP{{89, 187, 174, 198}, {212, 102, 35, 101}, {212, 102, 35, 102}, {212, 102, 35, 103}, {212, 102, 35, 104}}},
 		{Region: "New Zealand", IPs: []net.IP{{43, 250, 207, 1}, {43, 250, 207, 3}}},
 		{Region: "North Macedonia", IPs: []net.IP{{185, 225, 28, 130}}},
 		{Region: "Norway", IPs: []net.IP{{46, 246, 122, 34}, {46, 246, 122, 162}}},
 		{Region: "Poland", IPs: []net.IP{{185, 244, 214, 195}, {185, 244, 214, 196}, {185, 244, 214, 197}, {185, 244, 214, 198}, {185, 244, 214, 199}, {185, 244, 214, 200}}},
 		{Region: "Portugal", IPs: []net.IP{{89, 26, 241, 86}, {89, 26, 241, 102}, {89, 26, 241, 130}}},
 		{Region: "Romania", IPs: []net.IP{{86, 105, 25, 69}, {86, 105, 25, 70}, {86, 105, 25, 74}, {86, 105, 25, 75}, {86, 105, 25, 76}, {86, 105, 25, 77}, {86, 105, 25, 78}, {89, 33, 8, 38}, {89, 33, 8, 42}, {93, 115, 7, 70}, {94, 176, 148, 35}, {143, 244, 54, 1}, {185, 45, 12, 126}, {185, 210, 218, 98}, {185, 210, 218, 99}, {185, 210, 218, 100}, {185, 210, 218, 101}, {185, 210, 218, 102}, {185, 210, 218, 105}, {188, 240, 220, 26}}},
 		{Region: "Serbia", IPs: []net.IP{{37, 120, 193, 226}}},
 		{Region: "Singapore", IPs: []net.IP{{156, 146, 56, 193}, {156, 146, 57, 38}, {156, 146, 57, 235}, {156, 146, 57, 244}}},
 		{Region: "Slovakia", IPs: []net.IP{{37, 120, 221, 82}, {37, 120, 221, 98}}},
 		{Region: "South Africa", IPs: []net.IP{{102, 165, 20, 133}}},
 		{Region: "Spain", IPs: []net.IP{{212, 102, 49, 185}, {212, 102, 49, 251}}},
 		{Region: "Sweden", IPs: []net.IP{{46, 246, 3, 254}}},
 		{Region: "Switzerland", IPs: []net.IP{{156, 146, 62, 193}, {212, 102, 36, 1}, {212, 102, 36, 166}, {212, 102, 37, 240}, {212, 102, 37, 241}, {212, 102, 37, 242}, {212, 102, 37, 243}}},
 		{Region: "Turkey", IPs: []net.IP{{185, 195, 79, 34}, {185, 195, 79, 82}}},
 		{Region: "UAE", IPs: []net.IP{{45, 9, 250, 46}}},
 		{Region: "UK London", IPs: []net.IP{{212, 102, 52, 1}}},
 		{Region: "UK Manchester", IPs: []net.IP{{89, 238, 137, 36}, {89, 238, 137, 37}, {89, 238, 137, 38}, {89, 238, 137, 39}, {89, 238, 139, 52}, {89, 238, 139, 53}, {89, 238, 139, 54}, {89, 238, 139, 55}, {89, 238, 139, 56}, {89, 238, 139, 57}, {89, 238, 139, 58}, {89, 249, 67, 220}}},
 		{Region: "UK Southampton", IPs: []net.IP{{143, 244, 36, 58}, {143, 244, 37, 1}, {143, 244, 38, 1}, {143, 244, 38, 60}, {143, 244, 38, 119}}},
 		{Region: "US Atlanta", IPs: []net.IP{{156, 146, 46, 1}, {156, 146, 46, 134}, {156, 146, 46, 198}, {156, 146, 47, 11}}},
 		{Region: "US California", IPs: []net.IP{{37, 235, 108, 208}, {89, 187, 187, 129}, {89, 187, 187, 162}, {91, 207, 175, 194}, {91, 207, 175, 195}, {91, 207, 175, 197}, {91, 207, 175, 198}, {91, 207, 175, 199}, {91, 207, 175, 200}, {91, 207, 175, 205}, {91, 207, 175, 206}, {91, 207, 175, 207}, {91, 207, 175, 209}, {91, 207, 175, 210}, {91, 207, 175, 212}}},
 		{Region: "US Chicago", IPs: []net.IP{{156, 146, 50, 1}, {156, 146, 50, 65}, {156, 146, 50, 134}, {156, 146, 50, 198}, {156, 146, 51, 11}, {212, 102, 58, 113}, {212, 102, 59, 54}, {212, 102, 59, 129}}},
 		{Region: "US Dallas", IPs: []net.IP{{156, 146, 38, 65}, {156, 146, 38, 161}, {156, 146, 39, 1}, {156, 146, 39, 6}, {156, 146, 52, 6}, {156, 146, 52, 70}, {156, 146, 52, 139}, {156, 146, 52, 203}}},
 		{Region: "US Denver", IPs: []net.IP{{70, 39, 77, 130}, {70, 39, 92, 2}, {70, 39, 113, 194}, {174, 128, 225, 2}, {174, 128, 226, 10}, {174, 128, 226, 18}, {174, 128, 227, 2}, {174, 128, 227, 226}, {174, 128, 236, 98}, {174, 128, 242, 234}, {174, 128, 242, 250}, {174, 128, 243, 98}, {174, 128, 244, 74}, {174, 128, 245, 122}, {174, 128, 246, 10}, {199, 115, 98, 146}, {199, 115, 98, 234}, {199, 115, 101, 178}, {199, 115, 101, 186}, {199, 115, 102, 146}}},
 		{Region: "US East", IPs: []net.IP{{156, 146, 58, 202}, {156, 146, 58, 203}, {156, 146, 58, 204}, {156, 146, 58, 205}, {156, 146, 58, 207}, {156, 146, 58, 208}, {156, 146, 58, 209}, {193, 37, 253, 115}, {193, 37, 253, 134}, {194, 59, 251, 8}, {194, 59, 251, 11}, {194, 59, 251, 22}, {194, 59, 251, 28}, {194, 59, 251, 56}, {194, 59, 251, 62}, {194, 59, 251, 69}, {194, 59, 251, 82}, {194, 59, 251, 84}, {194, 59, 251, 91}, {194, 59, 251, 112}}},
 		{Region: "US Florida", IPs: []net.IP{{193, 37, 252, 6}, {193, 37, 252, 7}, {193, 37, 252, 8}, {193, 37, 252, 9}, {193, 37, 252, 10}, {193, 37, 252, 11}, {193, 37, 252, 12}, {193, 37, 252, 14}, {193, 37, 252, 15}, {193, 37, 252, 16}, {193, 37, 252, 17}, {193, 37, 252, 18}, {193, 37, 252, 19}, {193, 37, 252, 20}, {193, 37, 252, 21}, {193, 37, 252, 23}, {193, 37, 252, 24}, {193, 37, 252, 25}, {193, 37, 252, 26}, {193, 37, 252, 27}}},
 		{Region: "US Houston", IPs: []net.IP{{74, 81, 88, 26}, {74, 81, 88, 42}, {74, 81, 88, 66}, {74, 81, 88, 74}, {205, 251, 148, 66}, {205, 251, 148, 90}, {205, 251, 148, 98}, {205, 251, 148, 122}, {205, 251, 148, 130}, {205, 251, 148, 138}, {205, 251, 148, 186}, {205, 251, 150, 146}, {205, 251, 150, 170}}},
 		{Region: "US Las Vegas", IPs: []net.IP{{79, 110, 53, 50}, {79, 110, 53, 66}, {79, 110, 53, 98}, {79, 110, 53, 114}, {79, 110, 53, 130}, {79, 110, 53, 146}, {79, 110, 53, 162}, {79, 110, 53, 178}, {79, 110, 53, 194}, {79, 110, 53, 210}, {162, 251, 236, 7}, {199, 127, 56, 83}, {199, 127, 56, 84}, {199, 127, 56, 87}, {199, 127, 56, 89}, {199, 127, 56, 90}}},
 		{Region: "US New York City", IPs: []net.IP{{156, 146, 36, 225}, {156, 146, 37, 129}, {156, 146, 58, 1}, {156, 146, 58, 134}}},
 		{Region: "US Seattle", IPs: []net.IP{{156, 146, 48, 65}, {156, 146, 48, 135}, {156, 146, 48, 200}, {156, 146, 49, 13}, {212, 102, 46, 129}, {212, 102, 46, 193}, {212, 102, 47, 134}}},
 		{Region: "US Silicon Valley", IPs: []net.IP{{199, 116, 118, 130}, {199, 116, 118, 132}, {199, 116, 118, 134}, {199, 116, 118, 136}, {199, 116, 118, 145}, {199, 116, 118, 148}, {199, 116, 118, 149}, {199, 116, 118, 157}, {199, 116, 118, 166}, {199, 116, 118, 169}, {199, 116, 118, 172}}},
 		{Region: "US Washington DC", IPs: []net.IP{{70, 32, 0, 46}, {70, 32, 0, 51}, {70, 32, 0, 53}, {70, 32, 0, 62}, {70, 32, 0, 64}, {70, 32, 0, 68}, {70, 32, 0, 69}, {70, 32, 0, 72}, {70, 32, 0, 76}, {70, 32, 0, 77}, {70, 32, 0, 106}, {70, 32, 0, 107}, {70, 32, 0, 114}, {70, 32, 0, 116}, {70, 32, 0, 120}, {70, 32, 0, 167}, {70, 32, 0, 168}, {70, 32, 0, 170}, {70, 32, 0, 172}, {70, 32, 0, 173}}},
 		{Region: "US West", IPs: []net.IP{{184, 170, 241, 130}, {184, 170, 241, 194}, {184, 170, 242, 135}, {184, 170, 242, 199}}},
 		{Region: "Ukraine", IPs: []net.IP{{62, 149, 20, 10}, {62, 149, 20, 40}}},
 	}
 }
 const (
 	PIAPortForwardURL models.URL = "http://209.222.18.222:2000"
 )
--- a/internal/constants/purevpn.go
+++ b/internal/constants/purevpn.go
@@ -0,0 +1,196 @@
 package constants
 import (
 	"net"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	PurevpnCertificateAuthority = "MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYDVQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoTD1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1TZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQwOVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7OpMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNSLu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvMaUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNVHQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFrYnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2HMwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/ZnNUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvGdDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBOxpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJgp1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS4ZjTr9nMn6WdAHU2"
 	PurevpnCertificate          = "MIIEnzCCA4egAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCSEsxEDAOBgNVBAgTB0NlbnRyYWwxCzAJBgNVBAcTAkhLMRgwFgYDVQQKEw9TZWN1cmUtU2VydmVyQ0ExCzAJBgNVBAsTAklUMRgwFgYDVQQDEw9TZWN1cmUtU2VydmVyQ0ExGDAWBgNVBCkTD1NlY3VyZS1TZXJ2ZXJDQTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjAeFw0xNjAxMTUxNjE1MzhaFw0yNjAxMTIxNjE1MzhaMIGdMQswCQYDVQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxFjAUBgNVBAoTDVNlY3VyZS1DbGllbnQxCzAJBgNVBAsTAklUMRYwFAYDVQQDEw1TZWN1cmUtQ2xpZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxsnyn4v6xxDPnuDaYS0b9M1N8nxgg7OBPBlK+FWRxdTQ8yxt5U5CZGm7riVp7fya2J2iPZIgmHQEv/KbxztsHAVlYSfYYlalrnhEL3bDP2tY+N43AwB1k5BrPq2s1pPLT2XG951drDKG4PUuFHUP1sHzW5oQlfVCmxgIMAP8OYkCAwEAAaOCAV8wggFbMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU9MwUnUDbQKKZKjoeieD2OD5NlAEwgd0GA1UdIwSB1TCB0oAU456ijsFrYnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQDI1xaHqObkpTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFyFo2VUX/UFixsdPdK9/Yt6mkCWc+XS1xbapGXXb9U1d+h1iBCIV9odUHgNCXWpz1hR5Uu/OCzaZ0asLE4IFMZlQmJs8sMT0c1tfPPGW45vxbL0lhqnQ8PNcBH7huNK7VFjUh4szXRKmaQPaM4S91R3L4CaNfVeHfAg7mN2m9Zn5Gto1Q1/CFMGKu2hxwGEw5p+X1czBWEvg/O09ckx/ggkkI1NcZsNiYQ+6Pz8DdGGX3+05YwLZu94+O6iIMrzxl/il0eK83g3YPbsOrASARvw6w/8sOnJCK5eOacl21oww875KisnYdWjHB1FiI+VzQ1/gyoDsL5kPTJVuu2CoG8="
 	PurevpnKey                  = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMbJ8p+L+scQz57g2mEtG/TNTfJ8YIOzgTwZSvhVkcXU0PMsbeVOQmRpu64lae38mtidoj2SIJh0BL/ym8c7bBwFZWEn2GJWpa54RC92wz9rWPjeNwMAdZOQaz6trNaTy09lxvedXawyhuD1LhR1D9bB81uaEJX1QpsYCDAD/DmJAgMBAAECgYEAvTHbDupE5U0krUvHzBEIuHblptGlcfNYHoDcD3oxYR3pOGeiuElBexv+mgHVzcFLBrsQfJUlHLPfCWi3xmjRvDQcr7N7U1u7NIzazy/PpRBaKolMRiM1KMYi2DG0i4ZONwFT8bvNHOIrZzCLY54KDrqOn55OzC70WYjWh4t5evkCQQDkkzZUAeskBC9+JP/zLps8jhwfoLBWGw/zbC9ePDmX0N8MTZdcUpg6KUTf1wbkLUyVtIRjS2ao6qu1jWG6K0x3AkEA3qPWyaWQWCynhNDqu2U1cPb2kh5AJip+gqxO3emikAdajsSxeoyEC2AfyBITbeB1tvCUZH17J4i/0+OFTEQp/wJAb/zEOGJ8PzghwK8GC7JA8mk51DEZVAaMSRovFv9wxDXcoh191AjPdmdzzCuAv9iF1i8MUc3GbWoUWK39PIYsPwJAWh63sqfx5b8tj/WBDpnJKBDPfhYAoXJSA1L8GZeY1fQkE+ZKcPCwAmrGcpXeh3t0Krj3WDXyw+32uC5Apr5wwQJAPZwOOReaC4YNfBPZN9BdHvVjOYGGUffpI+X+hWpLRnQFJteAi+eqwyk0Oi0SkJB+a7jcerK2d7q7xhec5WHlng=="
 	PurevpnOpenvpnStaticKeyV1   = "e30af995f56d07426d9ba1f824730521d4283db4b4d0cdda9c6e8759a3799dcb7939b6a5989160c9660de0f6125cbb1f585b41c074b2fe88ecfcf17eab9a33be1352379cdf74952b588fb161a93e13df9135b2b29038231e02d657a6225705e6868ccb0c384ed11614690a1894bfbeb274cebf1fe9c2329bdd5c8a40fe8820624d2ea7540cd79ab76892db51fc371a3ac5fc9573afecb3fffe3281e61d72e91579d9b03d8cbf7909b3aebf4d90850321ee6b7d0a7846d15c27d8290e031e951e19438a4654663cad975e138f5bc5af89c737ad822f27e19057731f41e1e254cc9c95b7175c622422cde9f1f2cfd3510add94498b4d7133d3729dd214a16b27fb"
 )
 func PurevpnRegionChoices() (choices []string) {
 	servers := PurevpnServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Region
 	}
 	return choices
 }
 func PurevpnCountryChoices() (choices []string) {
 	servers := PurevpnServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Country
 	}
 	return choices
 }
 func PurevpnCityChoices() (choices []string) {
 	servers := PurevpnServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].City
 	}
 	return choices
 }
 func PurevpnServers() []models.PurevpnServer {
 	return []models.PurevpnServer{
 		{Region: "Africa", Country: "Algeria", City: "Algiers", IPs: []net.IP{{172, 94, 64, 2}}},
 		{Region: "Africa", Country: "Angola", City: "Benguela", IPs: []net.IP{{45, 115, 26, 2}}},
 		{Region: "Africa", Country: "Cape Verde", City: "Praia", IPs: []net.IP{{45, 74, 25, 2}}},
 		{Region: "Africa", Country: "Egypt", City: "Cairo", IPs: []net.IP{{192, 198, 120, 122}}},
 		{Region: "Africa", Country: "Ethiopia", City: "Addis Ababa", IPs: []net.IP{{104, 250, 178, 4}}},
 		{Region: "Africa", Country: "Ghana", City: "Accra", IPs: []net.IP{{196, 251, 67, 4}}},
 		{Region: "Africa", Country: "Kenya", City: "Mombasa", IPs: []net.IP{{102, 135, 0, 2}}},
 		{Region: "Africa", Country: "Madagascar", City: "Antananarivo", IPs: []net.IP{{206, 123, 156, 131}}},
 		{Region: "Africa", Country: "Mauritania", City: "Nouakchott", IPs: []net.IP{{206, 123, 158, 63}}},
 		{Region: "Africa", Country: "Mauritius", City: "Port Louis", IPs: []net.IP{{104, 250, 181, 4}}},
 		{Region: "Africa", Country: "Morocco", City: "Rabat", IPs: []net.IP{{104, 243, 250, 126}}},
 		{Region: "Africa", Country: "Niger", City: "Niamey", IPs: []net.IP{{206, 123, 157, 131}}},
 		{Region: "Africa", Country: "Nigeria", City: "Suleja", IPs: []net.IP{{102, 165, 25, 38}}},
 		{Region: "Africa", Country: "Senegal", City: "Dakar", IPs: []net.IP{{206, 123, 158, 131}}},
 		{Region: "Africa", Country: "Seychelles", City: "Victoria", IPs: []net.IP{{172, 111, 128, 126}}},
 		{Region: "Africa", Country: "South Africa", City: "Johannesburg", IPs: []net.IP{{45, 74, 45, 2}}},
 		{Region: "Africa", Country: "Tanzania", City: "Dar Es Salaam", IPs: []net.IP{{102, 135, 0, 2}}},
 		{Region: "Africa", Country: "Tunisia", City: "Tunis", IPs: []net.IP{{206, 123, 159, 4}}},
 		{Region: "Asia", Country: "Afghanistan", City: "Kabul", IPs: []net.IP{{172, 111, 208, 2}}},
 		{Region: "Asia", Country: "Armenia", City: "Singapore", IPs: []net.IP{{37, 120, 208, 147}}},
 		{Region: "Asia", Country: "Azerbaijan", City: "Baku", IPs: []net.IP{{104, 250, 177, 4}}},
 		{Region: "Asia", Country: "Bangladesh", City: "Dhaka", IPs: []net.IP{{206, 123, 154, 190}}},
 		{Region: "Asia", Country: "Brunei Darussalam", City: "Bandar Seri Begawan", IPs: []net.IP{{36, 255, 98, 2}}},
 		{Region: "Asia", Country: "Cambodia", City: "Phnom Penh", IPs: []net.IP{{104, 250, 176, 122}}},
 		{Region: "Asia", Country: "India", City: "Chennai", IPs: []net.IP{{129, 227, 107, 242}}},
 		{Region: "Asia", Country: "Indonesia", City: "Jakarta", IPs: []net.IP{{103, 55, 9, 2}}},
 		{Region: "Asia", Country: "Japan", City: "Tokyo", IPs: []net.IP{{172, 94, 56, 2}}},
 		{Region: "Asia", Country: "Kazakhstan", City: "Almaty", IPs: []net.IP{{206, 123, 152, 4}}},
 		{Region: "Asia", Country: "Korea, South", City: "Seoul", IPs: []net.IP{{45, 115, 25, 1}}},
 		{Region: "Asia", Country: "Kyrgyzstan", City: "Bishkek", IPs: []net.IP{{206, 123, 151, 131}}},
 		{Region: "Asia", Country: "Laos", City: "Vientiane", IPs: []net.IP{{206, 123, 153, 4}}},
 		{Region: "Asia", Country: "Macao", City: "Beyrouth", IPs: []net.IP{{104, 243, 240, 121}}},
 		{Region: "Asia", Country: "Malaysia", City: "Johor Baharu", IPs: []net.IP{{103, 28, 90, 54}, {103, 28, 90, 55}, {103, 28, 90, 71}, {103, 28, 90, 72}, {103, 117, 20, 21}, {103, 117, 20, 163}, {103, 117, 20, 164}, {103, 117, 20, 201}}},
 		{Region: "Asia", Country: "Malaysia", City: "Kuala Lumpur", IPs: []net.IP{{104, 250, 160, 4}}},
 		{Region: "Asia", Country: "Mongolia", City: "Ulaanbaatar", IPs: []net.IP{{206, 123, 153, 131}}},
 		{Region: "Asia", Country: "Pakistan", City: "Islamabad", IPs: []net.IP{{104, 250, 187, 3}}},
 		{Region: "Asia", Country: "Papua New Guinea", City: "Port Moresby", IPs: []net.IP{{206, 123, 155, 131}}},
 		{Region: "Asia", Country: "Philippines", City: "Manila", IPs: []net.IP{{129, 227, 119, 84}}},
 		{Region: "Asia", Country: "Sri Lanka", City: "Colombo", IPs: []net.IP{{206, 123, 154, 4}}},
 		{Region: "Asia", Country: "Taiwan", City: "Taipei", IPs: []net.IP{{128, 1, 155, 178}}},
 		{Region: "Asia", Country: "Tajikistan", City: "Dushanbe", IPs: []net.IP{{206, 123, 151, 4}}},
 		{Region: "Asia", Country: "Thailand", City: "Bangkok", IPs: []net.IP{{104, 37, 6, 4}}},
 		{Region: "Asia", Country: "Turkey", City: "Istanbul", IPs: []net.IP{{185, 220, 58, 3}}},
 		{Region: "Asia", Country: "Turkmenistan", City: "Ashgabat", IPs: []net.IP{{206, 123, 152, 131}}},
 		{Region: "Asia", Country: "Uzbekistan", City: "Tashkent", IPs: []net.IP{{206, 123, 150, 131}}},
 		{Region: "Asia", Country: "Vietnam", City: "Hanoi", IPs: []net.IP{{192, 253, 249, 132}}},
 		{Region: "Europe", Country: "Albania", City: "Tirane", IPs: []net.IP{{46, 243, 224, 2}}},
 		{Region: "Europe", Country: "Armenia", City: "Yerevan", IPs: []net.IP{{172, 94, 35, 4}}},
 		{Region: "Europe", Country: "Austria", City: "Vienna", IPs: []net.IP{{172, 94, 109, 2}}},
 		{Region: "Europe", Country: "Belgium", City: "Brussels", IPs: []net.IP{{185, 210, 217, 147}}},
 		{Region: "Europe", Country: "Bosnia and Herzegovina", City: "Sarajevo", IPs: []net.IP{{104, 250, 169, 122}}},
 		{Region: "Europe", Country: "Bulgaria", City: "Sofia", IPs: []net.IP{{217, 138, 221, 114}}},
 		{Region: "Europe", Country: "Croatia", City: "Zagreb", IPs: []net.IP{{104, 250, 163, 2}}},
 		{Region: "Europe", Country: "Cyprus", City: "Nicosia", IPs: []net.IP{{188, 72, 119, 4}}},
 		{Region: "Europe", Country: "Denmark", City: "Copenhagen", IPs: []net.IP{{89, 45, 7, 5}}},
 		{Region: "Europe", Country: "Estonia", City: "Tallinn", IPs: []net.IP{{185, 166, 87, 2}, {188, 72, 111, 4}}},
 		{Region: "Europe", Country: "France", City: "Paris", IPs: []net.IP{{172, 94, 53, 2}, {172, 111, 219, 2}}},
 		{Region: "Europe", Country: "Georgia", City: "Tbilisi", IPs: []net.IP{{141, 101, 156, 2}}},
 		{Region: "Europe", Country: "Germany", City: "Frankfurt", IPs: []net.IP{{172, 94, 8, 4}}},
 		{Region: "Europe", Country: "Germany", City: "Munich", IPs: []net.IP{{172, 94, 8, 4}}},
 		{Region: "Europe", Country: "Germany", City: "Nuremberg", IPs: []net.IP{{172, 94, 125, 2}}},
 		{Region: "Europe", Country: "Greece", City: "Thessaloniki", IPs: []net.IP{{172, 94, 109, 2}}},
 		{Region: "Europe", Country: "Hungary", City: "Budapest", IPs: []net.IP{{172, 111, 129, 2}, {188, 72, 125, 126}}},
 		{Region: "Europe", Country: "Iceland", City: "Reykjavik", IPs: []net.IP{{192, 253, 250, 1}}},
 		{Region: "Europe", Country: "Ireland", City: "Dublin", IPs: []net.IP{{185, 210, 217, 147}}},
 		{Region: "Europe", Country: "Isle of Man", City: "Onchan", IPs: []net.IP{{46, 243, 144, 2}}},
 		{Region: "Europe", Country: "Italy", City: "Milano", IPs: []net.IP{{45, 9, 251, 2}}},
 		{Region: "Europe", Country: "Latvia", City: "RIGA", IPs: []net.IP{{185, 118, 76, 5}}},
 		{Region: "Europe", Country: "Liechtenstein", City: "Vaduz", IPs: []net.IP{{104, 250, 164, 4}}},
 		{Region: "Europe", Country: "Lithuania", City: "Vilnius", IPs: []net.IP{{188, 72, 116, 3}}},
 		{Region: "Europe", Country: "Luxembourg", City: "Luxembourg", IPs: []net.IP{{188, 72, 114, 2}}},
 		{Region: "Europe", Country: "Malta", City: "Sliema", IPs: []net.IP{{46, 243, 241, 4}}},
 		{Region: "Europe", Country: "Monaco", City: "Monaco", IPs: []net.IP{{104, 250, 168, 132}}},
 		{Region: "Europe", Country: "Montenegro", City: "Podgorica", IPs: []net.IP{{104, 250, 165, 121}}},
 		{Region: "Europe", Country: "Netherlands", City: "Amsterdam", IPs: []net.IP{{92, 119, 179, 195}}},
 		{Region: "Europe", Country: "Norway", City: "Oslo", IPs: []net.IP{{82, 102, 22, 211}}},
 		{Region: "Europe", Country: "Poland", City: "Warsaw", IPs: []net.IP{{5, 253, 206, 251}}},
 		{Region: "Europe", Country: "Portugal", City: "Lisbon", IPs: []net.IP{{45, 74, 10, 1}}},
 		{Region: "Europe", Country: "Romania", City: "Bucharest", IPs: []net.IP{{192, 253, 253, 2}}},
 		{Region: "Europe", Country: "Serbia", City: "Niš", IPs: []net.IP{{104, 250, 166, 2}}},
 		{Region: "Europe", Country: "Slovakia", City: "Bratislava", IPs: []net.IP{{188, 72, 112, 3}}},
 		{Region: "Europe", Country: "Slovenia", City: "Ljubljana", IPs: []net.IP{{104, 243, 246, 129}}},
 		{Region: "Europe", Country: "Spain", City: "Barcelona", IPs: []net.IP{{185, 230, 124, 147}}},
 		{Region: "Europe", Country: "Sweden", City: "Stockholm", IPs: []net.IP{{45, 74, 46, 2}}},
 		{Region: "Europe", Country: "Switzerland", City: "Zurich", IPs: []net.IP{{172, 111, 217, 2}}},
 		{Region: "Europe", Country: "United Kingdom", City: "Gosport", IPs: []net.IP{{45, 74, 0, 2}, {45, 74, 62, 2}}},
 		{Region: "Europe", Country: "United Kingdom", City: "London", IPs: []net.IP{{45, 74, 0, 2}, {45, 74, 62, 2}}},
 		{Region: "Europe", Country: "United Kingdom", City: "Maidenhead", IPs: []net.IP{{172, 111, 183, 2}}},
 		{Region: "Europe", Country: "United Kingdom", City: "Manchester", IPs: []net.IP{{172, 111, 183, 2}}},
 		{Region: "Middle East", Country: "Bahrain", City: "Manama", IPs: []net.IP{{46, 243, 150, 4}}},
 		{Region: "Middle East", Country: "Jordan", City: "Amman", IPs: []net.IP{{172, 111, 152, 3}}},
 		{Region: "Middle East", Country: "Kuwait", City: "Kuwait", IPs: []net.IP{{206, 123, 146, 4}}},
 		{Region: "Middle East", Country: "Oman", City: "Salalah", IPs: []net.IP{{46, 243, 148, 125}}},
 		{Region: "Middle East", Country: "Qatar", City: "Doha", IPs: []net.IP{{46, 243, 147, 2}}},
 		{Region: "Middle East", Country: "Saudi Arabia", City: "Jeddah", IPs: []net.IP{{45, 74, 1, 4}}},
 		{Region: "Middle East", Country: "United Arab Emirates", City: "Dubai", IPs: []net.IP{{104, 37, 6, 4}}},
 		{Region: "North America", Country: "Aruba", City: "Oranjestad", IPs: []net.IP{{104, 243, 246, 129}}},
 		{Region: "North America", Country: "Barbados", City: "Bridgetown", IPs: []net.IP{{172, 94, 97, 2}}},
 		{Region: "North America", Country: "Belize", City: "Belmopan", IPs: []net.IP{{104, 243, 241, 4}}},
 		{Region: "North America", Country: "Bermuda", City: "Hamilton", IPs: []net.IP{{172, 94, 76, 2}}},
 		{Region: "North America", Country: "Canada", City: "Montreal", IPs: []net.IP{{172, 94, 7, 2}}},
 		{Region: "North America", Country: "Canada", City: "Toronto", IPs: []net.IP{{172, 94, 7, 2}}},
 		{Region: "North America", Country: "Canada", City: "Vancouver", IPs: []net.IP{{107, 181, 177, 42}}},
 		{Region: "North America", Country: "Cayman Islands", City: "George Town", IPs: []net.IP{{172, 94, 113, 2}}},
 		{Region: "North America", Country: "Costa Rica", City: "San Jose", IPs: []net.IP{{104, 243, 245, 1}}},
 		{Region: "North America", Country: "Dominica", City: "Roseau", IPs: []net.IP{{45, 74, 22, 2}}},
 		{Region: "North America", Country: "Dominican Republic", City: "Santo Domingo", IPs: []net.IP{{45, 74, 23, 129}}},
 		{Region: "North America", Country: "El Salvador", City: "San Salvador", IPs: []net.IP{{45, 74, 17, 129}}},
 		{Region: "North America", Country: "Grenada", City: "St George's", IPs: []net.IP{{45, 74, 21, 129}}},
 		{Region: "North America", Country: "Guatemala", City: "Guatemala", IPs: []net.IP{{45, 74, 17, 2}}},
 		{Region: "North America", Country: "Haiti", City: "PORT-AU-PRINCE", IPs: []net.IP{{45, 74, 24, 2}}},
 		{Region: "North America", Country: "Honduras", City: "TEGUCIGALPA", IPs: []net.IP{{45, 74, 18, 2}}},
 		{Region: "North America", Country: "Jamaica", City: "Kingston", IPs: []net.IP{{104, 250, 182, 126}}},
 		{Region: "North America", Country: "Mexico", City: "Mexico City", IPs: []net.IP{{104, 243, 243, 131}}},
 		{Region: "North America", Country: "Montserrat", City: "plymouth", IPs: []net.IP{{45, 74, 26, 190}}},
 		{Region: "North America", Country: "Puerto Rico", City: "San Juan", IPs: []net.IP{{104, 37, 2, 2}}},
 		{Region: "North America", Country: "Saint Lucia", City: "Castries", IPs: []net.IP{{45, 74, 23, 2}}},
 		{Region: "North America", Country: "The Bahamas", City: "Freeport", IPs: []net.IP{{104, 243, 242, 2}}},
 		{Region: "North America", Country: "Trinidad and Tobago", City: "Port of Spain", IPs: []net.IP{{45, 74, 21, 2}}},
 		{Region: "North America", Country: "Turks and Caicos Islands", City: "Balfour Town", IPs: []net.IP{{45, 74, 24, 129}}},
 		{Region: "North America", Country: "United States", City: "Ashburn", IPs: []net.IP{{46, 243, 249, 2}}},
 		{Region: "North America", Country: "United States", City: "Chicago", IPs: []net.IP{{46, 243, 249, 4}}},
 		{Region: "North America", Country: "United States", City: "Columbus", IPs: []net.IP{{172, 94, 115, 2}}},
 		{Region: "North America", Country: "United States", City: "Georgia", IPs: []net.IP{{141, 101, 168, 4}}},
 		{Region: "North America", Country: "United States", City: "Houston", IPs: []net.IP{{172, 94, 1, 4}}},
 		{Region: "North America", Country: "United States", City: "Los Angeles", IPs: []net.IP{{141, 101, 169, 4}}},
 		{Region: "North America", Country: "United States", City: "Miami", IPs: []net.IP{{5, 254, 79, 114}}},
 		{Region: "North America", Country: "United States", City: "New Jersey", IPs: []net.IP{{172, 94, 1, 4}}},
 		{Region: "North America", Country: "United States", City: "New York", IPs: []net.IP{{172, 94, 1, 4}}},
 		{Region: "North America", Country: "United States", City: "Phoenix", IPs: []net.IP{{172, 94, 26, 4}}},
 		{Region: "North America", Country: "United States", City: "Salt Lake City", IPs: []net.IP{{141, 101, 168, 4}}},
 		{Region: "North America", Country: "United States", City: "San Francisco", IPs: []net.IP{{172, 94, 1, 4}}},
 		{Region: "North America", Country: "United States", City: "Seattle", IPs: []net.IP{{172, 94, 86, 2}}},
 		{Region: "North America", Country: "United States", City: "Washington, D.C.", IPs: []net.IP{{141, 101, 169, 4}}},
 		{Region: "Oceania", Country: "Australia", City: "Brisbane", IPs: []net.IP{{172, 111, 236, 2}}},
 		{Region: "Oceania", Country: "Australia", City: "Melbourne", IPs: []net.IP{{118, 127, 62, 2}}},
 		{Region: "Oceania", Country: "Australia", City: "Sydney", IPs: []net.IP{{192, 253, 241, 2}}},
 		{Region: "Oceania", Country: "New Zealand", City: "Auckland", IPs: []net.IP{{43, 228, 156, 4}}},
 		{Region: "South America", Country: "Argentina", City: "Buenos Aires", IPs: []net.IP{{104, 243, 244, 1}}},
 		{Region: "South America", Country: "Bolivia", City: "Sucre", IPs: []net.IP{{172, 94, 77, 2}}},
 		{Region: "South America", Country: "Brazil", City: "Sao Paulo", IPs: []net.IP{{104, 243, 244, 2}}},
 		{Region: "South America", Country: "British Virgin Island", City: "Road Town", IPs: []net.IP{{104, 250, 184, 130}}},
 		{Region: "South America", Country: "Chile", City: "Santiago", IPs: []net.IP{{191, 96, 183, 251}}},
 		{Region: "South America", Country: "Colombia", City: "Bogota", IPs: []net.IP{{172, 111, 132, 1}}},
 		{Region: "South America", Country: "Ecuador", City: "Quito", IPs: []net.IP{{104, 250, 180, 126}}},
 		{Region: "South America", Country: "Guyana", City: "Georgetown", IPs: []net.IP{{45, 74, 20, 129}}},
 		{Region: "South America", Country: "Panama", City: "Panama City", IPs: []net.IP{{104, 243, 243, 131}}},
 		{Region: "South America", Country: "Paraguay", City: "Asuncion", IPs: []net.IP{{45, 74, 19, 129}}},
 		{Region: "South America", Country: "Peru", City: "Lima", IPs: []net.IP{{172, 111, 131, 1}}},
 		{Region: "South America", Country: "Suriname", City: "Paramaribo", IPs: []net.IP{{45, 74, 20, 4}}},
 	}
 }
--- a/internal/constants/servers.go
+++ b/internal/constants/servers.go
@@ -0,0 +1,54 @@
 package constants
 import "github.com/qdm12/gluetun/internal/models"
 func GetAllServers() (allServers models.AllServers) {
 	return models.AllServers{
 		Version: 1, // used for migration of the top level scheme
 		Cyberghost: models.CyberghostServers{
 			Version:   1,          // model version
 			Timestamp: 1599323261, // latest takes precedence
 			Servers:   CyberghostServers(),
 		},
 		Mullvad: models.MullvadServers{
 			Version:   1,
 			Timestamp: 1600438544,
 			Servers:   MullvadServers(),
 		},
 		Nordvpn: models.NordvpnServers{
 			Version:   1,
 			Timestamp: 1599323261,
 			Servers:   NordvpnServers(),
 		},
 		Pia: models.PiaServers{
 			Version:   2,
 			Timestamp: 1602531173,
 			Servers:   PIAServers(),
 		},
 		PiaOld: models.PiaOldServers{
 			Version:   1,
 			Timestamp: 1602523433,
 			Servers:   PIAOldServers(),
 		},
 		Purevpn: models.PurevpnServers{
 			Version:   1,
 			Timestamp: 1599323261,
 			Servers:   PurevpnServers(),
 		},
 		Surfshark: models.SurfsharkServers{
 			Version:   1,
 			Timestamp: 1599957644,
 			Servers:   SurfsharkServers(),
 		},
 		Vyprvpn: models.VyprvpnServers{
 			Version:   1,
 			Timestamp: 1599323261,
 			Servers:   VyprvpnServers(),
 		},
 		Windscribe: models.WindscribeServers{
 			Version:   1,
 			Timestamp: 1599323261,
 			Servers:   WindscribeServers(),
 		},
 	}
 }
--- a/internal/constants/servers_test.go
+++ b/internal/constants/servers_test.go
@@ -0,0 +1,59 @@
 package constants
 import (
 	"crypto/md5" //nolint:gosec
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"testing"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/stretchr/testify/assert"
 )
 func digestServerModelVersion(t *testing.T, server interface{}, version uint16) string { //nolint:unparam
 	bytes, err := json.Marshal(server)
 	if err != nil {
 		t.Fatal(err)
 	}
 	bytes = append(bytes, []byte(fmt.Sprintf("%d", version))...)
 	arr := md5.Sum(bytes) //nolint:gosec
 	return base64.RawStdEncoding.EncodeToString(arr[:])
 }
 func Test_versions(t *testing.T) {
 	t.Parallel()
 	allServers := GetAllServers()
 	assert.Equal(t, "e8eLGRpb1sNX8mDNPOjA6g", digestServerModelVersion(t, models.CyberghostServer{}, allServers.Cyberghost.Version))
 	assert.Equal(t, "4yL2lFcxXd/l1ByxBQ7d3g", digestServerModelVersion(t, models.MullvadServer{}, allServers.Mullvad.Version))
 	assert.Equal(t, "fjzfUqJH0KvetGRdZYEtOg", digestServerModelVersion(t, models.NordvpnServer{}, allServers.Nordvpn.Version))
 	assert.Equal(t, "1Ux7clCAJI6fwj0O61Dtpg", digestServerModelVersion(t, models.PIAServer{}, allServers.Pia.Version))
 	assert.Equal(t, "EZ/SBXQOCS/iJU7A9yc7vg", digestServerModelVersion(t, models.PurevpnServer{}, allServers.Purevpn.Version))
 	assert.Equal(t, "7yfMpHwzRpEngA/6nYsNag", digestServerModelVersion(t, models.SurfsharkServer{}, allServers.Surfshark.Version))
 	assert.Equal(t, "7yfMpHwzRpEngA/6nYsNag", digestServerModelVersion(t, models.VyprvpnServer{}, allServers.Vyprvpn.Version))
 	assert.Equal(t, "7yfMpHwzRpEngA/6nYsNag", digestServerModelVersion(t, models.WindscribeServer{}, allServers.Windscribe.Version))
 }
 func digestServersTimestamp(t *testing.T, servers interface{}, timestamp int64) string { //nolint:unparam
 	bytes, err := json.Marshal(servers)
 	if err != nil {
 		t.Fatal(err)
 	}
 	bytes = append(bytes, []byte(fmt.Sprintf("%d", timestamp))...)
 	arr := md5.Sum(bytes) //nolint:gosec
 	return base64.RawStdEncoding.EncodeToString(arr[:])
 }
 func Test_timestamps(t *testing.T) {
 	t.Parallel()
 	allServers := GetAllServers()
 	assert.Equal(t, "EFMpdq2b9COLevjXmje5zg", digestServersTimestamp(t, allServers.Cyberghost.Servers, allServers.Cyberghost.Timestamp))
 	assert.Equal(t, "EU4fTzD7jWC9N5kmN5bOEg", digestServersTimestamp(t, allServers.Mullvad.Servers, allServers.Mullvad.Timestamp))
 	assert.Equal(t, "OLI62FoTf2wis25Nw4FLpg", digestServersTimestamp(t, allServers.Nordvpn.Servers, allServers.Nordvpn.Timestamp))
 	assert.Equal(t, "beZCOXNWxzrPsUWCyQM99A", digestServersTimestamp(t, allServers.Pia.Servers, allServers.Pia.Timestamp))
 	assert.Equal(t, "e8mWsWynkSUGiJLvjALRvQ", digestServersTimestamp(t, allServers.PiaOld.Servers, allServers.PiaOld.Timestamp))
 	assert.Equal(t, "kwJdVWTiBOspfrRwZIA+Sg", digestServersTimestamp(t, allServers.Purevpn.Servers, allServers.Purevpn.Timestamp))
 	assert.Equal(t, "q28ju2KJqLhrggJTTjXSiw", digestServersTimestamp(t, allServers.Surfshark.Servers, allServers.Surfshark.Timestamp))
 	assert.Equal(t, "KdIQWi2tYUM4aMXvWfVBEg", digestServersTimestamp(t, allServers.Vyprvpn.Servers, allServers.Vyprvpn.Timestamp))
 	assert.Equal(t, "faQUVtOnLMVezN0giHSz3Q", digestServersTimestamp(t, allServers.Windscribe.Servers, allServers.Windscribe.Timestamp))
 }
--- a/internal/constants/splash.go
+++ b/internal/constants/splash.go
@@ -1,13 +1,13 @@
 package constants
 const (
-	// Annoucement is a message annoucement
+	// Announcement is a message announcement
-	Annoucement = "Total rewrite in Go with many new features"
+	Announcement = "Port forwarding is working for PIA v4 servers"
-	// AnnoucementExpiration is the expiration time of the annoucement in unix timestamp
+	// AnnouncementExpiration is the expiration date of the announcement in format yyyy-mm-dd
-	AnnoucementExpiration = 1582761600
+	AnnouncementExpiration = "2020-11-15"
 )
 const (
 	// IssueLink is the link for users to use to create issues
-	IssueLink = "https://github.com/qdm12/private-internet-access-docker/issues/new"
+	IssueLink = "https://github.com/qdm12/gluetun/issues/new"
 )
--- a/internal/constants/splash_test.go
+++ b/internal/constants/splash_test.go
@@ -0,0 +1,17 @@
 package constants
 import (
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func Test_AnnouncementExpiration(t *testing.T) {
 	t.Parallel()
 	if len(AnnouncementExpiration) == 0 {
 		return
 	}
 	_, err := time.Parse("2006-01-02", AnnouncementExpiration)
 	assert.NoError(t, err)
 }
--- a/internal/constants/surfshark.go
+++ b/internal/constants/surfshark.go
@@ -0,0 +1,184 @@
 package constants
 import (
 	"net"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	SurfsharkCertificate        = "MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNVBAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBSb290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UEBhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63oSkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkuaNa4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48Cc7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BApFayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdIyVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgnTLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIeghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8ttE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EPSaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+miGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/zCINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyDahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0ZS1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjfymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVxKjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTKubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSGEnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrqX6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dCLqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI623cSEC3Q3UZutsEm/UplsM="
 	SurfsharkOpenvpnStaticKeyV1 = "b02cb1d7c6fee5d4f89b8de72b51a8d0c7b282631d6fc19be1df6ebae9e2779e6d9f097058a31c97f57f0c35526a44ae09a01d1284b50b954d9246725a1ead1ff224a102ed9ab3da0152a15525643b2eee226c37041dc55539d475183b889a10e18bb94f079a4a49888da566b99783460ece01daaf93548beea6c827d9674897e7279ff1a19cb092659e8c1860fbad0db4ad0ad5732f1af4655dbd66214e552f04ed8fd0104e1d4bf99c249ac229ce169d9ba22068c6c0ab742424760911d4636aafb4b85f0c952a9ce4275bc821391aa65fcd0d2394f006e3fba0fd34c4bc4ab260f4b45dec3285875589c97d3087c9134d3a3aa2f904512e85aa2dc2202498"
 )
 func SurfsharkRegionChoices() (choices []string) {
 	servers := SurfsharkServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Region
 	}
 	return choices
 }
 func SurfsharkServers() []models.SurfsharkServer {
 	return []models.SurfsharkServer{
 		{Region: "Albania", IPs: []net.IP{{31, 171, 152, 197}, {31, 171, 154, 147}}},
 		{Region: "Argentina Buenos Aires", IPs: []net.IP{{91, 206, 168, 13}, {91, 206, 168, 24}}},
 		{Region: "Australia Adelaide", IPs: []net.IP{{45, 248, 79, 67}, {45, 248, 79, 69}}},
 		{Region: "Australia Brisbane", IPs: []net.IP{{144, 48, 39, 107}, {144, 48, 39, 131}}},
 		{Region: "Australia Melbourne", IPs: []net.IP{{103, 192, 80, 141}, {144, 48, 38, 141}}},
 		{Region: "Australia Perth", IPs: []net.IP{{45, 248, 78, 45}, {124, 150, 139, 27}}},
 		{Region: "Australia Sydney", IPs: []net.IP{{45, 125, 247, 195}, {180, 149, 228, 117}}},
 		{Region: "Australia US", IPs: []net.IP{{45, 76, 117, 108}}},
 		{Region: "Austria", IPs: []net.IP{{5, 253, 207, 83}, {37, 120, 212, 131}}},
 		{Region: "Azerbaijan", IPs: []net.IP{{94, 20, 21, 85}, {94, 20, 21, 87}}},
 		{Region: "Belgium", IPs: []net.IP{{5, 253, 205, 181}, {5, 253, 205, 213}}},
 		{Region: "Bosnia and Herzegovina", IPs: []net.IP{{185, 99, 3, 7}, {185, 212, 111, 41}}},
 		{Region: "Brazil", IPs: []net.IP{{191, 96, 73, 214}, {191, 96, 73, 216}}},
 		{Region: "Bulgaria", IPs: []net.IP{{37, 120, 152, 37}}},
 		{Region: "Canada Montreal", IPs: []net.IP{{172, 98, 82, 85}, {198, 8, 85, 19}}},
 		{Region: "Canada Toronto", IPs: []net.IP{{68, 71, 244, 200}, {104, 200, 138, 163}}},
 		{Region: "Canada Toronto mp001", IPs: []net.IP{{138, 197, 151, 26}}},
 		{Region: "Canada US", IPs: []net.IP{{159, 203, 57, 80}}},
 		{Region: "Canada Vancouver", IPs: []net.IP{{66, 115, 147, 79}, {66, 115, 147, 87}}},
 		{Region: "Chile", IPs: []net.IP{{31, 169, 121, 16}}},
 		{Region: "Colombia", IPs: []net.IP{{45, 129, 32, 8}}},
 		{Region: "Costa Rica", IPs: []net.IP{{176, 227, 241, 19}, {176, 227, 241, 21}}},
 		{Region: "Croatia", IPs: []net.IP{{89, 164, 99, 109}, {89, 164, 99, 111}}},
 		{Region: "Cyprus", IPs: []net.IP{{195, 47, 194, 34}}},
 		{Region: "Czech Republic", IPs: []net.IP{{185, 152, 64, 151}, {185, 152, 64, 178}}},
 		{Region: "Denmark", IPs: []net.IP{{37, 120, 194, 115}, {95, 174, 65, 71}}},
 		{Region: "Estonia", IPs: []net.IP{{165, 231, 163, 23}, {185, 174, 159, 69}}},
 		{Region: "Finland", IPs: []net.IP{{196, 244, 191, 179}, {196, 244, 191, 181}}},
 		{Region: "France Bordeaux", IPs: []net.IP{{185, 108, 106, 67}, {185, 108, 106, 150}}},
 		{Region: "France Marseilles", IPs: []net.IP{{185, 166, 84, 53}, {185, 166, 84, 75}}},
 		{Region: "France Paris", IPs: []net.IP{{45, 83, 90, 181}, {45, 89, 174, 103}}},
 		{Region: "France Sweden", IPs: []net.IP{{199, 247, 8, 20}}},
 		{Region: "Germany Berlin", IPs: []net.IP{{152, 89, 163, 19}, {217, 138, 216, 243}}},
 		{Region: "Germany Frankfurt am Main", IPs: []net.IP{{185, 158, 135, 36}, {185, 220, 70, 83}}},
 		{Region: "Germany Frankfurt am Main st001", IPs: []net.IP{{45, 87, 212, 179}}},
 		{Region: "Germany Frankfurt am Main st002", IPs: []net.IP{{45, 87, 212, 181}}},
 		{Region: "Germany Frankfurt am Main st003", IPs: []net.IP{{45, 87, 212, 183}}},
 		{Region: "Germany Frankfurt mp001", IPs: []net.IP{{46, 101, 189, 14}}},
 		{Region: "Germany Munich", IPs: []net.IP{{178, 238, 231, 51}, {178, 238, 231, 55}}},
 		{Region: "Germany Nuremberg", IPs: []net.IP{{62, 171, 149, 162}, {62, 171, 151, 182}}},
 		{Region: "Germany Singapour", IPs: []net.IP{{159, 89, 14, 157}}},
 		{Region: "Germany UK", IPs: []net.IP{{46, 101, 250, 73}}},
 		{Region: "Greece", IPs: []net.IP{{194, 150, 167, 34}, {194, 150, 167, 40}}},
 		{Region: "Hong Kong", IPs: []net.IP{{84, 17, 57, 73}, {212, 102, 42, 201}}},
 		{Region: "Hungary", IPs: []net.IP{{37, 120, 144, 151}, {37, 120, 144, 213}}},
 		{Region: "Iceland", IPs: []net.IP{{82, 221, 128, 166}, {82, 221, 143, 243}}},
 		{Region: "India Chennai", IPs: []net.IP{{103, 108, 117, 118}, {103, 108, 117, 151}}},
 		{Region: "India Indore", IPs: []net.IP{{103, 39, 132, 189}, {137, 59, 52, 109}}},
 		{Region: "India Mumbai", IPs: []net.IP{{103, 221, 233, 88}, {165, 231, 253, 147}}},
 		{Region: "India UK", IPs: []net.IP{{134, 209, 148, 122}}},
 		{Region: "Indonesia", IPs: []net.IP{{103, 120, 66, 214}, {103, 120, 66, 216}}},
 		{Region: "Ireland", IPs: []net.IP{{185, 108, 128, 159}, {185, 108, 128, 181}}},
 		{Region: "Israel", IPs: []net.IP{{87, 239, 255, 109}}},
 		{Region: "Italy Milan", IPs: []net.IP{{84, 17, 58, 148}, {185, 128, 27, 37}}},
 		{Region: "Italy Rome", IPs: []net.IP{{82, 102, 26, 61}, {82, 102, 26, 115}}},
 		{Region: "Japan Tokyo", IPs: []net.IP{{45, 87, 213, 5}, {103, 208, 221, 227}}},
 		{Region: "Japan Tokyo st001", IPs: []net.IP{{45, 87, 213, 19}}},
 		{Region: "Japan Tokyo st002", IPs: []net.IP{{45, 87, 213, 21}}},
 		{Region: "Japan Tokyo st003", IPs: []net.IP{{45, 87, 213, 23}}},
 		{Region: "Japan Tokyo st004", IPs: []net.IP{{217, 138, 212, 19}}},
 		{Region: "Japan Tokyo st005", IPs: []net.IP{{217, 138, 212, 21}}},
 		{Region: "Japan Tokyo st006", IPs: []net.IP{{82, 102, 28, 123}}},
 		{Region: "Japan Tokyo st007", IPs: []net.IP{{82, 102, 28, 125}}},
 		{Region: "Kazakhstan", IPs: []net.IP{{95, 57, 207, 200}}},
 		{Region: "Korea", IPs: []net.IP{{61, 14, 210, 239}, {61, 97, 243, 112}}},
 		{Region: "Latvia", IPs: []net.IP{{188, 92, 78, 140}, {188, 92, 78, 142}}},
 		{Region: "Libya", IPs: []net.IP{{41, 208, 72, 157}, {41, 208, 72, 204}}},
 		{Region: "Luxembourg", IPs: []net.IP{{185, 153, 151, 60}, {185, 153, 151, 83}}},
 		{Region: "Malaysia", IPs: []net.IP{{42, 0, 30, 152}, {42, 0, 30, 209}}},
 		{Region: "Mexico City Mexico", IPs: []net.IP{{194, 41, 112, 9}, {194, 41, 112, 19}}},
 		{Region: "Moldova", IPs: []net.IP{{178, 175, 128, 235}, {178, 175, 128, 237}}},
 		{Region: "Netherlands Amsterdam", IPs: []net.IP{{89, 46, 223, 74}, {89, 46, 223, 217}}},
 		{Region: "Netherlands Amsterdam mp001", IPs: []net.IP{{188, 166, 43, 117}}},
 		{Region: "Netherlands Amsterdam st001", IPs: []net.IP{{81, 19, 209, 51}}},
 		{Region: "Netherlands US", IPs: []net.IP{{188, 166, 98, 91}}},
 		{Region: "New Zealand", IPs: []net.IP{{180, 149, 231, 67}}},
 		{Region: "Nigeria", IPs: []net.IP{{102, 165, 23, 6}, {102, 165, 23, 42}}},
 		{Region: "North Macedonia", IPs: []net.IP{{185, 225, 28, 93}, {185, 225, 28, 101}}},
 		{Region: "Norway", IPs: []net.IP{{45, 12, 223, 213}, {84, 247, 50, 69}}},
 		{Region: "Paraguay", IPs: []net.IP{{181, 40, 18, 56}, {186, 16, 32, 163}}},
 		{Region: "Philippines", IPs: []net.IP{{45, 134, 224, 10}, {45, 134, 224, 20}}},
 		{Region: "Poland Gdansk", IPs: []net.IP{{5, 187, 53, 51}}},
 		{Region: "Poland Warsaw", IPs: []net.IP{{185, 246, 208, 77}, {185, 246, 208, 105}}},
 		{Region: "Portugal Lisbon", IPs: []net.IP{{5, 154, 174, 26}, {5, 154, 174, 173}}},
 		{Region: "Portugal Loule", IPs: []net.IP{{176, 61, 146, 111}, {176, 61, 146, 123}}},
 		{Region: "Portugal Porto", IPs: []net.IP{{194, 39, 127, 242}}},
 		{Region: "Romania", IPs: []net.IP{{86, 106, 137, 147}, {86, 106, 137, 149}}},
 		{Region: "Russia Moscow", IPs: []net.IP{{213, 183, 56, 145}, {213, 183, 56, 160}}},
 		{Region: "Russia St. Petersburg", IPs: []net.IP{{213, 183, 54, 23}, {213, 183, 54, 165}}},
 		{Region: "Serbia", IPs: []net.IP{{37, 120, 193, 53}, {152, 89, 160, 211}}},
 		{Region: "Singapore", IPs: []net.IP{{89, 187, 162, 186}, {89, 187, 163, 210}}},
 		{Region: "Singapore Hong Kong", IPs: []net.IP{{206, 189, 83, 129}}},
 		{Region: "Singapore Netherlands", IPs: []net.IP{{104, 248, 148, 18}}},
 		{Region: "Singapore in", IPs: []net.IP{{128, 199, 193, 35}}},
 		{Region: "Singapore mp001", IPs: []net.IP{{206, 189, 94, 229}}},
 		{Region: "Singapore st001", IPs: []net.IP{{217, 138, 201, 91}}},
 		{Region: "Singapore st002", IPs: []net.IP{{217, 138, 201, 93}}},
 		{Region: "Singapore st003", IPs: []net.IP{{84, 247, 49, 19}}},
 		{Region: "Singapore st004", IPs: []net.IP{{84, 247, 49, 21}}},
 		{Region: "Slovekia", IPs: []net.IP{{193, 37, 255, 39}, {193, 37, 255, 41}}},
 		{Region: "Slovenia", IPs: []net.IP{{195, 158, 249, 38}, {195, 158, 249, 42}}},
 		{Region: "South Africa", IPs: []net.IP{{154, 127, 49, 226}, {154, 127, 49, 232}}},
 		{Region: "Spain Barcelona", IPs: []net.IP{{185, 188, 61, 15}, {185, 188, 61, 25}}},
 		{Region: "Spain Madrid", IPs: []net.IP{{188, 208, 141, 18}, {188, 208, 141, 20}}},
 		{Region: "Spain Valencia", IPs: []net.IP{{185, 153, 150, 48}, {196, 196, 150, 71}}},
 		{Region: "Sweden", IPs: []net.IP{{45, 83, 91, 149}, {185, 76, 9, 41}}},
 		{Region: "Switzerland", IPs: []net.IP{{84, 17, 53, 219}, {84, 17, 53, 221}}},
 		{Region: "Taiwan", IPs: []net.IP{{2, 58, 241, 5}, {2, 58, 241, 43}}},
 		{Region: "Thailand", IPs: []net.IP{{45, 64, 186, 132}, {45, 64, 186, 163}}},
 		{Region: "Turkey", IPs: []net.IP{{185, 195, 79, 5}, {185, 195, 79, 19}}},
 		{Region: "Turkey Istanbul", IPs: []net.IP{{107, 150, 95, 155}, {107, 150, 95, 157}}},
 		{Region: "UK France", IPs: []net.IP{{188, 166, 168, 247}}},
 		{Region: "UK Germany", IPs: []net.IP{{45, 77, 58, 16}}},
 		{Region: "UK Glasgow", IPs: []net.IP{{185, 108, 105, 157}}},
 		{Region: "UK London", IPs: []net.IP{{178, 239, 166, 218}, {185, 44, 78, 164}}},
 		{Region: "UK London mp001", IPs: []net.IP{{206, 189, 119, 92}}},
 		{Region: "UK London st001", IPs: []net.IP{{217, 146, 82, 83}}},
 		{Region: "UK London st002", IPs: []net.IP{{185, 134, 22, 80}}},
 		{Region: "UK London st003", IPs: []net.IP{{185, 134, 22, 92}}},
 		{Region: "UK London st004", IPs: []net.IP{{185, 44, 76, 186}}},
 		{Region: "UK London st005", IPs: []net.IP{{185, 44, 76, 188}}},
 		{Region: "UK Manchester", IPs: []net.IP{{193, 148, 17, 83}, {217, 138, 196, 91}}},
 		{Region: "US Atlanta", IPs: []net.IP{{66, 115, 166, 147}, {66, 115, 166, 151}}},
 		{Region: "US Bend", IPs: []net.IP{{45, 43, 14, 95}}},
 		{Region: "US Boston", IPs: []net.IP{{173, 237, 207, 13}, {199, 217, 107, 20}}},
 		{Region: "US Buffalo", IPs: []net.IP{{107, 174, 20, 130}}},
 		{Region: "US Charlotte", IPs: []net.IP{{66, 11, 124, 136}, {192, 154, 254, 135}}},
 		{Region: "US Chicago", IPs: []net.IP{{74, 119, 146, 197}, {89, 187, 182, 173}}},
 		{Region: "US Dallas", IPs: []net.IP{{66, 115, 177, 133}, {66, 115, 177, 158}}},
 		{Region: "US Denver", IPs: []net.IP{{212, 102, 44, 76}, {212, 102, 44, 98}}},
 		{Region: "US Gahanna", IPs: []net.IP{{104, 244, 209, 99}, {104, 244, 211, 171}}},
 		{Region: "US Houston", IPs: []net.IP{{104, 148, 30, 53}, {199, 10, 64, 115}}},
 		{Region: "US Kansas City", IPs: []net.IP{{173, 208, 202, 59}, {173, 208, 202, 61}}},
 		{Region: "US Las Vegas", IPs: []net.IP{{89, 187, 187, 149}, {185, 242, 5, 215}}},
 		{Region: "US Latham", IPs: []net.IP{{45, 43, 19, 74}, {45, 43, 19, 92}}},
 		{Region: "US Los Angeles", IPs: []net.IP{{38, 95, 110, 73}, {192, 111, 134, 202}}},
 		{Region: "US Maryland", IPs: []net.IP{{23, 82, 8, 173}, {23, 105, 163, 94}}},
 		{Region: "US Miami", IPs: []net.IP{{89, 187, 173, 250}, {172, 83, 42, 143}}},
 		{Region: "US Netherlands", IPs: []net.IP{{142, 93, 58, 71}}},
 		{Region: "US New York City", IPs: []net.IP{{84, 17, 35, 78}, {89, 187, 178, 92}}},
 		{Region: "US New York City mp001", IPs: []net.IP{{45, 55, 60, 159}}},
 		{Region: "US New York City st001", IPs: []net.IP{{92, 119, 177, 19}}},
 		{Region: "US New York City st002", IPs: []net.IP{{92, 119, 177, 21}}},
 		{Region: "US New York City st003", IPs: []net.IP{{92, 119, 177, 23}}},
 		{Region: "US New York City st004", IPs: []net.IP{{193, 148, 18, 51}}},
 		{Region: "US New York City st005", IPs: []net.IP{{193, 148, 18, 53}}},
 		{Region: "US Orlando", IPs: []net.IP{{198, 147, 22, 135}, {198, 147, 22, 213}}},
 		{Region: "US Phoenix", IPs: []net.IP{{184, 170, 240, 179}, {199, 58, 187, 3}}},
 		{Region: "US Portugal", IPs: []net.IP{{142, 93, 81, 242}}},
 		{Region: "US Saint Louis", IPs: []net.IP{{148, 72, 174, 43}, {148, 72, 174, 51}}},
 		{Region: "US Salt Lake City", IPs: []net.IP{{104, 200, 131, 165}, {104, 200, 131, 249}}},
 		{Region: "US San Francisco", IPs: []net.IP{{107, 181, 166, 39}, {107, 181, 166, 83}}},
 		{Region: "US San Francisco mp001", IPs: []net.IP{{165, 232, 53, 25}}},
 		{Region: "US Seatle", IPs: []net.IP{{199, 229, 250, 163}}},
 		{Region: "US Tampa", IPs: []net.IP{{209, 216, 92, 197}, {209, 216, 92, 205}}},
 		{Region: "Ukraine", IPs: []net.IP{{45, 9, 238, 23}, {45, 9, 238, 30}}},
 		{Region: "United Arab Emirates", IPs: []net.IP{{45, 9, 250, 99}, {45, 9, 250, 103}}},
 		{Region: "Vietnam", IPs: []net.IP{{202, 143, 110, 29}, {202, 143, 110, 32}}},
 	}
 }
--- a/internal/constants/tinyproxy.go
+++ b/internal/constants/tinyproxy.go
@@ -1,20 +1,20 @@
-package constants
+package constants
-
+
-import (
+import (
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
-)
+)
-
+
-const (
+const (
-	// TinyProxyInfoLevel is the info log level for TinyProxy
+	// TinyProxyInfoLevel is the info log level for TinyProxy
-	TinyProxyInfoLevel models.TinyProxyLogLevel = "Info"
+	TinyProxyInfoLevel models.TinyProxyLogLevel = "Info"
-	// TinyProxyConnectLevel is the info log level for TinyProxy
+	// TinyProxyConnectLevel is the info log level for TinyProxy
-	TinyProxyConnectLevel models.TinyProxyLogLevel = "Connect"
+	TinyProxyConnectLevel models.TinyProxyLogLevel = "Connect"
-	// TinyProxyNoticeLevel is the info log level for TinyProxy
+	// TinyProxyNoticeLevel is the info log level for TinyProxy
-	TinyProxyNoticeLevel models.TinyProxyLogLevel = "Notice"
+	TinyProxyNoticeLevel models.TinyProxyLogLevel = "Notice"
-	// TinyProxyWarnLevel is the warning log level for TinyProxy
+	// TinyProxyWarnLevel is the warning log level for TinyProxy
-	TinyProxyWarnLevel models.TinyProxyLogLevel = "Warning"
+	TinyProxyWarnLevel models.TinyProxyLogLevel = "Warning"
-	// TinyProxyErrorLevel is the error log level for TinyProxy
+	// TinyProxyErrorLevel is the error log level for TinyProxy
-	TinyProxyErrorLevel models.TinyProxyLogLevel = "Error"
+	TinyProxyErrorLevel models.TinyProxyLogLevel = "Error"
-	// TinyProxyCriticalLevel is the critical log level for TinyProxy
+	// TinyProxyCriticalLevel is the critical log level for TinyProxy
-	TinyProxyCriticalLevel models.TinyProxyLogLevel = "Critical"
+	TinyProxyCriticalLevel models.TinyProxyLogLevel = "Critical"
-)
+)
--- a/internal/constants/vpn.go
+++ b/internal/constants/vpn.go
@@ -1,21 +1,33 @@
-package constants
+package constants
-
+
-import (
+import (
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
-)
+)
-
+
-const (
+const (
-	// PrivateInternetAccess is a VPN provider
+	// PrivateInternetAccess is a VPN provider
-	PrivateInternetAccess models.VPNProvider = "private internet access"
+	PrivateInternetAccess models.VPNProvider = "private internet access"
-	// Mullvad is a VPN provider
+	// PrivateInternetAccessOld is the pre summer 2020 PIA provider
-	Mullvad models.VPNProvider = "mullvad"
+	PrivateInternetAccessOld models.VPNProvider = "private internet access old"
-	// Windscribe is a VPN provider
+	// Mullvad is a VPN provider
-	Windscribe models.VPNProvider = "windscribe"
+	Mullvad models.VPNProvider = "mullvad"
-)
+	// Windscribe is a VPN provider
-
+	Windscribe models.VPNProvider = "windscribe"
-const (
+	// Surfshark is a VPN provider
-	// TCP is a network protocol (reliable and slower than UDP)
+	Surfshark models.VPNProvider = "surfshark"
-	TCP models.NetworkProtocol = "tcp"
+	// Cyberghost is a VPN provider
-	// UDP is a network protocol (unreliable and faster than TCP)
+	Cyberghost models.VPNProvider = "cyberghost"
-	UDP models.NetworkProtocol = "udp"
+	// Vyprvpn is a VPN provider
-)
+	Vyprvpn models.VPNProvider = "vyprvpn"
 	// NordVPN is a VPN provider
 	Nordvpn models.VPNProvider = "nordvpn"
 	// PureVPN is a VPN provider
 	Purevpn models.VPNProvider = "purevpn"
 )
 const (
 	// TCP is a network protocol (reliable and slower than UDP)
 	TCP models.NetworkProtocol = "tcp"
 	// UDP is a network protocol (unreliable and faster than TCP)
 	UDP models.NetworkProtocol = "udp"
 )
--- a/internal/constants/vyprvpn.go
+++ b/internal/constants/vyprvpn.go
@@ -0,0 +1,99 @@
 package constants
 import (
 	"net"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	VyprvpnCertificate = "MIIGDjCCA/agAwIBAgIJAL2ON5xbane/MA0GCSqGSIb3DQEBDQUAMIGTMQswCQYDVQQGEwJDSDEQMA4GA1UECAwHTHVjZXJuZTEPMA0GA1UEBwwGTWVnZ2VuMRkwFwYDVQQKDBBHb2xkZW4gRnJvZyBHbWJIMSEwHwYDVQQDDBhHb2xkZW4gRnJvZyBHbWJIIFJvb3QgQ0ExIzAhBgkqhkiG9w0BCQEWFGFkbWluQGdvbGRlbmZyb2cuY29tMB4XDTE5MTAxNzIwMTQxMFoXDTM5MTAxMjIwMTQxMFowgZMxCzAJBgNVBAYTAkNIMRAwDgYDVQQIDAdMdWNlcm5lMQ8wDQYDVQQHDAZNZWdnZW4xGTAXBgNVBAoMEEdvbGRlbiBGcm9nIEdtYkgxITAfBgNVBAMMGEdvbGRlbiBGcm9nIEdtYkggUm9vdCBDQTEjMCEGCSqGSIb3DQEJARYUYWRtaW5AZ29sZGVuZnJvZy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtuddaZrpWZ+nUuJpG+ohTquO3XZtq6d4U0E2oiPeIiwm+WWLY49G+GNJb5aVrlrBojaykCAc2sU6NeUlpg3zuqrDqLcz7PAE4OdNiOdrLBF1o9ZHrcITDZN304eAY5nbyHx5V6x/QoDVCi4g+5OVTA+tZjpcl4wRIpgknWznO73IKCJ6YckpLn1BsFrVCb2ehHYZLg7Js58FzMySIxBmtkuPeHQXL61DFHh3cTFcMxqJjzh7EGsWRyXfbAaBGYnT+TZwzpLXXt8oBGpNXG8YBDrPdK0A+lzMnJ4nS0rgHDSRF0brx+QYk/6CgM510uFzB7zytw9UTD3/5TvKlCUmTGGgI84DbJ3DEvjxbgiQnJXCUZKKYSHwrK79Y4Qn+lXu4Bu0ZTCJBje0GUVMTPAvBCeDvzSe0iRcVSNMJVM68d4kD1PpSY/zWfCz5hiOjHWuXinaoZ0JJqRF8kGbJsbDlDYDtVvh/Cd4aWN6Q/2XLpszBsG5i8sdkS37nzkdlRwNEIZwsKfcXwdTOlDinR1LUG68LmzJAwfNE47xbrZUsdGGfG+HSPsrqFFiLGe7Y4e2+a7vGdSY9qR9PAzyx0ijCCrYzZDIsb2dwjLctUx6a3LNV8cpfhKX+s6tfMldGufPI7byHT1Ybf0NtMS1d1RjD6IbqedXQdCKtaw68kTX//wIDAQABo2MwYTAdBgNVHQ4EFgQU2EbQvBd1r/EADr2jCPMXsH7zEXEwHwYDVR0jBBgwFoAU2EbQvBd1r/EADr2jCPMXsH7zEXEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQENBQADggIBAAViCPieIronV+9asjZyo5oSZSNWUkWRYdezjezsf49+fwT12iRgnkSEQeoj5caqcOfNm/eRpN4G7jhhCcxy9RGF+GurIlZ4v0mChZbx1jcxqr9/3/Z2TqvHALyWngBYDv6pv1iWcd9a4+QL9kj1Tlp8vUDIcHMtDQkEHnkhC+MnjyrdsdNE5wjlLljjFR2Qy5a6/kWwZ1JQVYof1J1EzY6mU7YLMHOdjfmeci5i0vg8+9kGMsc/7Wm69L1BeqpDB3ZEAgmOtda2jwOevJ4sABmRoSThFp4DeMcxb62HW1zZCCpgzWv/33+pZdPvnZHSz7RGoxH4Ln7eBf3oo2PMlu7wCsid3HUdgkRf2Og1RJIrFfEjb7jga1JbKX2Qo/FH3txzdUimKiDRv3ccFmEOqjndUG6hP+7/EsI43oCPYOvZR+u5GdOkhYrDGZlvjXeJ1CpQxTR/EX+Vt7F8YG+i2LkO7lhPLb+LzgPAxVPCcEMHruuUlE1BYxxzRMOW4X4kjHvJjZGISxa9lgTY3e0mnoQNQVBHKfzI2vGLwvcrFcCIrVxeEbj2dryfByyhZlrNPFbXyf7P4OSfk+fVh6Is1IF1wksfLY/6gWvcmXB8JwmKFDa9s5NfzXnzP3VMrNUWXN3G8Eee6qzKKTDsJ70OrgAx9j9a+dMLfe1vP5t6GQj5"
 )
 func VyprvpnRegionChoices() (choices []string) {
 	servers := VyprvpnServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Region
 	}
 	return choices
 }
 func VyprvpnServers() []models.VyprvpnServer {
 	return []models.VyprvpnServer{
 		{Region: "Algeria", IPs: []net.IP{{209, 99, 75, 20}}},
 		{Region: "Argentina", IPs: []net.IP{{209, 99, 109, 19}}},
 		{Region: "Australia Melbourne", IPs: []net.IP{{209, 99, 117, 19}}},
 		{Region: "Australia Perth", IPs: []net.IP{{209, 99, 1, 19}}},
 		{Region: "Australia Sydney", IPs: []net.IP{{209, 99, 117, 18}}},
 		{Region: "Austria", IPs: []net.IP{{128, 90, 96, 18}}},
 		{Region: "Bahrain", IPs: []net.IP{{209, 99, 115, 19}}},
 		{Region: "Belgium", IPs: []net.IP{{128, 90, 96, 20}}},
 		{Region: "Brazil", IPs: []net.IP{{209, 99, 109, 20}}},
 		{Region: "Bulgaria", IPs: []net.IP{{128, 90, 96, 22}}},
 		{Region: "Canada", IPs: []net.IP{{209, 99, 21, 18}}},
 		{Region: "Columbia", IPs: []net.IP{{209, 99, 109, 21}}},
 		{Region: "Costa Rica", IPs: []net.IP{{209, 99, 109, 22}}},
 		{Region: "Czech Republic", IPs: []net.IP{{128, 90, 96, 24}}},
 		{Region: "Denmark", IPs: []net.IP{{128, 90, 96, 28}}},
 		{Region: "Dubai", IPs: []net.IP{{128, 90, 45, 104}}},
 		{Region: "Egypt", IPs: []net.IP{{128, 90, 228, 43}}},
 		{Region: "El Salvador", IPs: []net.IP{{209, 99, 61, 20}}},
 		{Region: "Finland", IPs: []net.IP{{128, 90, 96, 32}}},
 		{Region: "France", IPs: []net.IP{{128, 90, 96, 34}}},
 		{Region: "Germany", IPs: []net.IP{{128, 90, 96, 26}}},
 		{Region: "Greece", IPs: []net.IP{{128, 90, 228, 59}}},
 		{Region: "Hong Kong", IPs: []net.IP{{128, 90, 227, 18}}},
 		{Region: "Iceland", IPs: []net.IP{{209, 99, 22, 20}}},
 		{Region: "India", IPs: []net.IP{{209, 99, 115, 20}}},
 		{Region: "Indonesia", IPs: []net.IP{{209, 99, 1, 20}}},
 		{Region: "Ireland", IPs: []net.IP{{209, 99, 22, 19}}},
 		{Region: "Israel", IPs: []net.IP{{128, 90, 228, 20}}},
 		{Region: "Italy", IPs: []net.IP{{128, 90, 96, 36}}},
 		{Region: "Japan", IPs: []net.IP{{209, 99, 113, 18}}},
 		{Region: "Latvia", IPs: []net.IP{{128, 90, 96, 44}}},
 		{Region: "Liechtenstein", IPs: []net.IP{{128, 90, 96, 38}}},
 		{Region: "Lithuania", IPs: []net.IP{{128, 90, 96, 40}}},
 		{Region: "Luxembourg", IPs: []net.IP{{128, 90, 96, 42}}},
 		{Region: "Macao", IPs: []net.IP{{128, 90, 227, 36}}},
 		{Region: "Malaysia", IPs: []net.IP{{209, 99, 1, 21}}},
 		{Region: "Maldives", IPs: []net.IP{{209, 99, 1, 26}}},
 		{Region: "Marshall Islands", IPs: []net.IP{{209, 99, 1, 25}}},
 		{Region: "Mexico", IPs: []net.IP{{209, 99, 61, 19}}},
 		{Region: "Netherlands", IPs: []net.IP{{128, 90, 96, 16}}},
 		{Region: "New Zealand", IPs: []net.IP{{209, 99, 117, 20}}},
 		{Region: "Norway", IPs: []net.IP{{128, 90, 96, 46}}},
 		{Region: "Pakistan", IPs: []net.IP{{128, 90, 228, 67}}},
 		{Region: "Panama", IPs: []net.IP{{209, 99, 109, 23}}},
 		{Region: "Philippines", IPs: []net.IP{{209, 99, 1, 22}}},
 		{Region: "Poland", IPs: []net.IP{{128, 90, 96, 48}}},
 		{Region: "Portugal", IPs: []net.IP{{128, 90, 96, 50}}},
 		{Region: "Qatar", IPs: []net.IP{{209, 99, 115, 21}}},
 		{Region: "Romania", IPs: []net.IP{{128, 90, 96, 52}}},
 		{Region: "Russia", IPs: []net.IP{{128, 90, 96, 54}}},
 		{Region: "Saudi Arabia", IPs: []net.IP{{209, 99, 115, 22}}},
 		{Region: "Singapore", IPs: []net.IP{{209, 99, 1, 18}}},
 		{Region: "Slovakia", IPs: []net.IP{{128, 90, 96, 60}}},
 		{Region: "Slovenia", IPs: []net.IP{{128, 90, 96, 58}}},
 		{Region: "South Korea", IPs: []net.IP{{209, 99, 113, 19}}},
 		{Region: "Spain", IPs: []net.IP{{128, 90, 96, 30}}},
 		{Region: "Sweden", IPs: []net.IP{{128, 90, 96, 56}}},
 		{Region: "Switzerland", IPs: []net.IP{{209, 99, 60, 18}}},
 		{Region: "Taiwan", IPs: []net.IP{{128, 90, 227, 27}}},
 		{Region: "Thailand", IPs: []net.IP{{209, 99, 1, 23}}},
 		{Region: "Turkey", IPs: []net.IP{{128, 90, 96, 62}}},
 		{Region: "USA Austin", IPs: []net.IP{{209, 99, 61, 18}}},
 		{Region: "USA Chicago", IPs: []net.IP{{209, 99, 93, 18}}},
 		{Region: "USA Los Angeles", IPs: []net.IP{{209, 99, 67, 18}}},
 		{Region: "USA Miami", IPs: []net.IP{{209, 99, 109, 18}}},
 		{Region: "USA New York", IPs: []net.IP{{209, 99, 63, 18}}},
 		{Region: "USA San Francisco", IPs: []net.IP{{209, 99, 95, 18}}},
 		{Region: "USA Seattle", IPs: []net.IP{{209, 99, 94, 18}}},
 		{Region: "USA Washington", IPs: []net.IP{{209, 99, 62, 18}}},
 		{Region: "USA Washington DC", IPs: []net.IP{{209, 99, 62, 18}}},
 		{Region: "Ukraine", IPs: []net.IP{{128, 90, 96, 64}}},
 		{Region: "United Kingdom", IPs: []net.IP{{209, 99, 22, 18}}},
 		{Region: "Uruguay", IPs: []net.IP{{209, 99, 61, 21}}},
 		{Region: "Vietnam", IPs: []net.IP{{209, 99, 1, 24}}},
 	}
 }
--- a/internal/constants/windscribe.go
+++ b/internal/constants/windscribe.go
@@ -0,0 +1,98 @@
 package constants
 import (
 	"net"
 	"github.com/qdm12/gluetun/internal/models"
 )
 const (
 	WindscribeCertificate        = "MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwSV2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQDDBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMyNjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9udG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPEr2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aPq+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2gJOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfvktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUKhi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZSwoLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Aipm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1UdIwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjjZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iMKw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dRgIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFemMLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLEXCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/el/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8oZYGQgrLt+ot8MbLhJlkp4Q=="
 	WindscribeOpenvpnStaticKeyV1 = "5801926a57ac2ce27e3dfd1dd6ef82042d82bd4f3f0021296f57734f6f1ea714a6623845541c4b0c3dea0a050fe6746cb66dfab14cda27e5ae09d7c155aa554f399fa4a863f0e8c1af787e5c602a801d3a2ec41e395a978d56729457fe6102d7d9e9119aa83643210b33c678f9d4109e3154ac9c759e490cb309b319cf708cae83ddadc3060a7a26564d1a24411cd552fe6620ea16b755697a4fc5e6e9d0cfc0c5c4a1874685429046a424c026db672e4c2c492898052ba59128d46200b40f880027a8b6610a4d559bdc9346d33a0a6b08e75c7fd43192b162bfd0aef0c716b31584827693f676f9a5047123466f0654eade34972586b31c6ce7e395f4b478cb"
 )
 func WindscribeRegionChoices() (choices []string) {
 	servers := WindscribeServers()
 	choices = make([]string, len(servers))
 	for i := range servers {
 		choices[i] = servers[i].Region
 	}
 	return choices
 }
 //nolint:dupl
 func WindscribeServers() []models.WindscribeServer {
 	return []models.WindscribeServer{
 		{Region: "Albania", IPs: []net.IP{{31, 171, 152, 179}}},
 		{Region: "Argentina", IPs: []net.IP{{167, 250, 6, 121}, {190, 105, 236, 19}, {190, 105, 236, 32}, {190, 105, 236, 50}}},
 		{Region: "Australia", IPs: []net.IP{{45, 121, 208, 160}, {45, 121, 209, 160}, {45, 121, 210, 208}, {103, 62, 50, 208}, {103, 77, 233, 67}, {103, 77, 234, 211}, {116, 90, 72, 243}, {116, 206, 228, 67}}},
 		{Region: "Austria", IPs: []net.IP{{89, 187, 168, 66}, {217, 64, 127, 11}}},
 		{Region: "Azerbaijan", IPs: []net.IP{{85, 132, 61, 123}}},
 		{Region: "Belgium", IPs: []net.IP{{185, 232, 21, 131}, {194, 187, 251, 147}}},
 		{Region: "Bosnia", IPs: []net.IP{{185, 99, 3, 24}}},
 		{Region: "Brazil", IPs: []net.IP{{177, 54, 144, 68}, {177, 67, 80, 59}, {189, 1, 172, 12}}},
 		{Region: "Bulgaria", IPs: []net.IP{{185, 94, 192, 35}}},
 		{Region: "Canada East", IPs: []net.IP{{23, 154, 160, 177}, {66, 70, 148, 80}, {104, 227, 235, 129}, {104, 254, 92, 11}, {104, 254, 92, 91}, {144, 168, 163, 160}, {144, 168, 163, 193}, {184, 75, 212, 91}, {192, 190, 19, 65}, {192, 190, 19, 97}, {198, 8, 85, 195}, {198, 8, 85, 210}, {199, 204, 208, 158}}},
 		{Region: "Canada West", IPs: []net.IP{{104, 218, 61, 1}, {104, 218, 61, 33}, {162, 221, 207, 95}, {208, 78, 41, 1}, {208, 78, 41, 131}, {208, 78, 41, 163}}},
 		{Region: "Colombia", IPs: []net.IP{{138, 121, 203, 203}, {138, 186, 141, 155}}},
 		{Region: "Croatia", IPs: []net.IP{{85, 10, 56, 252}}},
 		{Region: "Cyprus", IPs: []net.IP{{157, 97, 132, 43}}},
 		{Region: "Czech republic", IPs: []net.IP{{185, 156, 174, 11}, {185, 246, 210, 2}}},
 		{Region: "Denmark", IPs: []net.IP{{134, 90, 149, 147}, {185, 206, 224, 195}}},
 		{Region: "Estonia", IPs: []net.IP{{46, 22, 211, 251}, {196, 196, 216, 131}}},
 		{Region: "Fake antarctica", IPs: []net.IP{{23, 154, 160, 212}, {23, 154, 160, 222}}},
 		{Region: "Finland", IPs: []net.IP{{185, 112, 82, 227}, {194, 34, 133, 82}}},
 		{Region: "France", IPs: []net.IP{{45, 89, 174, 35}, {82, 102, 18, 35}, {84, 17, 42, 2}, {84, 17, 42, 34}, {185, 156, 173, 187}}},
 		{Region: "Germany", IPs: []net.IP{{45, 87, 212, 51}, {89, 249, 65, 19}, {185, 130, 184, 195}, {195, 181, 170, 66}, {195, 181, 175, 98}, {217, 138, 194, 115}}},
 		{Region: "Greece", IPs: []net.IP{{78, 108, 38, 155}, {185, 226, 64, 111}, {188, 123, 126, 146}}},
 		{Region: "Guinea-Bissau", IPs: []net.IP{{149, 56, 10, 82}}},
 		{Region: "Hong kong", IPs: []net.IP{{84, 17, 57, 114}, {103, 10, 197, 99}}},
 		{Region: "Hungary", IPs: []net.IP{{185, 104, 187, 43}}},
 		{Region: "Iceland", IPs: []net.IP{{82, 221, 139, 38}, {185, 165, 170, 2}}},
 		{Region: "India", IPs: []net.IP{{103, 205, 140, 227}, {169, 38, 68, 188}, {169, 38, 72, 12}, {169, 38, 72, 14}}},
 		{Region: "Indonesia", IPs: []net.IP{{45, 127, 134, 91}}},
 		{Region: "Ireland", IPs: []net.IP{{185, 24, 232, 146}, {185, 104, 219, 2}}},
 		{Region: "Israel", IPs: []net.IP{{160, 116, 0, 27}, {185, 191, 205, 139}}},
 		{Region: "Italy", IPs: []net.IP{{37, 120, 135, 83}, {37, 120, 207, 19}, {84, 17, 59, 66}, {87, 101, 94, 195}, {89, 40, 182, 3}}},
 		{Region: "Japan", IPs: []net.IP{{89, 187, 161, 114}, {193, 148, 16, 243}}},
 		{Region: "Latvia", IPs: []net.IP{{85, 254, 72, 23}, {89, 111, 33, 220}}},
 		{Region: "Lithuania", IPs: []net.IP{{85, 206, 163, 225}}},
 		{Region: "Macedonia", IPs: []net.IP{{185, 225, 28, 51}}},
 		{Region: "Madagascar", IPs: []net.IP{{104, 20, 26, 217}, {104, 20, 27, 217}, {172, 67, 17, 175}}},
 		{Region: "Malaysia", IPs: []net.IP{{103, 106, 250, 31}, {103, 212, 69, 232}}},
 		{Region: "Mexico", IPs: []net.IP{{143, 255, 57, 67}, {190, 103, 179, 211}, {190, 103, 179, 217}, {201, 131, 125, 107}}},
 		{Region: "Moldova", IPs: []net.IP{{178, 175, 144, 123}}},
 		{Region: "Netherlands", IPs: []net.IP{{37, 120, 192, 19}, {46, 166, 143, 98}, {72, 11, 157, 35}, {72, 11, 157, 67}, {84, 17, 46, 2}, {185, 212, 171, 131}, {185, 253, 96, 3}}},
 		{Region: "New zealand", IPs: []net.IP{{103, 62, 49, 113}}},
 		{Region: "Norway", IPs: []net.IP{{37, 120, 203, 67}, {185, 206, 225, 131}}},
 		{Region: "Panama", IPs: []net.IP{{138, 186, 142, 203}}},
 		{Region: "Peru", IPs: []net.IP{{190, 120, 229, 139}}},
 		{Region: "Philippines", IPs: []net.IP{{103, 103, 0, 118}, {141, 98, 215, 211}}},
 		{Region: "Poland", IPs: []net.IP{{5, 133, 11, 116}, {84, 17, 55, 98}, {185, 244, 214, 35}}},
 		{Region: "Portugal", IPs: []net.IP{{94, 46, 13, 215}, {185, 15, 21, 66}}},
 		{Region: "Romania", IPs: []net.IP{{89, 46, 103, 147}, {91, 207, 102, 147}}},
 		{Region: "Russia", IPs: []net.IP{{94, 242, 62, 19}, {94, 242, 62, 67}, {95, 213, 193, 195}, {95, 213, 193, 227}, {185, 22, 175, 132}, {188, 124, 42, 99}, {188, 124, 42, 115}}},
 		{Region: "Serbia", IPs: []net.IP{{141, 98, 103, 19}}},
 		{Region: "Singapore", IPs: []net.IP{{82, 102, 25, 131}, {103, 62, 48, 224}, {156, 146, 56, 98}, {156, 146, 56, 111}, {185, 200, 117, 163}}},
 		{Region: "Slovakia", IPs: []net.IP{{185, 245, 85, 3}}},
 		{Region: "South Africa", IPs: []net.IP{{129, 232, 167, 211}, {165, 73, 248, 91}, {197, 242, 157, 235}}},
 		{Region: "South Korea", IPs: []net.IP{{27, 255, 92, 52}, {103, 212, 223, 3}, {218, 232, 76, 179}}},
 		{Region: "Spain", IPs: []net.IP{{37, 120, 142, 227}, {89, 238, 178, 43}, {185, 253, 99, 131}, {217, 138, 218, 99}}},
 		{Region: "Sweden", IPs: []net.IP{{31, 13, 191, 67}, {79, 142, 76, 198}, {195, 181, 166, 129}}},
 		{Region: "Switzerland", IPs: []net.IP{{31, 7, 57, 242}, {37, 120, 213, 163}, {84, 17, 53, 2}, {89, 187, 165, 98}, {185, 156, 175, 179}}},
 		{Region: "Taiwan", IPs: []net.IP{{103, 4, 29, 77}, {185, 189, 160, 12}, {185, 189, 160, 27}, {185, 189, 160, 32}}},
 		{Region: "Thailand", IPs: []net.IP{{27, 254, 130, 221}, {202, 129, 16, 147}, {202, 129, 16, 155}}},
 		{Region: "Tunisia", IPs: []net.IP{{41, 231, 5, 23}}},
 		{Region: "Turkey", IPs: []net.IP{{45, 123, 118, 156}, {45, 123, 119, 11}, {79, 98, 131, 43}, {176, 53, 113, 163}, {185, 125, 33, 227}}},
 		{Region: "US Central", IPs: []net.IP{{67, 212, 238, 196}, {69, 12, 94, 67}, {104, 129, 18, 3}, {104, 129, 18, 131}, {104, 223, 92, 163}, {107, 150, 31, 3}, {107, 150, 31, 67}, {107, 150, 31, 131}, {107, 161, 86, 131}, {107, 182, 234, 240}, {161, 129, 70, 195}, {162, 222, 198, 67}, {172, 241, 26, 78}, {172, 241, 131, 129}, {198, 12, 76, 211}, {198, 54, 128, 116}, {198, 55, 125, 195}, {199, 115, 96, 83}, {204, 44, 112, 67}, {204, 44, 112, 131}, {206, 217, 139, 19}, {206, 217, 139, 195}, {206, 217, 143, 131}}},
 		{Region: "US West", IPs: []net.IP{{23, 83, 130, 166}, {23, 83, 131, 187}, {23, 94, 74, 99}, {37, 120, 147, 163}, {64, 120, 2, 174}, {66, 115, 176, 3}, {82, 102, 30, 67}, {89, 187, 185, 34}, {89, 187, 187, 98}, {104, 129, 3, 67}, {104, 129, 3, 163}, {104, 129, 56, 67}, {104, 129, 56, 131}, {104, 152, 222, 33}, {167, 88, 60, 227}, {167, 88, 60, 243}, {172, 241, 214, 202}, {172, 241, 250, 131}, {172, 255, 125, 141}, {185, 236, 200, 35}, {192, 3, 20, 51}, {198, 12, 116, 195}, {198, 23, 242, 147}, {209, 58, 129, 121}, {212, 103, 49, 67}, {216, 45, 53, 131}, {217, 138, 217, 51}, {217, 138, 217, 211}}},
 		{Region: "Ukraine", IPs: []net.IP{{45, 141, 156, 11}, {45, 141, 156, 50}}},
 		{Region: "United Arab Emirates", IPs: []net.IP{{45, 9, 249, 43}}},
 		{Region: "United Kingdom", IPs: []net.IP{{2, 58, 29, 17}, {2, 58, 29, 145}, {81, 92, 207, 69}, {84, 17, 50, 130}, {89, 44, 201, 99}, {89, 238, 135, 133}, {89, 238, 150, 229}, {185, 212, 168, 133}, {212, 102, 63, 32}, {212, 102, 63, 62}, {217, 138, 254, 51}}},
 		{Region: "Vietnam", IPs: []net.IP{{103, 9, 76, 197}, {103, 9, 79, 186}, {103, 9, 79, 219}}},
 		{Region: "Windflix CA", IPs: []net.IP{{104, 218, 60, 111}, {104, 254, 92, 99}}},
 		{Region: "Windflix JP", IPs: []net.IP{{5, 181, 235, 67}}},
 		{Region: "Windflix UK", IPs: []net.IP{{45, 9, 248, 3}, {81, 92, 200, 85}, {89, 47, 62, 83}}},
 		{Region: "Windflix US", IPs: []net.IP{{38, 132, 101, 211}, {38, 132, 122, 131}, {38, 132, 122, 195}, {77, 81, 136, 99}, {185, 232, 22, 131}, {217, 138, 206, 211}}},
 	}
 }
--- a/internal/dns/command.go
+++ b/internal/dns/command.go
@@ -1,26 +1,27 @@
 package dns
 import (
 	"context"
 	"fmt"
 	"io"
 	"strings"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 )
-func (c *configurator) Start(verbosityDetailsLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error) {
+func (c *configurator) Start(ctx context.Context, verbosityDetailsLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error) {
-	c.logger.Info("%s: starting unbound", logPrefix)
+	c.logger.Info("starting unbound")
 	args := []string{"-d", "-c", string(constants.UnboundConf)}
 	if verbosityDetailsLevel > 0 {
 		args = append(args, "-"+strings.Repeat("v", int(verbosityDetailsLevel)))
 	}
 	// Only logs to stderr
-	_, stdout, waitFn, err = c.commander.Start("unbound", args...)
+	_, stdout, waitFn, err = c.commander.Start(ctx, "unbound", args...)
 	return stdout, waitFn, err
 }
-func (c *configurator) Version() (version string, err error) {
+func (c *configurator) Version(ctx context.Context) (version string, err error) {
-	output, err := c.commander.Run("unbound", "-V")
+	output, err := c.commander.Run(ctx, "unbound", "-V")
 	if err != nil {
 		return "", fmt.Errorf("unbound version: %w", err)
 	}
--- a/internal/dns/command_test.go
+++ b/internal/dns/command_test.go
@@ -1,31 +1,33 @@
 package dns
 import (
 	"context"
 	"fmt"
 	"testing"
-	commandMocks "github.com/qdm12/golibs/command/mocks"
+	"github.com/golang/mock/gomock"
-	loggingMocks "github.com/qdm12/golibs/logging/mocks"
+	"github.com/qdm12/golibs/command/mock_command"
 	"github.com/qdm12/golibs/logging/mock_logging"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 )
 func Test_Start(t *testing.T) {
 	t.Parallel()
-	logger := &loggingMocks.Logger{}
+	mockCtrl := gomock.NewController(t)
-	logger.On("Info", "%s: starting unbound", logPrefix).Once()
+	defer mockCtrl.Finish()
-	commander := &commandMocks.Commander{}
+	logger := mock_logging.NewMockLogger(mockCtrl)
-	commander.On("Start", "unbound", "-d", "-c", string(constants.UnboundConf), "-vv").
+	logger.EXPECT().Info("starting unbound").Times(1)
-		Return(nil, nil, nil, nil).Once()
+	commander := mock_command.NewMockCommander(mockCtrl)
 	commander.EXPECT().Start(context.Background(), "unbound", "-d", "-c", string(constants.UnboundConf), "-vv").
 		Return(nil, nil, nil, nil).Times(1)
 	c := &configurator{commander: commander, logger: logger}
-	stdout, waitFn, err := c.Start(2)
+	stdout, waitFn, err := c.Start(context.Background(), 2)
 	assert.Nil(t, stdout)
 	assert.Nil(t, waitFn)
 	assert.NoError(t, err)
 	logger.AssertExpectations(t)
 	commander.AssertExpectations(t)
 }
 func Test_Version(t *testing.T) {
@@ -52,11 +54,13 @@ func Test_Version(t *testing.T) {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			commander := &commandMocks.Commander{}
+			mockCtrl := gomock.NewController(t)
-			commander.On("Run", "unbound", "-V").
+			defer mockCtrl.Finish()
-				Return(tc.runOutput, tc.runErr).Once()
+			commander := mock_command.NewMockCommander(mockCtrl)
 			commander.EXPECT().Run(context.Background(), "unbound", "-V").
 				Return(tc.runOutput, tc.runErr).Times(1)
 			c := &configurator{commander: commander}
-			version, err := c.Version()
+			version, err := c.Version(context.Background())
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())
@@ -64,7 +68,6 @@ func Test_Version(t *testing.T) {
 				assert.NoError(t, err)
 			}
 			assert.Equal(t, tc.version, version)
 			commander.AssertExpectations(t)
 		})
 	}
 }
--- a/internal/dns/conf.go
+++ b/internal/dns/conf.go
@@ -1,288 +1,289 @@
-package dns
+package dns
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"sort"
+	"net/http"
-	"strings"
+	"sort"
-
+	"strings"
-	"github.com/qdm12/golibs/files"
+
-	"github.com/qdm12/golibs/logging"
+	"github.com/qdm12/gluetun/internal/constants"
-	"github.com/qdm12/golibs/network"
+	"github.com/qdm12/gluetun/internal/settings"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/golibs/files"
-	"github.com/qdm12/private-internet-access-docker/internal/settings"
+	"github.com/qdm12/golibs/logging"
-)
+	"github.com/qdm12/golibs/network"
-
+)
-func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err error) {
+
-	c.logger.Info("%s: generating Unbound configuration", logPrefix)
+func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err error) {
-	lines, warnings, err := generateUnboundConf(settings, c.client, c.logger)
+	c.logger.Info("generating Unbound configuration")
-	for _, warning := range warnings {
+	lines, warnings := generateUnboundConf(settings, c.client, c.logger)
-		c.logger.Warn(warning)
+	for _, warning := range warnings {
-	}
+		c.logger.Warn(warning)
-	if err != nil {
+	}
-		return err
+	return c.fileManager.WriteLinesToFile(
-	}
+		string(constants.UnboundConf),
-	return c.fileManager.WriteLinesToFile(
+		lines,
-		string(constants.UnboundConf),
+		files.Ownership(uid, gid),
-		lines,
+		files.Permissions(0400))
-		files.Ownership(uid, gid),
+}
-		files.Permissions(0400))
+
-}
+// MakeUnboundConf generates an Unbound configuration from the user provided settings
-
+func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error) {
-// MakeUnboundConf generates an Unbound configuration from the user provided settings
+	doIPv6 := "no"
-func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error, err error) {
+	if settings.IPv6 {
-	serverSection := map[string]string{
+		doIPv6 = "yes"
-		// Logging
+	}
-		"verbosity":     fmt.Sprintf("%d", settings.VerbosityLevel),
+	serverSection := map[string]string{
-		"val-log-level": fmt.Sprintf("%d", settings.ValidationLogLevel),
+		// Logging
-		"use-syslog":    "no",
+		"verbosity":     fmt.Sprintf("%d", settings.VerbosityLevel),
-		// Performance
+		"val-log-level": fmt.Sprintf("%d", settings.ValidationLogLevel),
-		"num-threads":       "1",
+		"use-syslog":    "no",
-		"prefetch":          "yes",
+		// Performance
-		"prefetch-key":      "yes",
+		"num-threads":       "1",
-		"key-cache-size":    "16m",
+		"prefetch":          "yes",
-		"key-cache-slabs":   "4",
+		"prefetch-key":      "yes",
-		"msg-cache-size":    "4m",
+		"key-cache-size":    "16m",
-		"msg-cache-slabs":   "4",
+		"key-cache-slabs":   "4",
-		"rrset-cache-size":  "4m",
+		"msg-cache-size":    "4m",
-		"rrset-cache-slabs": "4",
+		"msg-cache-slabs":   "4",
-		"cache-min-ttl":     "3600",
+		"rrset-cache-size":  "4m",
-		"cache-max-ttl":     "9000",
+		"rrset-cache-slabs": "4",
-		// Privacy
+		"cache-min-ttl":     "3600",
-		"rrset-roundrobin": "yes",
+		"cache-max-ttl":     "9000",
-		"hide-identity":    "yes",
+		// Privacy
-		"hide-version":     "yes",
+		"rrset-roundrobin": "yes",
-		// Security
+		"hide-identity":    "yes",
-		"tls-cert-bundle":       fmt.Sprintf("%q", constants.CACertificates),
+		"hide-version":     "yes",
-		"root-hints":            fmt.Sprintf("%q", constants.RootHints),
+		// Security
-		"trust-anchor-file":     fmt.Sprintf("%q", constants.RootKey),
+		"tls-cert-bundle":       fmt.Sprintf("%q", constants.CACertificates),
-		"harden-below-nxdomain": "yes",
+		"root-hints":            fmt.Sprintf("%q", constants.RootHints),
-		"harden-referral-path":  "yes",
+		"trust-anchor-file":     fmt.Sprintf("%q", constants.RootKey),
-		"harden-algo-downgrade": "yes",
+		"harden-below-nxdomain": "yes",
-		// Network
+		"harden-referral-path":  "yes",
-		"do-ip4":    "yes",
+		"harden-algo-downgrade": "yes",
-		"do-ip6":    "no",
+		// Network
-		"interface": "127.0.0.1",
+		"do-ip4":    "yes",
-		"port":      "53",
+		"do-ip6":    doIPv6,
-		// Other
+		"interface": "127.0.0.1",
-		"username": "\"nonrootuser\"",
+		"port":      "53",
-	}
+		// Other
-
+		"username": "\"nonrootuser\"",
-	// Block lists
+	}
-	hostnamesLines, ipsLines, warnings := buildBlocked(client,
+
-		settings.BlockMalicious, settings.BlockAds, settings.BlockSurveillance,
+	// Block lists
-		settings.AllowedHostnames, settings.PrivateAddresses,
+	hostnamesLines, ipsLines, warnings := buildBlocked(client,
-	)
+		settings.BlockMalicious, settings.BlockAds, settings.BlockSurveillance,
-	logger.Info("%s: %d hostnames blocked overall", logPrefix, len(hostnamesLines))
+		settings.AllowedHostnames, settings.PrivateAddresses,
-	logger.Info("%s: %d IP addresses blocked overall", logPrefix, len(ipsLines))
+	)
-	sort.Slice(hostnamesLines, func(i, j int) bool { // for unit tests really
+	logger.Info("%d hostnames blocked overall", len(hostnamesLines))
-		return hostnamesLines[i] < hostnamesLines[j]
+	logger.Info("%d IP addresses blocked overall", len(ipsLines))
-	})
+	sort.Slice(hostnamesLines, func(i, j int) bool { // for unit tests really
-	sort.Slice(ipsLines, func(i, j int) bool { // for unit tests really
+		return hostnamesLines[i] < hostnamesLines[j]
-		return ipsLines[i] < ipsLines[j]
+	})
-	})
+	sort.Slice(ipsLines, func(i, j int) bool { // for unit tests really
-
+		return ipsLines[i] < ipsLines[j]
-	// Server
+	})
-	lines = append(lines, "server:")
+
-	var serverLines []string
+	// Server
-	for k, v := range serverSection {
+	lines = append(lines, "server:")
-		serverLines = append(serverLines, "  "+k+": "+v)
+	serverLines := make([]string, len(serverSection))
-	}
+	i := 0
-	sort.Slice(serverLines, func(i, j int) bool {
+	for k, v := range serverSection {
-		return serverLines[i] < serverLines[j]
+		serverLines[i] = "  " + k + ": " + v
-	})
+		i++
-	lines = append(lines, serverLines...)
+	}
-	lines = append(lines, hostnamesLines...)
+	sort.Slice(serverLines, func(i, j int) bool {
-	lines = append(lines, ipsLines...)
+		return serverLines[i] < serverLines[j]
-
+	})
-	// Forward zone
+	lines = append(lines, serverLines...)
-	lines = append(lines, "forward-zone:")
+	lines = append(lines, hostnamesLines...)
-	forwardZoneSection := map[string]string{
+	lines = append(lines, ipsLines...)
-		"name":                 "\".\"",
+
-		"forward-tls-upstream": "yes",
+	// Forward zone
-	}
+	lines = append(lines, "forward-zone:")
-	if settings.Caching {
+	forwardZoneSection := map[string]string{
-		forwardZoneSection["forward-no-cache"] = "no"
+		"name":                 "\".\"",
-	} else {
+		"forward-tls-upstream": "yes",
-		forwardZoneSection["forward-no-cache"] = "yes"
+	}
-	}
+	if settings.Caching {
-	var forwardZoneLines []string
+		forwardZoneSection["forward-no-cache"] = "no"
-	for k, v := range forwardZoneSection {
+	} else {
-		forwardZoneLines = append(forwardZoneLines, "  "+k+": "+v)
+		forwardZoneSection["forward-no-cache"] = "yes"
-	}
+	}
-	sort.Slice(forwardZoneLines, func(i, j int) bool {
+	forwardZoneLines := make([]string, len(forwardZoneSection))
-		return forwardZoneLines[i] < forwardZoneLines[j]
+	i = 0
-	})
+	for k, v := range forwardZoneSection {
-	for _, provider := range settings.Providers {
+		forwardZoneLines[i] = "  " + k + ": " + v
-		providerData, ok := constants.DNSProviderMapping()[provider]
+		i++
-		if !ok {
+	}
-			return nil, warnings, fmt.Errorf("DNS provider %q does not have associated data", provider)
+	sort.Slice(forwardZoneLines, func(i, j int) bool {
-		} else if !providerData.SupportsTLS {
+		return forwardZoneLines[i] < forwardZoneLines[j]
-			return nil, warnings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
+	})
-		}
+	for _, provider := range settings.Providers {
-		for _, IP := range providerData.IPs {
+		providerData := constants.DNSProviderMapping()[provider]
-			forwardZoneLines = append(forwardZoneLines,
+		for _, IP := range providerData.IPs {
-				fmt.Sprintf("  forward-addr: %s@853#%s", IP.String(), providerData.Host))
+			forwardZoneLines = append(forwardZoneLines,
-		}
+				fmt.Sprintf("  forward-addr: %s@853#%s", IP, providerData.Host))
-	}
+		}
-	lines = append(lines, forwardZoneLines...)
+	}
-	return lines, warnings, nil
+	lines = append(lines, forwardZoneLines...)
-}
+	return lines, warnings
-
+}
-func buildBlocked(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
+
-	allowedHostnames, privateAddresses []string) (hostnamesLines, ipsLines []string, errs []error) {
+func buildBlocked(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
-	chHostnames := make(chan []string)
+	allowedHostnames, privateAddresses []string) (hostnamesLines, ipsLines []string, errs []error) {
-	chIPs := make(chan []string)
+	chHostnames := make(chan []string)
-	chErrors := make(chan []error)
+	chIPs := make(chan []string)
-	go func() {
+	chErrors := make(chan []error)
-		lines, errs := buildBlockedHostnames(client, blockMalicious, blockAds, blockSurveillance, allowedHostnames)
+	go func() {
-		chHostnames <- lines
+		lines, errs := buildBlockedHostnames(client, blockMalicious, blockAds, blockSurveillance, allowedHostnames)
-		chErrors <- errs
+		chHostnames <- lines
-	}()
+		chErrors <- errs
-	go func() {
+	}()
-		lines, errs := buildBlockedIPs(client, blockMalicious, blockAds, blockSurveillance, privateAddresses)
+	go func() {
-		chIPs <- lines
+		lines, errs := buildBlockedIPs(client, blockMalicious, blockAds, blockSurveillance, privateAddresses)
-		chErrors <- errs
+		chIPs <- lines
-	}()
+		chErrors <- errs
-	n := 2
+	}()
-	for n > 0 {
+	n := 2
-		select {
+	for n > 0 {
-		case lines := <-chHostnames:
+		select {
-			hostnamesLines = append(hostnamesLines, lines...)
+		case lines := <-chHostnames:
-		case lines := <-chIPs:
+			hostnamesLines = append(hostnamesLines, lines...)
-			ipsLines = append(ipsLines, lines...)
+		case lines := <-chIPs:
-		case routineErrs := <-chErrors:
+			ipsLines = append(ipsLines, lines...)
-			errs = append(errs, routineErrs...)
+		case routineErrs := <-chErrors:
-			n--
+			errs = append(errs, routineErrs...)
-		}
+			n--
-	}
+		}
-	return hostnamesLines, ipsLines, errs
+	}
-}
+	return hostnamesLines, ipsLines, errs
-
+}
-func getList(client network.Client, URL string) (results []string, err error) {
+
-	content, status, err := client.GetContent(URL)
+func getList(client network.Client, url string) (results []string, err error) {
-	if err != nil {
+	content, status, err := client.GetContent(url)
-		return nil, err
+	if err != nil {
-	} else if status != 200 {
+		return nil, err
-		return nil, fmt.Errorf("HTTP status code is %d and not 200", status)
+	} else if status != http.StatusOK {
-	}
+		return nil, fmt.Errorf("HTTP status code is %d and not 200", status)
-	results = strings.Split(string(content), "\n")
+	}
-
+	results = strings.Split(string(content), "\n")
-	// remove empty lines
+
-	last := len(results) - 1
+	// remove empty lines
-	for i := range results {
+	last := len(results) - 1
-		if len(results[i]) == 0 {
+	for i := range results {
-			results[i] = results[last]
+		if len(results[i]) == 0 {
-			last--
+			results[i] = results[last]
-		}
+			last--
-	}
+		}
-	results = results[:last+1]
+	}
-
+	results = results[:last+1]
-	if len(results) == 0 {
+
-		return nil, nil
+	if len(results) == 0 {
-	}
+		return nil, nil
-	return results, nil
+	}
-}
+	return results, nil
-
+}
-func buildBlockedHostnames(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
+
-	allowedHostnames []string) (lines []string, errs []error) {
+func buildBlockedHostnames(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
-	chResults := make(chan []string)
+	allowedHostnames []string) (lines []string, errs []error) {
-	chError := make(chan error)
+	chResults := make(chan []string)
-	listsLeftToFetch := 0
+	chError := make(chan error)
-	if blockMalicious {
+	listsLeftToFetch := 0
-		listsLeftToFetch++
+	if blockMalicious {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.MaliciousBlockListHostnamesURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.MaliciousBlockListHostnamesURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	if blockAds {
+	}
-		listsLeftToFetch++
+	if blockAds {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.AdsBlockListHostnamesURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.AdsBlockListHostnamesURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	if blockSurveillance {
+	}
-		listsLeftToFetch++
+	if blockSurveillance {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.SurveillanceBlockListHostnamesURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.SurveillanceBlockListHostnamesURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	uniqueResults := make(map[string]struct{})
+	}
-	for listsLeftToFetch > 0 {
+	uniqueResults := make(map[string]struct{})
-		select {
+	for listsLeftToFetch > 0 {
-		case results := <-chResults:
+		select {
-			for _, result := range results {
+		case results := <-chResults:
-				uniqueResults[result] = struct{}{}
+			for _, result := range results {
-			}
+				uniqueResults[result] = struct{}{}
-		case err := <-chError:
+			}
-			listsLeftToFetch--
+		case err := <-chError:
-			if err != nil {
+			listsLeftToFetch--
-				errs = append(errs, err)
+			if err != nil {
-			}
+				errs = append(errs, err)
-		}
+			}
-	}
+		}
-	for _, allowedHostname := range allowedHostnames {
+	}
-		delete(uniqueResults, allowedHostname)
+	for _, allowedHostname := range allowedHostnames {
-	}
+		delete(uniqueResults, allowedHostname)
-	for result := range uniqueResults {
+	}
-		lines = append(lines, "  local-zone: \""+result+"\" static")
+	for result := range uniqueResults {
-	}
+		lines = append(lines, "  local-zone: \""+result+"\" static")
-	return lines, errs
+	}
-}
+	return lines, errs
-
+}
-func buildBlockedIPs(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
+
-	privateAddresses []string) (lines []string, errs []error) {
+func buildBlockedIPs(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
-	chResults := make(chan []string)
+	privateAddresses []string) (lines []string, errs []error) {
-	chError := make(chan error)
+	chResults := make(chan []string)
-	listsLeftToFetch := 0
+	chError := make(chan error)
-	if blockMalicious {
+	listsLeftToFetch := 0
-		listsLeftToFetch++
+	if blockMalicious {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.MaliciousBlockListIPsURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.MaliciousBlockListIPsURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	if blockAds {
+	}
-		listsLeftToFetch++
+	if blockAds {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.AdsBlockListIPsURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.AdsBlockListIPsURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	if blockSurveillance {
+	}
-		listsLeftToFetch++
+	if blockSurveillance {
-		go func() {
+		listsLeftToFetch++
-			results, err := getList(client, string(constants.SurveillanceBlockListIPsURL))
+		go func() {
-			chResults <- results
+			results, err := getList(client, string(constants.SurveillanceBlockListIPsURL))
-			chError <- err
+			chResults <- results
-		}()
+			chError <- err
-	}
+		}()
-	uniqueResults := make(map[string]struct{})
+	}
-	for listsLeftToFetch > 0 {
+	uniqueResults := make(map[string]struct{})
-		select {
+	for listsLeftToFetch > 0 {
-		case results := <-chResults:
+		select {
-			for _, result := range results {
+		case results := <-chResults:
-				uniqueResults[result] = struct{}{}
+			for _, result := range results {
-			}
+				uniqueResults[result] = struct{}{}
-		case err := <-chError:
+			}
-			listsLeftToFetch--
+		case err := <-chError:
-			if err != nil {
+			listsLeftToFetch--
-				errs = append(errs, err)
+			if err != nil {
-			}
+				errs = append(errs, err)
-		}
+			}
-	}
+		}
-	for _, privateAddress := range privateAddresses {
+	}
-		uniqueResults[privateAddress] = struct{}{}
+	for _, privateAddress := range privateAddresses {
-	}
+		uniqueResults[privateAddress] = struct{}{}
-	for result := range uniqueResults {
+	}
-		lines = append(lines, "  private-address: "+result)
+	for result := range uniqueResults {
-	}
+		lines = append(lines, "  private-address: "+result)
-	return lines, errs
+	}
-}
+	return lines, errs
 }
--- a/internal/dns/conf_test.go
+++ b/internal/dns/conf_test.go
--- a/internal/dns/dns.go
+++ b/internal/dns/dns.go
@@ -1,27 +1,26 @@
 package dns
 import (
 	"context"
 	"io"
 	"net"
 	"github.com/qdm12/gluetun/internal/settings"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/golibs/logging"
 	"github.com/qdm12/golibs/network"
 	"github.com/qdm12/private-internet-access-docker/internal/settings"
 )
 const logPrefix = "dns configurator"
 type Configurator interface {
 	DownloadRootHints(uid, gid int) error
 	DownloadRootKey(uid, gid int) error
 	MakeUnboundConf(settings settings.DNS, uid, gid int) (err error)
 	UseDNSInternally(IP net.IP)
-	UseDNSSystemWide(IP net.IP) error
+	UseDNSSystemWide(ip net.IP, keepNameserver bool) error
-	Start(logLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error)
+	Start(ctx context.Context, logLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error)
 	WaitForUnbound() (err error)
-	Version() (version string, err error)
+	Version(ctx context.Context) (version string, err error)
 }
 type configurator struct {
@@ -34,7 +33,7 @@ type configurator struct {
 func NewConfigurator(logger logging.Logger, client network.Client, fileManager files.FileManager) Configurator {
 	return &configurator{
-		logger:      logger,
+		logger:      logger.WithPrefix("dns configurator: "),
 		client:      client,
 		fileManager: fileManager,
 		commander:   command.NewCommander(),
--- a/internal/dns/loop.go
+++ b/internal/dns/loop.go
@@ -0,0 +1,333 @@
 package dns
 import (
 	"context"
 	"net"
 	"sync"
 	"time"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/settings"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/logging"
 )
 type Looper interface {
 	Run(ctx context.Context, wg *sync.WaitGroup, signalDNSReady func())
 	RunRestartTicker(ctx context.Context, wg *sync.WaitGroup)
 	Restart()
 	Start()
 	Stop()
 	GetSettings() (settings settings.DNS)
 	SetSettings(settings settings.DNS)
 }
 type looper struct {
 	conf          Configurator
 	settings      settings.DNS
 	settingsMutex sync.RWMutex
 	logger        logging.Logger
 	streamMerger  command.StreamMerger
 	uid           int
 	gid           int
 	restart       chan struct{}
 	start         chan struct{}
 	stop          chan struct{}
 	updateTicker  chan struct{}
 	timeNow       func() time.Time
 	timeSince     func(time.Time) time.Duration
 }
 func NewLooper(conf Configurator, settings settings.DNS, logger logging.Logger,
 	streamMerger command.StreamMerger, uid, gid int) Looper {
 	return &looper{
 		conf:         conf,
 		settings:     settings,
 		logger:       logger.WithPrefix("dns over tls: "),
 		uid:          uid,
 		gid:          gid,
 		streamMerger: streamMerger,
 		restart:      make(chan struct{}),
 		start:        make(chan struct{}),
 		stop:         make(chan struct{}),
 		updateTicker: make(chan struct{}),
 		timeNow:      time.Now,
 		timeSince:    time.Since,
 	}
 }
 func (l *looper) Restart() { l.restart <- struct{}{} }
 func (l *looper) Start()   { l.start <- struct{}{} }
 func (l *looper) Stop()    { l.stop <- struct{}{} }
 func (l *looper) GetSettings() (settings settings.DNS) {
 	l.settingsMutex.RLock()
 	defer l.settingsMutex.RUnlock()
 	return l.settings
 }
 func (l *looper) SetSettings(settings settings.DNS) {
 	l.settingsMutex.Lock()
 	defer l.settingsMutex.Unlock()
 	updatePeriodDiffers := l.settings.UpdatePeriod != settings.UpdatePeriod
 	l.settings = settings
 	l.settingsMutex.Unlock()
 	if updatePeriodDiffers {
 		l.updateTicker <- struct{}{}
 	}
 }
 func (l *looper) isEnabled() bool {
 	l.settingsMutex.RLock()
 	defer l.settingsMutex.RUnlock()
 	return l.settings.Enabled
 }
 func (l *looper) setEnabled(enabled bool) {
 	l.settingsMutex.Lock()
 	defer l.settingsMutex.Unlock()
 	l.settings.Enabled = enabled
 }
 func (l *looper) logAndWait(ctx context.Context, err error) {
 	l.logger.Warn(err)
 	l.logger.Info("attempting restart in 10 seconds")
 	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
 	defer cancel()
 	<-ctx.Done()
 }
 func (l *looper) waitForFirstStart(ctx context.Context, signalDNSReady func()) {
 	for {
 		select {
 		case <-l.stop:
 			l.setEnabled(false)
 			l.logger.Info("not started yet")
 		case <-l.restart:
 			if l.isEnabled() {
 				return
 			}
 			signalDNSReady()
 			l.logger.Info("not restarting because disabled")
 		case <-l.start:
 			l.setEnabled(true)
 			return
 		case <-ctx.Done():
 			return
 		}
 	}
 }
 func (l *looper) waitForSubsequentStart(ctx context.Context, unboundCancel context.CancelFunc) {
 	if l.isEnabled() {
 		return
 	}
 	for {
 		// wait for a signal to re-enable
 		select {
 		case <-l.stop:
 			l.logger.Info("already disabled")
 		case <-l.restart:
 			if !l.isEnabled() {
 				l.logger.Info("not restarting because disabled")
 			} else {
 				return
 			}
 		case <-l.start:
 			l.setEnabled(true)
 			return
 		case <-ctx.Done():
 			unboundCancel()
 			return
 		}
 	}
 }
 func (l *looper) Run(ctx context.Context, wg *sync.WaitGroup, signalDNSReady func()) {
 	defer wg.Done()
 	const fallback = false
 	l.useUnencryptedDNS(fallback)
 	l.waitForFirstStart(ctx, signalDNSReady)
 	if ctx.Err() != nil {
 		return
 	}
 	defer l.logger.Warn("loop exited")
 	var unboundCtx context.Context
 	var unboundCancel context.CancelFunc = func() {}
 	var waitError chan error
 	triggeredRestart := false
 	l.setEnabled(true)
 	for ctx.Err() == nil {
 		l.waitForSubsequentStart(ctx, unboundCancel)
 		settings := l.GetSettings()
 		// Setup
 		if err := l.conf.DownloadRootHints(l.uid, l.gid); err != nil {
 			l.logAndWait(ctx, err)
 			continue
 		}
 		if err := l.conf.DownloadRootKey(l.uid, l.gid); err != nil {
 			l.logAndWait(ctx, err)
 			continue
 		}
 		if err := l.conf.MakeUnboundConf(settings, l.uid, l.gid); err != nil {
 			l.logAndWait(ctx, err)
 			continue
 		}
 		if triggeredRestart {
 			triggeredRestart = false
 			unboundCancel()
 			<-waitError
 			close(waitError)
 		}
 		unboundCtx, unboundCancel = context.WithCancel(context.Background())
 		stream, waitFn, err := l.conf.Start(unboundCtx, settings.VerbosityDetailsLevel)
 		if err != nil {
 			unboundCancel()
 			const fallback = true
 			l.useUnencryptedDNS(fallback)
 			l.logAndWait(ctx, err)
 			continue
 		}
 		// Started successfully
 		go l.streamMerger.Merge(unboundCtx, stream, command.MergeName("unbound"))
 		l.conf.UseDNSInternally(net.IP{127, 0, 0, 1})                                                  // use Unbound
 		if err := l.conf.UseDNSSystemWide(net.IP{127, 0, 0, 1}, settings.KeepNameserver); err != nil { // use Unbound
 			l.logger.Error(err)
 		}
 		if err := l.conf.WaitForUnbound(); err != nil {
 			unboundCancel()
 			const fallback = true
 			l.useUnencryptedDNS(fallback)
 			l.logAndWait(ctx, err)
 			continue
 		}
 		waitError = make(chan error)
 		go func() {
 			err := waitFn() // blocking
 			waitError <- err
 		}()
 		l.logger.Info("DNS over TLS is ready")
 		signalDNSReady()
 		stayHere := true
 		for stayHere {
 			select {
 			case <-ctx.Done():
 				l.logger.Warn("context canceled: exiting loop")
 				unboundCancel()
 				<-waitError
 				close(waitError)
 				return
 			case <-l.restart: // triggered restart
 				l.logger.Info("restarting")
 				// unboundCancel occurs next loop run when the setup is complete
 				triggeredRestart = true
 				stayHere = false
 			case <-l.start:
 				l.logger.Info("already started")
 			case <-l.stop:
 				l.logger.Info("stopping")
 				unboundCancel()
 				<-waitError
 				close(waitError)
 				l.setEnabled(false)
 				stayHere = false
 			case err := <-waitError: // unexpected error
 				close(waitError)
 				unboundCancel()
 				const fallback = true
 				l.useUnencryptedDNS(fallback)
 				l.logAndWait(ctx, err)
 				stayHere = false
 			}
 		}
 	}
 	unboundCancel()
 }
 func (l *looper) useUnencryptedDNS(fallback bool) {
 	settings := l.GetSettings()
 	// Try with user provided plaintext ip address
 	targetIP := settings.PlaintextAddress
 	if targetIP != nil {
 		if fallback {
 			l.logger.Info("falling back on plaintext DNS at address %s", targetIP)
 		} else {
 			l.logger.Info("using plaintext DNS at address %s", targetIP)
 		}
 		l.conf.UseDNSInternally(targetIP)
 		if err := l.conf.UseDNSSystemWide(targetIP, settings.KeepNameserver); err != nil {
 			l.logger.Error(err)
 		}
 		return
 	}
 	// Try with any IPv4 address from the providers chosen
 	for _, provider := range settings.Providers {
 		data := constants.DNSProviderMapping()[provider]
 		for _, targetIP = range data.IPs {
 			if targetIP.To4() != nil {
 				l.logger.Info("falling back on plaintext DNS at address %s", targetIP)
 				l.conf.UseDNSInternally(targetIP)
 				if err := l.conf.UseDNSSystemWide(targetIP, settings.KeepNameserver); err != nil {
 					l.logger.Error(err)
 				}
 				return
 			}
 		}
 	}
 	// No IPv4 address found
 	l.logger.Error("no ipv4 DNS address found for providers %s", settings.Providers)
 }
 func (l *looper) RunRestartTicker(ctx context.Context, wg *sync.WaitGroup) {
 	defer wg.Done()
 	// Timer that acts as a ticker
 	timer := time.NewTimer(time.Hour)
 	timer.Stop()
 	timerIsStopped := true
 	settings := l.GetSettings()
 	if settings.UpdatePeriod > 0 {
 		timer.Reset(settings.UpdatePeriod)
 		timerIsStopped = false
 	}
 	lastTick := time.Unix(0, 0)
 	for {
 		select {
 		case <-ctx.Done():
 			if !timerIsStopped && !timer.Stop() {
 				<-timer.C
 			}
 			return
 		case <-timer.C:
 			lastTick = l.timeNow()
 			l.restart <- struct{}{}
 			settings := l.GetSettings()
 			timer.Reset(settings.UpdatePeriod)
 		case <-l.updateTicker:
 			if !timer.Stop() {
 				<-timer.C
 			}
 			timerIsStopped = true
 			settings := l.GetSettings()
 			newUpdatePeriod := settings.UpdatePeriod
 			if newUpdatePeriod == 0 {
 				continue
 			}
 			var waited time.Duration
 			if lastTick.UnixNano() != 0 {
 				waited = l.timeSince(lastTick)
 			}
 			leftToWait := newUpdatePeriod - waited
 			timer.Reset(leftToWait)
 			timerIsStopped = false
 		}
 	}
 }
--- a/internal/dns/nameserver.go
+++ b/internal/dns/nameserver.go
@@ -5,24 +5,24 @@ import (
 	"net"
 	"strings"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 )
 // UseDNSInternally is to change the Go program DNS only
-func (c *configurator) UseDNSInternally(IP net.IP) {
+func (c *configurator) UseDNSInternally(ip net.IP) {
-	c.logger.Info("%s: using DNS address %s internally", logPrefix, IP.String())
+	c.logger.Info("using DNS address %s internally", ip.String())
 	net.DefaultResolver = &net.Resolver{
 		PreferGo: true,
 		Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
 			d := net.Dialer{}
-			return d.DialContext(ctx, "udp", net.JoinHostPort(IP.String(), "53"))
+			return d.DialContext(ctx, "udp", net.JoinHostPort(ip.String(), "53"))
 		},
 	}
 }
 // UseDNSSystemWide changes the nameserver to use for DNS system wide
-func (c *configurator) UseDNSSystemWide(IP net.IP) error {
+func (c *configurator) UseDNSSystemWide(ip net.IP, keepNameserver bool) error {
-	c.logger.Info("%s: using DNS address %s system wide", logPrefix, IP.String())
+	c.logger.Info("using DNS address %s system wide", ip.String())
 	data, err := c.fileManager.ReadFile(string(constants.ResolvConf))
 	if err != nil {
 		return err
@@ -33,14 +33,16 @@ func (c *configurator) UseDNSSystemWide(IP net.IP) error {
 		lines = nil
 	}
 	found := false
-	for i := range lines {
+	if !keepNameserver { // default
-		if strings.HasPrefix(lines[i], "nameserver ") {
+		for i := range lines {
-			lines[i] = "nameserver " + IP.String()
+			if strings.HasPrefix(lines[i], "nameserver ") {
-			found = true
+				lines[i] = "nameserver " + ip.String()
 				found = true
 			}
 		}
 	}
 	if !found {
-		lines = append(lines, "nameserver "+IP.String())
+		lines = append(lines, "nameserver "+ip.String())
 	}
 	data = []byte(strings.Join(lines, "\n"))
 	return c.fileManager.WriteToFile(string(constants.ResolvConf), data)
--- a/internal/dns/nameserver_test.go
+++ b/internal/dns/nameserver_test.go
@@ -5,9 +5,10 @@ import (
 	"net"
 	"testing"
-	filesmocks "github.com/qdm12/golibs/files/mocks"
+	"github.com/golang/mock/gomock"
-	loggingmocks "github.com/qdm12/golibs/logging/mocks"
+	"github.com/qdm12/gluetun/internal/constants"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/golibs/files/mock_files"
 	"github.com/qdm12/golibs/logging/mock_logging"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -46,28 +47,28 @@ func Test_UseDNSSystemWide(t *testing.T) {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			fileManager := &filesmocks.FileManager{}
+			mockCtrl := gomock.NewController(t)
-			fileManager.On("ReadFile", string(constants.ResolvConf)).
+			defer mockCtrl.Finish()
-				Return(tc.data, tc.readErr).Once()
+			fileManager := mock_files.NewMockFileManager(mockCtrl)
 			fileManager.EXPECT().ReadFile(string(constants.ResolvConf)).
 				Return(tc.data, tc.readErr).Times(1)
 			if tc.readErr == nil {
-				fileManager.On("WriteToFile", string(constants.ResolvConf), tc.writtenData).
+				fileManager.EXPECT().WriteToFile(string(constants.ResolvConf), tc.writtenData).
-					Return(tc.writeErr).Once()
+					Return(tc.writeErr).Times(1)
 			}
-			logger := &loggingmocks.Logger{}
+			logger := mock_logging.NewMockLogger(mockCtrl)
-			logger.On("Info", "%s: using DNS address %s system wide", logPrefix, "127.0.0.1").Once()
+			logger.EXPECT().Info("using DNS address %s system wide", "127.0.0.1").Times(1)
 			c := &configurator{
 				fileManager: fileManager,
 				logger:      logger,
 			}
-			err := c.UseDNSSystemWide(net.IP{127, 0, 0, 1})
+			err := c.UseDNSSystemWide(net.IP{127, 0, 0, 1}, false)
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())
 			} else {
 				assert.NoError(t, err)
 			}
 			fileManager.AssertExpectations(t)
 			logger.AssertExpectations(t)
 		})
 	}
 }
--- a/internal/dns/roots.go
+++ b/internal/dns/roots.go
@@ -2,17 +2,18 @@ package dns
 import (
 	"fmt"
 	"net/http"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 )
 func (c *configurator) DownloadRootHints(uid, gid int) error {
-	c.logger.Info("%s: downloading root hints from %s", logPrefix, constants.NamedRootURL)
+	c.logger.Info("downloading root hints from %s", constants.NamedRootURL)
 	content, status, err := c.client.GetContent(string(constants.NamedRootURL))
 	if err != nil {
 		return err
-	} else if status != 200 {
+	} else if status != http.StatusOK {
 		return fmt.Errorf("HTTP status code is %d for %s", status, constants.NamedRootURL)
 	}
 	return c.fileManager.WriteToFile(
@@ -23,11 +24,11 @@ func (c *configurator) DownloadRootHints(uid, gid int) error {
 }
 func (c *configurator) DownloadRootKey(uid, gid int) error {
-	c.logger.Info("%s: downloading root key from %s", logPrefix, constants.RootKeyURL)
+	c.logger.Info("downloading root key from %s", constants.RootKeyURL)
 	content, status, err := c.client.GetContent(string(constants.RootKeyURL))
 	if err != nil {
 		return err
-	} else if status != 200 {
+	} else if status != http.StatusOK {
 		return fmt.Errorf("HTTP status code is %d for %s", status, constants.RootKeyURL)
 	}
 	return c.fileManager.WriteToFile(
--- a/internal/dns/roots_test.go
+++ b/internal/dns/roots_test.go
@@ -5,17 +5,18 @@ import (
 	"net/http"
 	"testing"
-	filesMocks "github.com/qdm12/golibs/files/mocks"
+	"github.com/golang/mock/gomock"
-	loggingMocks "github.com/qdm12/golibs/logging/mocks"
+	"github.com/qdm12/golibs/files"
-	networkMocks "github.com/qdm12/golibs/network/mocks"
+	"github.com/qdm12/golibs/files/mock_files"
 	"github.com/qdm12/golibs/logging/mock_logging"
 	"github.com/qdm12/golibs/network/mock_network"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 )
-func Test_DownloadRootHints(t *testing.T) {
+func Test_DownloadRootHints(t *testing.T) { //nolint:dupl
 	t.Parallel()
 	tests := map[string]struct {
 		content   []byte
@@ -49,20 +50,21 @@ func Test_DownloadRootHints(t *testing.T) {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			logger := &loggingMocks.Logger{}
+			mockCtrl := gomock.NewController(t)
-			logger.On("Info", "%s: downloading root hints from %s", logPrefix, constants.NamedRootURL).Once()
+			defer mockCtrl.Finish()
-			client := &networkMocks.Client{}
+			logger := mock_logging.NewMockLogger(mockCtrl)
-			client.On("GetContent", string(constants.NamedRootURL)).
+			logger.EXPECT().Info("downloading root hints from %s", constants.NamedRootURL).Times(1)
-				Return(tc.content, tc.status, tc.clientErr).Once()
+			client := mock_network.NewMockClient(mockCtrl)
-			fileManager := &filesMocks.FileManager{}
+			client.EXPECT().GetContent(string(constants.NamedRootURL)).
 				Return(tc.content, tc.status, tc.clientErr).Times(1)
 			fileManager := mock_files.NewMockFileManager(mockCtrl)
 			if tc.clientErr == nil && tc.status == http.StatusOK {
-				fileManager.On(
+				fileManager.EXPECT().WriteToFile(
 					"WriteToFile",
 					string(constants.RootHints),
 					tc.content,
-					mock.AnythingOfType("files.WriteOptionSetter"),
+					gomock.AssignableToTypeOf(files.Ownership(0, 0)),
-					mock.AnythingOfType("files.WriteOptionSetter")).
+					gomock.AssignableToTypeOf(files.Ownership(0, 0))).
-					Return(tc.writeErr).Once()
+					Return(tc.writeErr).Times(1)
 			}
 			c := &configurator{logger: logger, client: client, fileManager: fileManager}
 			err := c.DownloadRootHints(1000, 1000)
@@ -72,14 +74,11 @@ func Test_DownloadRootHints(t *testing.T) {
 			} else {
 				assert.NoError(t, err)
 			}
 			logger.AssertExpectations(t)
 			client.AssertExpectations(t)
 			fileManager.AssertExpectations(t)
 		})
 	}
 }
-func Test_DownloadRootKey(t *testing.T) {
+func Test_DownloadRootKey(t *testing.T) { //nolint:dupl
 	t.Parallel()
 	tests := map[string]struct {
 		content   []byte
@@ -113,20 +112,21 @@ func Test_DownloadRootKey(t *testing.T) {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			logger := &loggingMocks.Logger{}
+			mockCtrl := gomock.NewController(t)
-			logger.On("Info", "%s: downloading root key from %s", logPrefix, constants.RootKeyURL).Once()
+			defer mockCtrl.Finish()
-			client := &networkMocks.Client{}
+			logger := mock_logging.NewMockLogger(mockCtrl)
-			client.On("GetContent", string(constants.RootKeyURL)).
+			logger.EXPECT().Info("downloading root key from %s", constants.RootKeyURL).Times(1)
-				Return(tc.content, tc.status, tc.clientErr).Once()
+			client := mock_network.NewMockClient(mockCtrl)
-			fileManager := &filesMocks.FileManager{}
+			client.EXPECT().GetContent(string(constants.RootKeyURL)).
 				Return(tc.content, tc.status, tc.clientErr).Times(1)
 			fileManager := mock_files.NewMockFileManager(mockCtrl)
 			if tc.clientErr == nil && tc.status == http.StatusOK {
-				fileManager.On(
+				fileManager.EXPECT().WriteToFile(
 					"WriteToFile",
 					string(constants.RootKey),
 					tc.content,
-					mock.AnythingOfType("files.WriteOptionSetter"),
+					gomock.AssignableToTypeOf(files.Ownership(0, 0)),
-					mock.AnythingOfType("files.WriteOptionSetter"),
+					gomock.AssignableToTypeOf(files.Ownership(0, 0)),
-				).Return(tc.writeErr).Once()
+				).Return(tc.writeErr).Times(1)
 			}
 			c := &configurator{logger: logger, client: client, fileManager: fileManager}
 			err := c.DownloadRootKey(1000, 1001)
@@ -136,9 +136,6 @@ func Test_DownloadRootKey(t *testing.T) {
 			} else {
 				assert.NoError(t, err)
 			}
 			logger.AssertExpectations(t)
 			client.AssertExpectations(t)
 			fileManager.AssertExpectations(t)
 		})
 	}
 }
--- a/internal/dns/wait.go
+++ b/internal/dns/wait.go
@@ -8,13 +8,14 @@ import (
 func (c *configurator) WaitForUnbound() (err error) {
 	const maxTries = 10
 	const hostToResolve = "github.com"
 	time.Sleep(300 * time.Millisecond)
 	for try := 1; try <= maxTries; try++ {
 		_, err := c.lookupIP(hostToResolve)
 		if err == nil {
 			return nil
 		}
-		c.logger.Warn("could not resolve %s (try %d of %d)", hostToResolve, try, maxTries)
+		c.logger.Warn("could not resolve %s (try %d of %d): %s", hostToResolve, try, maxTries, err)
-		time.Sleep(time.Duration(maxTries * 50 * time.Millisecond))
+		time.Sleep(maxTries * 50 * time.Millisecond)
 	}
 	return fmt.Errorf("Unbound does not seem to be working after %d tries", maxTries)
 }
--- a/internal/env/env.go
+++ b/internal/env/env.go
@@ -1,40 +0,0 @@
 package env
 import (
 	"os"
 	"github.com/qdm12/golibs/logging"
 )
 type Env interface {
 	FatalOnError(err error)
 	PrintVersion(program string, commandFn func() (string, error))
 }
 type env struct {
 	logger logging.Logger
 	osExit func(n int)
 }
 func New(logger logging.Logger) Env {
 	return &env{
 		logger: logger,
 		osExit: os.Exit,
 	}
 }
 func (e *env) FatalOnError(err error) {
 	if err != nil {
 		e.logger.Error(err)
 		e.osExit(1)
 	}
 }
 func (e *env) PrintVersion(program string, commandFn func() (string, error)) {
 	version, err := commandFn()
 	if err != nil {
 		e.logger.Error(err)
 	} else {
 		e.logger.Info("%s version: %s", program, version)
 	}
 }
--- a/internal/env/env_test.go
+++ b/internal/env/env_test.go
@@ -1,90 +0,0 @@
 package env
 import (
 	"fmt"
 	"testing"
 	"github.com/qdm12/golibs/logging/mocks"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
 func Test_FatalOnError(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		err error
 	}{
 		"nil": {},
 		"err": {fmt.Errorf("error")},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			var logged string
 			var exitCode int
 			logger := &mocks.Logger{}
 			if tc.err != nil {
 				logger.On("Error", tc.err).
 					Run(func(args mock.Arguments) {
 						err := args.Get(0).(error)
 						logged = err.Error()
 					}).Once()
 			}
 			osExit := func(n int) { exitCode = n }
 			e := &env{logger, osExit}
 			e.FatalOnError(tc.err)
 			if tc.err != nil {
 				assert.Equal(t, logged, tc.err.Error())
 				assert.Equal(t, exitCode, 1)
 			} else {
 				assert.Empty(t, logged)
 				assert.Zero(t, exitCode)
 			}
 		})
 	}
 }
 func Test_PrintVersion(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		program        string
 		commandVersion string
 		commandErr     error
 	}{
 		"no data": {},
 		"data":    {"binu", "2.3-5", nil},
 		"error":   {"binu", "", fmt.Errorf("error")},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			var logged string
 			logger := &mocks.Logger{}
 			if tc.commandErr != nil {
 				logger.On("Error", tc.commandErr).
 					Run(func(args mock.Arguments) {
 						err := args.Get(0).(error)
 						logged = err.Error()
 					}).Once()
 			} else {
 				logger.On("Info", "%s version: %s", tc.program, tc.commandVersion).
 					Run(func(args mock.Arguments) {
 						format := args.Get(0).(string)
 						program := args.Get(1).(string)
 						version := args.Get(2).(string)
 						logged = fmt.Sprintf(format, program, version)
 					}).Once()
 			}
 			e := &env{logger: logger}
 			commandFn := func() (string, error) { return tc.commandVersion, tc.commandErr }
 			e.PrintVersion(tc.program, commandFn)
 			if tc.commandErr != nil {
 				assert.Equal(t, logged, tc.commandErr.Error())
 			} else {
 				assert.Equal(t, logged, fmt.Sprintf("%s version: %s", tc.program, tc.commandVersion))
 			}
 		})
 	}
 }
--- a/internal/firewall/enable.go
+++ b/internal/firewall/enable.go
@@ -0,0 +1,128 @@
 package firewall
 import (
 	"context"
 	"fmt"
 	"github.com/qdm12/gluetun/internal/constants"
 )
 func (c *configurator) SetEnabled(ctx context.Context, enabled bool) (err error) {
 	c.stateMutex.Lock()
 	defer c.stateMutex.Unlock()
 	if enabled == c.enabled {
 		if enabled {
 			c.logger.Info("already enabled")
 		} else {
 			c.logger.Info("already disabled")
 		}
 		return nil
 	}
 	if !enabled {
 		c.logger.Info("disabling...")
 		if err = c.disable(ctx); err != nil {
 			return err
 		}
 		c.enabled = false
 		c.logger.Info("disabled successfully")
 		return nil
 	}
 	c.logger.Info("enabling...")
 	if err := c.enable(ctx); err != nil {
 		return err
 	}
 	c.enabled = true
 	c.logger.Info("enabled successfully")
 	return nil
 }
 func (c *configurator) disable(ctx context.Context) (err error) {
 	if err = c.clearAllRules(ctx); err != nil {
 		return fmt.Errorf("cannot disable firewall: %w", err)
 	}
 	if err = c.setAllPolicies(ctx, "ACCEPT"); err != nil {
 		return fmt.Errorf("cannot disable firewall: %w", err)
 	}
 	return nil
 }
 // To use in defered call when enabling the firewall
 func (c *configurator) fallbackToDisabled(ctx context.Context) {
 	if ctx.Err() != nil {
 		return
 	}
 	if err := c.SetEnabled(ctx, false); err != nil {
 		c.logger.Error(err)
 	}
 }
 func (c *configurator) enable(ctx context.Context) (err error) { //nolint:gocognit
 	if err = c.setAllPolicies(ctx, "DROP"); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	const remove = false
 	defer func() {
 		if err != nil {
 			c.fallbackToDisabled(ctx)
 		}
 	}()
 	// Loopback traffic
 	if err = c.acceptInputThroughInterface(ctx, "lo", remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	if err = c.acceptOutputThroughInterface(ctx, "lo", remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	if err = c.acceptEstablishedRelatedTraffic(ctx, remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	if c.vpnConnection.IP != nil {
 		if err = c.acceptOutputTrafficToVPN(ctx, c.defaultInterface, c.vpnConnection, remove); err != nil {
 			return fmt.Errorf("cannot enable firewall: %w", err)
 		}
 	}
 	if err = c.acceptOutputThroughInterface(ctx, string(constants.TUN), remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	if err := c.acceptInputFromSubnetToSubnet(ctx, "*", c.localSubnet, c.localSubnet, remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	if err := c.acceptOutputFromSubnetToSubnet(ctx, "*", c.localSubnet, c.localSubnet, remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	for _, subnet := range c.allowedSubnets {
 		if err := c.acceptInputFromSubnetToSubnet(ctx, c.defaultInterface, subnet, c.localSubnet, remove); err != nil {
 			return fmt.Errorf("cannot enable firewall: %w", err)
 		}
 		if err := c.acceptOutputFromSubnetToSubnet(ctx, c.defaultInterface, c.localSubnet, subnet, remove); err != nil {
 			return fmt.Errorf("cannot enable firewall: %w", err)
 		}
 	}
 	// Re-ensure all routes exist
 	for _, subnet := range c.allowedSubnets {
 		if err := c.routing.AddRouteVia(ctx, subnet, c.defaultGateway, c.defaultInterface); err != nil {
 			return fmt.Errorf("cannot enable firewall: %w", err)
 		}
 	}
 	for port, intf := range c.allowedInputPorts {
 		if err := c.acceptInputToPort(ctx, intf, port, remove); err != nil {
 			return fmt.Errorf("cannot enable firewall: %w", err)
 		}
 	}
 	if err := c.runUserPostRules(ctx, "/iptables/post-rules.txt", remove); err != nil {
 		return fmt.Errorf("cannot enable firewall: %w", err)
 	}
 	return nil
 }
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -1,43 +1,69 @@
 package firewall
 import (
 	"context"
 	"net"
 	"sync"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/routing"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/golibs/logging"
 	"github.com/qdm12/private-internet-access-docker/internal/models"
 )
 const logPrefix = "firewall configurator"
 // Configurator allows to change firewall rules and modify network routes
 type Configurator interface {
-	Version() (string, error)
+	Version(ctx context.Context) (string, error)
-	AcceptAll() error
+	SetEnabled(ctx context.Context, enabled bool) (err error)
-	Clear() error
+	SetVPNConnection(ctx context.Context, connection models.OpenVPNConnection) (err error)
-	BlockAll() error
+	SetAllowedSubnets(ctx context.Context, subnets []net.IPNet) (err error)
-	CreateGeneralRules() error
+	SetAllowedPort(ctx context.Context, port uint16, intf string) (err error)
-	CreateVPNRules(dev models.VPNDevice, serverIPs []net.IP, defaultInterface string,
+	RemoveAllowedPort(ctx context.Context, port uint16) (err error)
-		port uint16, protocol models.NetworkProtocol) error
+	SetDebug()
-	CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error
+	// SetNetworkInformation is meant to be called only once
-	AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error
+	SetNetworkInformation(defaultInterface string, defaultGateway net.IP, localSubnet net.IPNet)
 	GetDefaultRoute() (defaultInterface string, defaultGateway net.IP, defaultSubnet net.IPNet, err error)
 	AllowInputTrafficOnPort(device models.VPNDevice, port uint16) error
 	AllowAnyIncomingOnPort(port uint16) error
 }
-type configurator struct {
+type configurator struct { //nolint:maligned
-	commander   command.Commander
+	commander        command.Commander
-	logger      logging.Logger
+	logger           logging.Logger
-	fileManager files.FileManager
+	routing          routing.Routing
 	fileManager      files.FileManager // for custom iptables rules
 	iptablesMutex    sync.Mutex
 	debug            bool
 	defaultInterface string
 	defaultGateway   net.IP
 	localSubnet      net.IPNet
 	networkInfoMutex sync.Mutex
 	// State
 	enabled           bool
 	vpnConnection     models.OpenVPNConnection
 	allowedSubnets    []net.IPNet
 	allowedInputPorts map[uint16]string // port to interface mapping
 	stateMutex        sync.Mutex
 }
 // NewConfigurator creates a new Configurator instance
-func NewConfigurator(logger logging.Logger, fileManager files.FileManager) Configurator {
+func NewConfigurator(logger logging.Logger, routing routing.Routing, fileManager files.FileManager) Configurator {
 	return &configurator{
-		commander:   command.NewCommander(),
+		commander:         command.NewCommander(),
-		logger:      logger,
+		logger:            logger.WithPrefix("firewall: "),
-		fileManager: fileManager,
+		routing:           routing,
 		fileManager:       fileManager,
 		allowedInputPorts: make(map[uint16]string),
 	}
 }
 func (c *configurator) SetDebug() {
 	c.debug = true
 }
 func (c *configurator) SetNetworkInformation(defaultInterface string, defaultGateway net.IP, localSubnet net.IPNet) {
 	c.networkInfoMutex.Lock()
 	defer c.networkInfoMutex.Unlock()
 	c.defaultInterface = defaultInterface
 	c.defaultGateway = defaultGateway
 	c.localSubnet = localSubnet
 }
--- a/internal/firewall/iptables.go
+++ b/internal/firewall/iptables.go
@@ -1,16 +1,40 @@
 package firewall
 import (
 	"context"
 	"fmt"
 	"net"
 	"strings"
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/models"
 )
 func appendOrDelete(remove bool) string {
 	if remove {
 		return "--delete"
 	}
 	return "--append"
 }
 // flipRule changes an append rule in a delete rule or a delete rule into an
 // append rule.
 func flipRule(rule string) string {
 	switch {
 	case strings.HasPrefix(rule, "-A"):
 		return strings.Replace(rule, "-A", "-D", 1)
 	case strings.HasPrefix(rule, "--append"):
 		return strings.Replace(rule, "--append", "-D", 1)
 	case strings.HasPrefix(rule, "-D"):
 		return strings.Replace(rule, "-D", "-A", 1)
 	case strings.HasPrefix(rule, "--delete"):
 		return strings.Replace(rule, "--delete", "-A", 1)
 	}
 	return rule
 }
 // Version obtains the version of the installed iptables
-func (c *configurator) Version() (string, error) {
+func (c *configurator) Version(ctx context.Context) (string, error) {
-	output, err := c.commander.Run("iptables", "--version")
+	output, err := c.commander.Run(ctx, "iptables", "--version")
 	if err != nil {
 		return "", err
 	}
@@ -21,118 +45,140 @@ func (c *configurator) Version() (string, error) {
 	return words[1], nil
 }
-func (c *configurator) runIptablesInstructions(instructions []string) error {
+func (c *configurator) runIptablesInstructions(ctx context.Context, instructions []string) error {
 	for _, instruction := range instructions {
-		if err := c.runIptablesInstruction(instruction); err != nil {
+		if err := c.runIptablesInstruction(ctx, instruction); err != nil {
 			return err
 		}
 	}
 	return nil
 }
-func (c *configurator) runIptablesInstruction(instruction string) error {
+func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error {
 	c.iptablesMutex.Lock() // only one iptables command at once
 	defer c.iptablesMutex.Unlock()
 	if c.debug {
 		fmt.Printf("iptables %s\n", instruction)
 	}
 	flags := strings.Fields(instruction)
-	if output, err := c.commander.Run("iptables", flags...); err != nil {
+	if output, err := c.commander.Run(ctx, "iptables", flags...); err != nil {
-		return fmt.Errorf("failed executing %q: %s: %w", instruction, output, err)
+		return fmt.Errorf("failed executing \"iptables %s\": %s: %w", instruction, output, err)
 	}
 	return nil
 }
-func (c *configurator) Clear() error {
+func (c *configurator) clearAllRules(ctx context.Context) error {
-	c.logger.Info("%s: clearing all rules", logPrefix)
+	return c.runIptablesInstructions(ctx, []string{
-	return c.runIptablesInstructions([]string{
+		"--flush",        // flush all chains
-		"--flush",
+		"--delete-chain", // delete all chains
 		"--delete-chain",
 		"-t nat --flush",
 		"-t nat --delete-chain",
 	})
 }
-func (c *configurator) AcceptAll() error {
+func (c *configurator) setAllPolicies(ctx context.Context, policy string) error {
-	c.logger.Info("%s: accepting all traffic", logPrefix)
+	switch policy {
-	return c.runIptablesInstructions([]string{
+	case "ACCEPT", "DROP":
-		"-P INPUT ACCEPT",
+	default:
-		"-P OUTPUT ACCEPT",
+		return fmt.Errorf("policy %q not recognized", policy)
 		"-P FORWARD ACCEPT",
 	})
 }
 func (c *configurator) BlockAll() error {
 	c.logger.Info("%s: blocking all traffic", logPrefix)
 	return c.runIptablesInstructions([]string{
 		"-P INPUT DROP",
 		"-F OUTPUT",
 		"-P OUTPUT DROP",
 		"-P FORWARD DROP",
 	})
 }
 func (c *configurator) CreateGeneralRules() error {
 	c.logger.Info("%s: creating general rules", logPrefix)
 	return c.runIptablesInstructions([]string{
 		"-A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
 		"-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
 		"-A OUTPUT -o lo -j ACCEPT",
 		"-A INPUT -i lo -j ACCEPT",
 	})
 }
 func (c *configurator) CreateVPNRules(dev models.VPNDevice, serverIPs []net.IP,
 	defaultInterface string, port uint16, protocol models.NetworkProtocol) error {
 	for _, serverIP := range serverIPs {
 		c.logger.Info("%s: allowing output traffic to VPN server %s through %s on port %s %d",
 			logPrefix, serverIP, defaultInterface, protocol, port)
 		if err := c.runIptablesInstruction(
 			fmt.Sprintf("-A OUTPUT -d %s -o %s -p %s -m %s --dport %d -j ACCEPT",
 				serverIP, defaultInterface, protocol, protocol, port)); err != nil {
 			return err
 		}
 	}
-	if err := c.runIptablesInstruction(fmt.Sprintf("-A OUTPUT -o %s -j ACCEPT", dev)); err != nil {
+	return c.runIptablesInstructions(ctx, []string{
 		fmt.Sprintf("--policy INPUT %s", policy),
 		fmt.Sprintf("--policy OUTPUT %s", policy),
 		fmt.Sprintf("--policy FORWARD %s", policy),
 	})
 }
 func (c *configurator) acceptInputThroughInterface(ctx context.Context, intf string, remove bool) error {
 	return c.runIptablesInstruction(ctx, fmt.Sprintf(
 		"%s INPUT -i %s -j ACCEPT", appendOrDelete(remove), intf,
 	))
 }
 func (c *configurator) acceptOutputThroughInterface(ctx context.Context, intf string, remove bool) error {
 	return c.runIptablesInstruction(ctx, fmt.Sprintf(
 		"%s OUTPUT -o %s -j ACCEPT", appendOrDelete(remove), intf,
 	))
 }
 func (c *configurator) acceptEstablishedRelatedTraffic(ctx context.Context, remove bool) error {
 	return c.runIptablesInstructions(ctx, []string{
 		fmt.Sprintf("%s OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT", appendOrDelete(remove)),
 		fmt.Sprintf("%s INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT", appendOrDelete(remove)),
 	})
 }
 func (c *configurator) acceptOutputTrafficToVPN(ctx context.Context, defaultInterface string, connection models.OpenVPNConnection, remove bool) error {
 	return c.runIptablesInstruction(ctx,
 		fmt.Sprintf("%s OUTPUT -d %s -o %s -p %s -m %s --dport %d -j ACCEPT",
 			appendOrDelete(remove), connection.IP, defaultInterface, connection.Protocol, connection.Protocol, connection.Port))
 }
 func (c *configurator) acceptInputFromSubnetToSubnet(ctx context.Context, intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
 	interfaceFlag := "-i " + intf
 	if intf == "*" { // all interfaces
 		interfaceFlag = ""
 	}
 	return c.runIptablesInstruction(ctx, fmt.Sprintf(
 		"%s INPUT %s -s %s -d %s -j ACCEPT", appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
 	))
 }
 // Thanks to @npawelek
 func (c *configurator) acceptOutputFromSubnetToSubnet(ctx context.Context, intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
 	interfaceFlag := "-o " + intf
 	if intf == "*" { // all interfaces
 		interfaceFlag = ""
 	}
 	return c.runIptablesInstruction(ctx, fmt.Sprintf(
 		"%s OUTPUT %s -s %s -d %s -j ACCEPT", appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
 	))
 }
 // Used for port forwarding, with intf set to tun
 func (c *configurator) acceptInputToPort(ctx context.Context, intf string, port uint16, remove bool) error {
 	interfaceFlag := "-i " + intf
 	if intf == "*" { // all interfaces
 		interfaceFlag = ""
 	}
 	return c.runIptablesInstructions(ctx, []string{
 		fmt.Sprintf("%s INPUT %s -p tcp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
 		fmt.Sprintf("%s INPUT %s -p udp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
 	})
 }
 func (c *configurator) runUserPostRules(ctx context.Context, filepath string, remove bool) error {
 	exists, err := c.fileManager.FileExists(filepath)
 	if err != nil {
 		return err
 	} else if !exists {
 		return nil
 	}
 	b, err := c.fileManager.ReadFile(filepath)
 	if err != nil {
 		return err
 	}
-	return nil
+	lines := strings.Split(string(b), "\n")
-}
+	successfulRules := []string{}
-
+	defer func() {
-func (c *configurator) CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error {
+		// transaction-like rollback
-	subnetStr := subnet.String()
+		if err == nil || ctx.Err() != nil {
-	c.logger.Info("%s: accepting input and output traffic for %s", logPrefix, subnetStr)
+			return
 	if err := c.runIptablesInstructions([]string{
 		fmt.Sprintf("-A INPUT -s %s -d %s -j ACCEPT", subnetStr, subnetStr),
 		fmt.Sprintf("-A OUTPUT -s %s -d %s -j ACCEPT", subnetStr, subnetStr),
 	}); err != nil {
 		return err
 	}
 	for _, extraSubnet := range extraSubnets {
 		extraSubnetStr := extraSubnet.String()
 		c.logger.Info("%s: accepting input traffic through %s from %s to %s", logPrefix, defaultInterface, extraSubnetStr, subnetStr)
 		if err := c.runIptablesInstruction(
 			fmt.Sprintf("-A INPUT -i %s -s %s -d %s -j ACCEPT", defaultInterface, extraSubnetStr, subnetStr)); err != nil {
 			return err
 		}
-		// Thanks to @npawelek
+		for _, rule := range successfulRules {
-		c.logger.Info("%s: accepting output traffic through %s from %s to %s", logPrefix, defaultInterface, subnetStr, extraSubnetStr)
+			_ = c.runIptablesInstruction(ctx, flipRule(rule))
 		if err := c.runIptablesInstruction(
 			fmt.Sprintf("-A OUTPUT -o %s -s %s -d %s -j ACCEPT", defaultInterface, subnetStr, extraSubnetStr)); err != nil {
 			return err
 		}
 	}()
 	for _, line := range lines {
 		if !strings.HasPrefix(line, "iptables ") {
 			continue
 		}
 		rule := strings.TrimPrefix(line, "iptables ")
 		if remove {
 			rule = flipRule(rule)
 		}
 		if err = c.runIptablesInstruction(ctx, rule); err != nil {
 			return fmt.Errorf("cannot run custom rule: %w", err)
 		}
 		successfulRules = append(successfulRules, rule)
 	}
 	return nil
 }
 // Used for port forwarding
 func (c *configurator) AllowInputTrafficOnPort(device models.VPNDevice, port uint16) error {
 	c.logger.Info("%s: accepting input traffic through %s on port %d", logPrefix, device, port)
 	return c.runIptablesInstructions([]string{
 		fmt.Sprintf("-A INPUT -i %s -p tcp --dport %d -j ACCEPT", device, port),
 		fmt.Sprintf("-A INPUT -i %s -p udp --dport %d -j ACCEPT", device, port),
 	})
 }
 func (c *configurator) AllowAnyIncomingOnPort(port uint16) error {
 	c.logger.Info("%s: accepting any input traffic on port %d", logPrefix, port)
 	return c.runIptablesInstructions([]string{
 		fmt.Sprintf("-A INPUT -p tcp --dport %d -j ACCEPT", port),
 		fmt.Sprintf("-A INPUT -p udp --dport %d -j ACCEPT", port),
 	})
 }
--- a/internal/firewall/ports.go
+++ b/internal/firewall/ports.go
@@ -0,0 +1,71 @@
 package firewall
 import (
 	"context"
 	"fmt"
 )
 func (c *configurator) SetAllowedPort(ctx context.Context, port uint16, intf string) (err error) {
 	c.stateMutex.Lock()
 	defer c.stateMutex.Unlock()
 	if port == 0 {
 		return nil
 	}
 	if !c.enabled {
 		c.logger.Info("firewall disabled, only updating allowed ports internal state")
 		c.allowedInputPorts[port] = intf
 		return nil
 	}
 	c.logger.Info("setting allowed input port %d through interface %s...", port, intf)
 	if existingIntf, ok := c.allowedInputPorts[port]; ok {
 		if intf == existingIntf {
 			return nil
 		}
 		const remove = true
 		if err := c.acceptInputToPort(ctx, existingIntf, port, remove); err != nil {
 			return fmt.Errorf("cannot remove old allowed port %d through interface %s: %w", port, existingIntf, err)
 		}
 	}
 	const remove = false
 	if err := c.acceptInputToPort(ctx, intf, port, remove); err != nil {
 		return fmt.Errorf("cannot set allowed port %d through interface %s: %w", port, intf, err)
 	}
 	c.allowedInputPorts[port] = intf
 	return nil
 }
 func (c *configurator) RemoveAllowedPort(ctx context.Context, port uint16) (err error) {
 	c.stateMutex.Lock()
 	defer c.stateMutex.Unlock()
 	if port == 0 {
 		return nil
 	}
 	if !c.enabled {
 		c.logger.Info("firewall disabled, only updating allowed ports internal list")
 		delete(c.allowedInputPorts, port)
 		return nil
 	}
 	c.logger.Info("removing allowed port %d through firewall...", port)
 	intf, ok := c.allowedInputPorts[port]
 	if !ok {
 		return nil
 	}
 	const remove = true
 	if err := c.acceptInputToPort(ctx, intf, port, remove); err != nil {
 		return fmt.Errorf("cannot remove allowed port %d through interface %s: %w", port, intf, err)
 	}
 	delete(c.allowedInputPorts, port)
 	return nil
 }
--- a/internal/firewall/route.go
+++ b/internal/firewall/route.go
@@ -1,88 +0,0 @@
 package firewall
 import (
 	"encoding/hex"
 	"net"
 	"fmt"
 	"strings"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 )
 func (c *configurator) AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error {
 	for _, subnet := range subnets {
 		subnetStr := subnet.String()
 		output, err := c.commander.Run("ip", "route", "show", subnetStr)
 		if err != nil {
 			return fmt.Errorf("cannot read route %s: %s: %w", subnetStr, output, err)
 		} else if len(output) > 0 { // thanks to @npawelek https://github.com/npawelek
 			continue // already exists
 			// TODO remove it instead and continue execution below
 		}
 		c.logger.Info("%s: adding %s as route via %s", logPrefix, subnetStr, defaultInterface)
 		output, err = c.commander.Run("ip", "route", "add", subnetStr, "via", defaultGateway.String(), "dev", defaultInterface)
 		if err != nil {
 			return fmt.Errorf("cannot add route for %s via %s %s %s: %s: %w", subnetStr, defaultGateway.String(), "dev", defaultInterface, output, err)
 		}
 	}
 	return nil
 }
 func (c *configurator) GetDefaultRoute() (defaultInterface string, defaultGateway net.IP, defaultSubnet net.IPNet, err error) {
 	c.logger.Info("%s: detecting default network route", logPrefix)
 	data, err := c.fileManager.ReadFile(string(constants.NetRoute))
 	if err != nil {
 		return "", nil, defaultSubnet, err
 	}
 	// Verify number of lines and fields
 	lines := strings.Split(string(data), "\n")
 	if len(lines) < 3 {
 		return "", nil, defaultSubnet, fmt.Errorf("not enough lines (%d) found in %s", len(lines), constants.NetRoute)
 	}
 	fieldsLine1 := strings.Fields(lines[1])
 	if len(fieldsLine1) < 3 {
 		return "", nil, defaultSubnet, fmt.Errorf("not enough fields in %q", lines[1])
 	}
 	fieldsLine2 := strings.Fields(lines[2])
 	if len(fieldsLine2) < 8 {
 		return "", nil, defaultSubnet, fmt.Errorf("not enough fields in %q", lines[2])
 	}
 	// get information
 	defaultInterface = fieldsLine1[0]
 	defaultGateway, err = reversedHexToIPv4(fieldsLine1[2])
 	if err != nil {
 		return "", nil, defaultSubnet, err
 	}
 	netNumber, err := reversedHexToIPv4(fieldsLine2[1])
 	if err != nil {
 		return "", nil, defaultSubnet, err
 	}
 	netMask, err := hexToIPv4Mask(fieldsLine2[7])
 	if err != nil {
 		return "", nil, defaultSubnet, err
 	}
 	subnet := net.IPNet{IP: netNumber, Mask: netMask}
 	c.logger.Info("%s: default route found: interface %s, gateway %s, subnet %s", logPrefix, defaultInterface, defaultGateway.String(), subnet.String())
 	return defaultInterface, defaultGateway, subnet, nil
 }
 func reversedHexToIPv4(reversedHex string) (IP net.IP, err error) {
 	bytes, err := hex.DecodeString(reversedHex)
 	if err != nil {
 		return nil, fmt.Errorf("cannot parse reversed IP hex %q: %s", reversedHex, err)
 	} else if len(bytes) != 4 {
 		return nil, fmt.Errorf("hex string contains %d bytes instead of 4", len(bytes))
 	}
 	return []byte{bytes[3], bytes[2], bytes[1], bytes[0]}, nil
 }
 func hexToIPv4Mask(hexString string) (mask net.IPMask, err error) {
 	bytes, err := hex.DecodeString(hexString)
 	if err != nil {
 		return nil, fmt.Errorf("cannot parse hex mask %q: %s", hexString, err)
 	} else if len(bytes) != 4 {
 		return nil, fmt.Errorf("hex string contains %d bytes instead of 4", len(bytes))
 	}
 	return []byte{bytes[3], bytes[2], bytes[1], bytes[0]}, nil
 }
--- a/internal/firewall/route_test.go
+++ b/internal/firewall/route_test.go
@@ -1,171 +0,0 @@
 package firewall
 import (
 	"fmt"
 	"net"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	filesmocks "github.com/qdm12/golibs/files/mocks"
 	loggingmocks "github.com/qdm12/golibs/logging/mocks"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 )
 func Test_getDefaultRoute(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		data             []byte
 		readErr          error
 		defaultInterface string
 		defaultGateway   net.IP
 		defaultSubnet    net.IPNet
 		err              error
 	}{
 		"no data": {
 			err: fmt.Errorf("not enough lines (1) found in %s", constants.NetRoute)},
 		"read error": {
 			readErr: fmt.Errorf("error"),
 			err:     fmt.Errorf("error")},
 		"not enough fields line 1": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
 eth0    00000000
 eth0    000011AC        00000000        0001    0       0       0       0000FFFF        0       0       0`),
 			err: fmt.Errorf("not enough fields in \"eth0    00000000\"")},
 		"not enough fields line 2": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
 eth0    00000000        010011AC        0003    0       0       0       00000000        0       0       0
 eth0    000011AC        00000000        0001    0       0       0`),
 			err: fmt.Errorf("not enough fields in \"eth0    000011AC        00000000        0001    0       0       0\"")},
 		"bad gateway": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
 eth0    00000000        x               0003    0       0       0       00000000        0       0       0
 eth0    000011AC        00000000        0001    0       0       0       0000FFFF        0       0       0`),
 			err: fmt.Errorf("cannot parse reversed IP hex \"x\": encoding/hex: invalid byte: U+0078 'x'")},
 		"bad net number": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
 eth0    00000000        010011AC        0003    0       0       0       00000000        0       0       0
 eth0    x               00000000        0001    0       0       0       0000FFFF        0       0       0`),
 			err: fmt.Errorf("cannot parse reversed IP hex \"x\": encoding/hex: invalid byte: U+0078 'x'")},
 		"bad net mask": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
 eth0    00000000        010011AC        0003    0       0       0       00000000        0       0       0
 eth0    000011AC        00000000        0001    0       0       0       x               0       0       0`),
 			err: fmt.Errorf("cannot parse hex mask \"x\": encoding/hex: invalid byte: U+0078 'x'")},
 		"success": {
 			data: []byte(`Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT        
 eth0    00000000        010011AC        0003    0       0       0       00000000        0       0       0             
 eth0    000011AC        00000000        0001    0       0       0       0000FFFF        0       0       0`),
 			defaultInterface: "eth0",
 			defaultGateway:   net.IP{0xac, 0x11, 0x0, 0x1},
 			defaultSubnet: net.IPNet{
 				IP:   net.IP{0xac, 0x11, 0x0, 0x0},
 				Mask: net.IPMask{0xff, 0xff, 0x0, 0x0},
 			}},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			fileManager := &filesmocks.FileManager{}
 			fileManager.On("ReadFile", string(constants.NetRoute)).
 				Return(tc.data, tc.readErr).Once()
 			logger := &loggingmocks.Logger{}
 			logger.On("Info", "%s: detecting default network route", logPrefix).Once()
 			if tc.err == nil {
 				logger.On("Info", "%s: default route found: interface %s, gateway %s, subnet %s",
 					logPrefix, tc.defaultInterface, tc.defaultGateway.String(), tc.defaultSubnet.String()).Once()
 			}
 			c := &configurator{logger: logger, fileManager: fileManager}
 			defaultInterface, defaultGateway, defaultSubnet, err := c.GetDefaultRoute()
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())
 			} else {
 				assert.NoError(t, err)
 			}
 			assert.Equal(t, tc.defaultInterface, defaultInterface)
 			assert.Equal(t, tc.defaultGateway, defaultGateway)
 			assert.Equal(t, tc.defaultSubnet, defaultSubnet)
 			fileManager.AssertExpectations(t)
 			logger.AssertExpectations(t)
 		})
 	}
 }
 func Test_reversedHexToIPv4(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		reversedHex string
 		IP          net.IP
 		err         error
 	}{
 		"empty hex": {
 			err: fmt.Errorf("hex string contains 0 bytes instead of 4")},
 		"bad hex": {
 			reversedHex: "x",
 			err:         fmt.Errorf("cannot parse reversed IP hex \"x\": encoding/hex: invalid byte: U+0078 'x'")},
 		"3 bytes hex": {
 			reversedHex: "9abcde",
 			err:         fmt.Errorf("hex string contains 3 bytes instead of 4")},
 		"correct hex": {
 			reversedHex: "010011AC",
 			IP:          []byte{0xac, 0x11, 0x0, 0x1},
 			err:         nil},
 		"correct hex 2": {
 			reversedHex: "000011AC",
 			IP:          []byte{0xac, 0x11, 0x0, 0x0},
 			err:         nil},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			IP, err := reversedHexToIPv4(tc.reversedHex)
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())
 			} else {
 				assert.NoError(t, err)
 			}
 			assert.Equal(t, tc.IP, IP)
 		})
 	}
 }
 func Test_hexMaskToDecMask(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		hexString string
 		mask      net.IPMask
 		err       error
 	}{
 		"empty hex": {
 			err: fmt.Errorf("hex string contains 0 bytes instead of 4")},
 		"bad hex": {
 			hexString: "x",
 			err:       fmt.Errorf("cannot parse hex mask \"x\": encoding/hex: invalid byte: U+0078 'x'")},
 		"3 bytes hex": {
 			hexString: "9abcde",
 			err:       fmt.Errorf("hex string contains 3 bytes instead of 4")},
 		"16": {
 			hexString: "0000FFFF",
 			mask:      []byte{0xff, 0xff, 0x0, 0x0},
 			err:       nil},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			mask, err := hexToIPv4Mask(tc.hexString)
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())
 			} else {
 				assert.NoError(t, err)
 			}
 			assert.Equal(t, tc.mask, mask)
 		})
 	}
 }
--- a/internal/firewall/subnets.go
+++ b/internal/firewall/subnets.go
@@ -0,0 +1,144 @@
 package firewall
 import (
 	"context"
 	"fmt"
 	"net"
 )
 func (c *configurator) SetAllowedSubnets(ctx context.Context, subnets []net.IPNet) (err error) {
 	c.stateMutex.Lock()
 	defer c.stateMutex.Unlock()
 	if !c.enabled {
 		c.logger.Info("firewall disabled, only updating allowed subnets internal list and updating routes")
 		c.updateSubnetRoutes(ctx, c.allowedSubnets, subnets)
 		c.allowedSubnets = make([]net.IPNet, len(subnets))
 		copy(c.allowedSubnets, subnets)
 		return nil
 	}
 	c.logger.Info("setting allowed subnets through firewall...")
 	subnetsToAdd := findSubnetsToAdd(c.allowedSubnets, subnets)
 	subnetsToRemove := findSubnetsToRemove(c.allowedSubnets, subnets)
 	if len(subnetsToAdd) == 0 && len(subnetsToRemove) == 0 {
 		return nil
 	}
 	c.removeSubnets(ctx, subnetsToRemove, c.defaultInterface, c.localSubnet)
 	if err := c.addSubnets(ctx, subnetsToAdd, c.defaultInterface, c.defaultGateway, c.localSubnet); err != nil {
 		return fmt.Errorf("cannot set allowed subnets through firewall: %w", err)
 	}
 	return nil
 }
 func findSubnetsToAdd(oldSubnets, newSubnets []net.IPNet) (subnetsToAdd []net.IPNet) {
 	for _, newSubnet := range newSubnets {
 		found := false
 		for _, oldSubnet := range oldSubnets {
 			if subnetsAreEqual(oldSubnet, newSubnet) {
 				found = true
 				break
 			}
 		}
 		if !found {
 			subnetsToAdd = append(subnetsToAdd, newSubnet)
 		}
 	}
 	return subnetsToAdd
 }
 func findSubnetsToRemove(oldSubnets, newSubnets []net.IPNet) (subnetsToRemove []net.IPNet) {
 	for _, oldSubnet := range oldSubnets {
 		found := false
 		for _, newSubnet := range newSubnets {
 			if subnetsAreEqual(oldSubnet, newSubnet) {
 				found = true
 				break
 			}
 		}
 		if !found {
 			subnetsToRemove = append(subnetsToRemove, oldSubnet)
 		}
 	}
 	return subnetsToRemove
 }
 func subnetsAreEqual(a, b net.IPNet) bool {
 	return a.IP.Equal(b.IP) && a.Mask.String() == b.Mask.String()
 }
 func removeSubnetFromSubnets(subnets []net.IPNet, subnet net.IPNet) []net.IPNet {
 	L := len(subnets)
 	for i := range subnets {
 		if subnetsAreEqual(subnet, subnets[i]) {
 			subnets[i] = subnets[L-1]
 			subnets = subnets[:L-1]
 			break
 		}
 	}
 	return subnets
 }
 func (c *configurator) removeSubnets(ctx context.Context, subnets []net.IPNet, defaultInterface string,
 	localSubnet net.IPNet) {
 	const remove = true
 	for _, subnet := range subnets {
 		failed := false
 		if err := c.acceptInputFromSubnetToSubnet(ctx, defaultInterface, subnet, localSubnet, remove); err != nil {
 			failed = true
 			c.logger.Error("cannot remove outdated allowed subnet through firewall: %s", err)
 		}
 		if err := c.acceptOutputFromSubnetToSubnet(ctx, defaultInterface, subnet, localSubnet, remove); err != nil {
 			failed = true
 			c.logger.Error("cannot remove outdated allowed subnet through firewall: %s", err)
 		}
 		if err := c.routing.DeleteRouteVia(ctx, subnet); err != nil {
 			failed = true
 			c.logger.Error("cannot remove outdated allowed subnet route: %s", err)
 		}
 		if failed {
 			continue
 		}
 		c.allowedSubnets = removeSubnetFromSubnets(c.allowedSubnets, subnet)
 	}
 }
 func (c *configurator) addSubnets(ctx context.Context, subnets []net.IPNet, defaultInterface string,
 	defaultGateway net.IP, localSubnet net.IPNet) error {
 	const remove = false
 	for _, subnet := range subnets {
 		if err := c.acceptInputFromSubnetToSubnet(ctx, defaultInterface, subnet, localSubnet, remove); err != nil {
 			return fmt.Errorf("cannot add allowed subnet through firewall: %w", err)
 		}
 		if err := c.acceptOutputFromSubnetToSubnet(ctx, defaultInterface, localSubnet, subnet, remove); err != nil {
 			return fmt.Errorf("cannot add allowed subnet through firewall: %w", err)
 		}
 		if err := c.routing.AddRouteVia(ctx, subnet, defaultGateway, defaultInterface); err != nil {
 			return fmt.Errorf("cannot add route for allowed subnet: %w", err)
 		}
 		c.allowedSubnets = append(c.allowedSubnets, subnet)
 	}
 	return nil
 }
 // updateSubnetRoutes does not return an error in order to try to run as many route commands as possible
 func (c *configurator) updateSubnetRoutes(ctx context.Context, oldSubnets, newSubnets []net.IPNet) {
 	subnetsToAdd := findSubnetsToAdd(oldSubnets, newSubnets)
 	subnetsToRemove := findSubnetsToRemove(oldSubnets, newSubnets)
 	if len(subnetsToAdd) == 0 && len(subnetsToRemove) == 0 {
 		return
 	}
 	for _, subnet := range subnetsToRemove {
 		if err := c.routing.DeleteRouteVia(ctx, subnet); err != nil {
 			c.logger.Error("cannot remove outdated route for subnet: %s", err)
 		}
 	}
 	for _, subnet := range subnetsToAdd {
 		if err := c.routing.AddRouteVia(ctx, subnet, c.defaultGateway, c.defaultInterface); err != nil {
 			c.logger.Error("cannot add route for subnet: %s", err)
 		}
 	}
 }
--- a/internal/firewall/vpn.go
+++ b/internal/firewall/vpn.go
@@ -0,0 +1,39 @@
 package firewall
 import (
 	"context"
 	"fmt"
 	"github.com/qdm12/gluetun/internal/models"
 )
 func (c *configurator) SetVPNConnection(ctx context.Context, connection models.OpenVPNConnection) (err error) {
 	c.stateMutex.Lock()
 	defer c.stateMutex.Unlock()
 	if !c.enabled {
 		c.logger.Info("firewall disabled, only updating internal VPN connection")
 		c.vpnConnection = connection
 		return nil
 	}
 	c.logger.Info("setting VPN connection through firewall...")
 	if c.vpnConnection.Equal(connection) {
 		return nil
 	}
 	remove := true
 	if c.vpnConnection.IP != nil {
 		if err := c.acceptOutputTrafficToVPN(ctx, c.defaultInterface, c.vpnConnection, remove); err != nil {
 			c.logger.Error("cannot remove outdated VPN connection through firewall: %s", err)
 		}
 	}
 	c.vpnConnection = models.OpenVPNConnection{}
 	remove = false
 	if err := c.acceptOutputTrafficToVPN(ctx, c.defaultInterface, connection, remove); err != nil {
 		return fmt.Errorf("cannot set VPN connection through firewall: %w", err)
 	}
 	c.vpnConnection = connection
 	return nil
 }
--- a/internal/healthcheck/healthcheck.go
+++ b/internal/healthcheck/healthcheck.go
@@ -1,24 +0,0 @@
 package healthcheck
 import (
 	"fmt"
 	"strings"
 	"time"
 	"github.com/qdm12/golibs/network"
 )
 func HealthCheck() error {
 	// DNS, HTTP and HTTPs check on github.com
 	connectivty := network.NewConnectivity(3 * time.Second)
 	errs := connectivty.Checks("github.com")
 	if len(errs) > 0 {
 		var errsStr []string
 		for _, err := range errs {
 			errsStr = append(errsStr, err.Error())
 		}
 		return fmt.Errorf("Multiple errors: %s", strings.Join(errsStr, "; "))
 	}
 	// TODO check IP address is in the right region
 	return nil
 }
--- a/internal/logging/duration.go
+++ b/internal/logging/duration.go
@@ -0,0 +1,29 @@
 package logging
 import (
 	"fmt"
 	"time"
 )
 func FormatDuration(duration time.Duration) string {
 	switch {
 	case duration < time.Minute:
 		seconds := int(duration.Round(time.Second).Seconds())
 		if seconds < 2 {
 			return fmt.Sprintf("%d second", seconds)
 		}
 		return fmt.Sprintf("%d seconds", seconds)
 	case duration <= time.Hour:
 		minutes := int(duration.Round(time.Minute).Minutes())
 		if minutes == 1 {
 			return "1 minute"
 		}
 		return fmt.Sprintf("%d minutes", minutes)
 	case duration < 48*time.Hour:
 		hours := int(duration.Truncate(time.Hour).Hours())
 		return fmt.Sprintf("%d hours", hours)
 	default:
 		days := int(duration.Truncate(time.Hour).Hours() / 24)
 		return fmt.Sprintf("%d days", days)
 	}
 }
--- a/internal/logging/duration_test.go
+++ b/internal/logging/duration_test.go
@@ -0,0 +1,64 @@
 package logging
 import (
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 )
 func Test_FormatDuration(t *testing.T) {
 	t.Parallel()
 	testCases := map[string]struct {
 		duration time.Duration
 		s        string
 	}{
 		"zero": {
 			s: "0 second",
 		},
 		"one second": {
 			duration: time.Second,
 			s:        "1 second",
 		},
 		"59 seconds": {
 			duration: 59 * time.Second,
 			s:        "59 seconds",
 		},
 		"1 minute": {
 			duration: time.Minute,
 			s:        "1 minute",
 		},
 		"2 minutes": {
 			duration: 2 * time.Minute,
 			s:        "2 minutes",
 		},
 		"1 hour": {
 			duration: time.Hour,
 			s:        "60 minutes",
 		},
 		"2 hours": {
 			duration: 2 * time.Hour,
 			s:        "2 hours",
 		},
 		"26 hours": {
 			duration: 26 * time.Hour,
 			s:        "26 hours",
 		},
 		"28 hours": {
 			duration: 28 * time.Hour,
 			s:        "28 hours",
 		},
 		"55 hours": {
 			duration: 55 * time.Hour,
 			s:        "2 days",
 		},
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			s := FormatDuration(testCase.duration)
 			assert.Equal(t, testCase.s, s)
 		})
 	}
 }
--- a/internal/logging/line.go
+++ b/internal/logging/line.go
@@ -0,0 +1,121 @@
 package logging
 import (
 	"fmt"
 	"regexp"
 	"strings"
 	"github.com/fatih/color"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/golibs/logging"
 )
 var regularExpressions = struct { //nolint:gochecknoglobals
 	unboundPrefix          *regexp.Regexp
 	shadowsocksPrefix      *regexp.Regexp
 	shadowsocksErrorPrefix *regexp.Regexp
 	tinyproxyLoglevel      *regexp.Regexp
 	tinyproxyPrefix        *regexp.Regexp
 }{
 	unboundPrefix:          regexp.MustCompile(`unbound: \[[0-9]{10}\] unbound\[[0-9]+:0\] `),
 	shadowsocksPrefix:      regexp.MustCompile(`shadowsocks:[ ]+2[0-9]{3}\-[0-1][0-9]\-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9] `),
 	shadowsocksErrorPrefix: regexp.MustCompile(`shadowsocks error:[ ]+2[0-9]{3}\-[0-1][0-9]\-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9] `),
 	tinyproxyLoglevel:      regexp.MustCompile(`INFO|CONNECT|NOTICE|WARNING|ERROR|CRITICAL`),
 	tinyproxyPrefix:        regexp.MustCompile(`tinyproxy: .+[ ]+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) [0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9] \[[0-9]+\]: `),
 }
 func PostProcessLine(s string) (filtered string, level logging.Level) {
 	switch {
 	case strings.HasPrefix(s, "openvpn: "):
 		for _, ignored := range []string{
 			"openvpn: WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail",
 			"openvpn: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay",
 		} {
 			if s == ignored {
 				return "", ""
 			}
 		}
 		switch {
 		case strings.HasPrefix(s, "openvpn: NOTE: "):
 			filtered = strings.TrimPrefix(s, "openvpn: NOTE: ")
 			filtered = "openvpn: " + filtered
 			level = logging.InfoLevel
 		case strings.HasPrefix(s, "openvpn: WARNING: "):
 			filtered = strings.TrimPrefix(s, "openvpn: WARNING: ")
 			filtered = "openvpn: " + filtered
 			level = logging.WarnLevel
 		case strings.HasPrefix(s, "openvpn: Options error: "):
 			filtered = strings.TrimPrefix(s, "openvpn: Options error: ")
 			filtered = "openvpn: " + filtered
 			level = logging.ErrorLevel
 		case s == "openvpn: Initialization Sequence Completed":
 			return color.HiGreenString(s), logging.InfoLevel
 		default:
 			filtered = s
 			level = logging.InfoLevel
 		}
 		filtered = constants.ColorOpenvpn().Sprintf(filtered)
 		return filtered, level
 	case strings.HasPrefix(s, "unbound: "):
 		prefix := regularExpressions.unboundPrefix.FindString(s)
 		filtered = s[len(prefix):]
 		switch {
 		case strings.HasPrefix(filtered, "notice: "):
 			filtered = strings.TrimPrefix(filtered, "notice: ")
 			level = logging.InfoLevel
 		case strings.HasPrefix(filtered, "info: "):
 			filtered = strings.TrimPrefix(filtered, "info: ")
 			level = logging.InfoLevel
 		case strings.HasPrefix(filtered, "warn: "):
 			filtered = strings.TrimPrefix(filtered, "warn: ")
 			level = logging.WarnLevel
 		case strings.HasPrefix(filtered, "error: "):
 			filtered = strings.TrimPrefix(filtered, "error: ")
 			level = logging.ErrorLevel
 		default:
 			level = logging.ErrorLevel
 		}
 		filtered = fmt.Sprintf("unbound: %s", filtered)
 		filtered = constants.ColorUnbound().Sprintf(filtered)
 		return filtered, level
 	case strings.HasPrefix(s, "shadowsocks: "):
 		prefix := regularExpressions.shadowsocksPrefix.FindString(s)
 		filtered = s[len(prefix):]
 		switch {
 		case strings.HasPrefix(filtered, "INFO: "):
 			level = logging.InfoLevel
 			filtered = strings.TrimPrefix(filtered, "INFO: ")
 		default:
 			level = logging.WarnLevel
 		}
 		filtered = fmt.Sprintf("shadowsocks: %s", filtered)
 		filtered = constants.ColorShadowsocks().Sprintf(filtered)
 		return filtered, level
 	case strings.HasPrefix(s, "shadowsocks error: "):
 		if strings.Contains(s, "ERROR: unable to resolve") { // caused by DNS blocking
 			return "", logging.ErrorLevel
 		}
 		prefix := regularExpressions.shadowsocksErrorPrefix.FindString(s)
 		filtered = s[len(prefix):]
 		filtered = strings.TrimPrefix(filtered, "ERROR: ")
 		filtered = fmt.Sprintf("shadowsocks: %s", filtered)
 		filtered = constants.ColorShadowsocksError().Sprintf(filtered)
 		return filtered, logging.ErrorLevel
 	case strings.HasPrefix(s, "tinyproxy: "):
 		logLevel := regularExpressions.tinyproxyLoglevel.FindString(s)
 		prefix := regularExpressions.tinyproxyPrefix.FindString(s)
 		filtered = fmt.Sprintf("tinyproxy: %s", s[len(prefix):])
 		filtered = constants.ColorTinyproxy().Sprintf(filtered)
 		switch logLevel {
 		case "INFO", "CONNECT", "NOTICE":
 			return filtered, logging.InfoLevel
 		case "WARNING":
 			return filtered, logging.WarnLevel
 		case "ERROR", "CRITICAL":
 			return filtered, logging.ErrorLevel
 		default:
 			return filtered, logging.ErrorLevel
 		}
 	}
 	return s, logging.InfoLevel
 }
--- a/internal/logging/line_test.go
+++ b/internal/logging/line_test.go
@@ -0,0 +1,117 @@
 package logging
 import (
 	"testing"
 	"github.com/qdm12/golibs/logging"
 	"github.com/stretchr/testify/assert"
 )
 func Test_PostProcessLine(t *testing.T) {
 	t.Parallel()
 	tests := map[string]struct {
 		s        string
 		filtered string
 		level    logging.Level
 	}{
 		"empty string":  {"", "", logging.InfoLevel},
 		"random string": {"asdasqdb", "asdasqdb", logging.InfoLevel},
 		"unbound notice": {
 			"unbound: [1594595249] unbound[75:0] notice: init module 0: validator",
 			"unbound: init module 0: validator",
 			logging.InfoLevel},
 		"unbound info": {
 			"unbound: [1594595249] unbound[75:0] info: init module 0: validator",
 			"unbound: init module 0: validator",
 			logging.InfoLevel},
 		"unbound warn": {
 			"unbound: [1594595249] unbound[75:0] warn: init module 0: validator",
 			"unbound: init module 0: validator",
 			logging.WarnLevel},
 		"unbound error": {
 			"unbound: [1594595249] unbound[75:0] error: init module 0: validator",
 			"unbound: init module 0: validator",
 			logging.ErrorLevel},
 		"unbound unknown": {
 			"unbound: [1594595249] unbound[75:0] BLA: init module 0: validator",
 			"unbound: BLA: init module 0: validator",
 			logging.ErrorLevel},
 		"shadowsocks stdout info": {
 			"shadowsocks:  2020-07-12 23:07:25 INFO: UDP relay enabled",
 			"shadowsocks: UDP relay enabled",
 			logging.InfoLevel},
 		"shadowsocks stdout other": {
 			"shadowsocks:  2020-07-12 23:07:25 BLABLA: UDP relay enabled",
 			"shadowsocks: BLABLA: UDP relay enabled",
 			logging.WarnLevel},
 		"shadowsocks stderr": {
 			"shadowsocks error:  2020-07-12 23:07:25 Some error",
 			"shadowsocks: Some error",
 			logging.ErrorLevel},
 		"shadowsocks stderr unable to resolve muted": {
 			"shadowsocks error:  2020-07-12 23:07:25 ERROR: unable to resolve",
 			"",
 			logging.ErrorLevel},
 		"tinyproxy info": {
 			"tinyproxy: INFO      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.InfoLevel},
 		"tinyproxy connect": {
 			"tinyproxy: CONNECT      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.InfoLevel},
 		"tinyproxy notice": {
 			"tinyproxy: NOTICE      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.InfoLevel},
 		"tinyproxy warning": {
 			"tinyproxy: WARNING      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.WarnLevel},
 		"tinyproxy error": {
 			"tinyproxy: ERROR      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.ErrorLevel},
 		"tinyproxy critical": {
 			"tinyproxy: CRITICAL      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.ErrorLevel},
 		"tinyproxy unknown": {
 			"tinyproxy: BLABLA      Jul 12 23:07:25 [32]: Reloading config file",
 			"tinyproxy: Reloading config file",
 			logging.ErrorLevel},
 		"openvpn unknown": {
 			"openvpn: message",
 			"openvpn: message",
 			logging.InfoLevel},
 		"openvpn note": {
 			"openvpn: NOTE: message",
 			"openvpn: message",
 			logging.InfoLevel},
 		"openvpn warning": {
 			"openvpn: WARNING: message",
 			"openvpn: message",
 			logging.WarnLevel},
 		"openvpn options error": {
 			"openvpn: Options error: message",
 			"openvpn: message",
 			logging.ErrorLevel},
 		"openvpn ignored message": {
 			"openvpn: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay",
 			"",
 			""},
 		"openvpn success": {
 			"openvpn: Initialization Sequence Completed",
 			"openvpn: Initialization Sequence Completed",
 			logging.InfoLevel},
 	}
 	for name, tc := range tests {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			filtered, level := PostProcessLine(tc.s)
 			assert.Equal(t, tc.filtered, filtered)
 			assert.Equal(t, tc.level, level)
 		})
 	}
 }
--- a/internal/logging/splash.go
+++ b/internal/logging/splash.go
@@ -1,4 +1,4 @@
-package splash
+package logging
 import (
 	"fmt"
@@ -6,20 +6,16 @@ import (
 	"time"
 	"github.com/kyokomi/emoji"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/private-internet-access-docker/internal/params"
 )
 // Splash returns the welcome spash message
-func Splash(paramsReader params.ParamsReader) string {
+func Splash(version, commit, buildDate string) string {
 	version := paramsReader.GetVersion()
 	vcsRef := paramsReader.GetVcsRef()
 	buildDate := paramsReader.GetBuildDate()
 	lines := title()
 	lines = append(lines, "")
-	lines = append(lines, fmt.Sprintf("Running version %s built on %s (commit %s)", version, buildDate, vcsRef))
+	lines = append(lines, fmt.Sprintf("Running version %s built on %s (commit %s)", version, buildDate, commit))
 	lines = append(lines, "")
-	lines = append(lines, annoucement()...)
+	lines = append(lines, announcement()...)
 	lines = append(lines, "")
 	lines = append(lines, links()...)
 	return strings.Join(lines, "\n")
@@ -28,22 +24,29 @@ func Splash(paramsReader params.ParamsReader) string {
 func title() []string {
 	return []string{
 		"=========================================",
-		"============= PIA container =============",
+		"================ Gluetun ================",
-		"========== An exquisite mix of ==========",
+		"=========================================",
-		"==== OpenVPN, Unbound, DNS over TLS, ====",
+		"==== A mix of OpenVPN, DNS over TLS, ====",
-		"===== Shadowsocks, Tinyproxy and Go =====",
+		"======= Shadowsocks and Tinyproxy =======",
 		"========= all glued up with Go ==========",
 		"=========================================",
 		"=========== For tunneling to ============",
 		"======== your favorite VPN server =======",
 		"=========================================",
 		"=== Made with " + emoji.Sprint(":heart:") + " by github.com/qdm12 ====",
 		"=========================================",
 	}
 }
-func annoucement() []string {
+func announcement() []string {
-	timestamp := time.Now().UnixNano() / 1000000000
+	if len(constants.Announcement) == 0 {
-	if timestamp < constants.AnnoucementExpiration {
+		return nil
 		return []string{emoji.Sprint(":mega: ") + constants.Annoucement}
 	}
-	return nil
+	expirationDate, _ := time.Parse("2006-01-02", constants.AnnouncementExpiration) // error covered by a unit test
 	if time.Now().After(expirationDate) {
 		return nil
 	}
 	return []string{emoji.Sprint(":mega: ") + constants.Announcement}
 }
 func links() []string {
--- a/internal/models/alias.go
+++ b/internal/models/alias.go
@@ -1,5 +1,10 @@
 package models
 import (
 	"fmt"
 	"strings"
 )
 type (
 	// VPNDevice is the device name used to tunnel using Openvpn
 	VPNDevice string
@@ -7,10 +12,6 @@ type (
 	DNSProvider string
 	// DNSHost is the DNS host to use for TLS validation
 	DNSHost string
 	// PIAEncryption defines the level of encryption for communication with PIA servers
 	PIAEncryption string
 	// PIARegion is used to define the list of regions available for PIA
 	PIARegion string
 	// URL is an HTTP(s) URL address
 	URL string
 	// Filepath is a local filesytem file path
@@ -22,3 +23,41 @@ type (
 	// NetworkProtocol contains the network protocol to be used to communicate with the VPN servers
 	NetworkProtocol string
 )
 func marshalJSONString(s string) (data []byte, err error) {
 	return []byte(fmt.Sprintf("%q", s)), nil
 }
 func unmarshalJSONString(data []byte) (s string) {
 	s = string(data)
 	s = strings.TrimPrefix(s, "\"")
 	s = strings.TrimSuffix(s, "\"")
 	return s
 }
 func (v *VPNProvider) MarshalJSON() ([]byte, error) {
 	return marshalJSONString(string(*v))
 }
 func (v *VPNProvider) UnmarshalJSON(data []byte) error {
 	*v = VPNProvider(unmarshalJSONString(data))
 	return nil
 }
 func (n *NetworkProtocol) MarshalJSON() ([]byte, error) {
 	return marshalJSONString(string(*n))
 }
 func (n *NetworkProtocol) UnmarshalJSON(data []byte) error {
 	*n = NetworkProtocol(unmarshalJSONString(data))
 	return nil
 }
 func (f *Filepath) MarshalJSON() ([]byte, error) {
 	return marshalJSONString(string(*f))
 }
 func (f *Filepath) UnmarshalJSON(data []byte) error {
 	*f = Filepath(unmarshalJSONString(data))
 	return nil
 }
--- a/internal/models/alias_test.go
+++ b/internal/models/alias_test.go
@@ -0,0 +1,41 @@
 package models
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func Test_VPNProvider_JSON(t *testing.T) {
 	t.Parallel()
 	v := VPNProvider("name")
 	data, err := v.MarshalJSON()
 	require.NoError(t, err)
 	assert.Equal(t, []byte{0x22, 0x6e, 0x61, 0x6d, 0x65, 0x22}, data)
 	err = v.UnmarshalJSON(data)
 	require.NoError(t, err)
 	assert.Equal(t, VPNProvider("name"), v)
 }
 func Test_NetworkProtocol_JSON(t *testing.T) {
 	t.Parallel()
 	v := NetworkProtocol("name")
 	data, err := v.MarshalJSON()
 	require.NoError(t, err)
 	assert.Equal(t, []byte{0x22, 0x6e, 0x61, 0x6d, 0x65, 0x22}, data)
 	err = v.UnmarshalJSON(data)
 	require.NoError(t, err)
 	assert.Equal(t, NetworkProtocol("name"), v)
 }
 func Test_Filepath_JSON(t *testing.T) {
 	t.Parallel()
 	v := Filepath("name")
 	data, err := v.MarshalJSON()
 	require.NoError(t, err)
 	assert.Equal(t, []byte{0x22, 0x6e, 0x61, 0x6d, 0x65, 0x22}, data)
 	err = v.UnmarshalJSON(data)
 	require.NoError(t, err)
 	assert.Equal(t, Filepath("name"), v)
 }
--- a/internal/models/dns.go
+++ b/internal/models/dns.go
@@ -4,7 +4,8 @@ import "net"
 // DNSProviderData contains information for a DNS provider
 type DNSProviderData struct {
-	IPs         []net.IP
+	IPs          []net.IP
-	SupportsTLS bool
+	SupportsTLS  bool
-	Host        DNSHost
+	SupportsIPv6 bool
 	Host         DNSHost
 }
--- a/internal/models/openvpn.go
+++ b/internal/models/openvpn.go
@@ -0,0 +1,13 @@
 package models
 import "net"
 type OpenVPNConnection struct {
 	IP       net.IP
 	Port     uint16
 	Protocol NetworkProtocol
 }
 func (o *OpenVPNConnection) Equal(other OpenVPNConnection) bool {
 	return o.IP.Equal(other.IP) && o.Port == other.Port && o.Protocol == other.Protocol
 }
--- a/internal/models/selection.go
+++ b/internal/models/selection.go
@@ -0,0 +1,144 @@
 package models
 import (
 	"fmt"
 	"net"
 	"strings"
 )
 // ProviderSettings contains settings specific to a VPN provider
 type ProviderSettings struct {
 	Name               VPNProvider        `json:"name"`
 	ServerSelection    ServerSelection    `json:"serverSelection"`
 	ExtraConfigOptions ExtraConfigOptions `json:"extraConfig"`
 	PortForwarding     PortForwarding     `json:"portForwarding"`
 }
 type ServerSelection struct { //nolint:maligned
 	// Common
 	Protocol NetworkProtocol `json:"networkProtocol"`
 	TargetIP net.IP          `json:"targetIP,omitempty"`
 	// Cyberghost, PIA, Surfshark, Windscribe, Vyprvpn, NordVPN
 	Region string `json:"region"`
 	// Cyberghost
 	Group string `json:"group"`
 	// Mullvad, PureVPN
 	Country string `json:"country"`
 	City    string `json:"city"`
 	// Mullvad
 	ISP   string `json:"isp"`
 	Owned bool   `json:"owned"`
 	// Mullvad, Windscribe
 	CustomPort uint16 `json:"customPort"`
 	// NordVPN
 	Number uint16 `json:"number"`
 	// PIA
 	EncryptionPreset string `json:"encryptionPreset"`
 }
 type ExtraConfigOptions struct {
 	ClientKey        string `json:"-"`                // Cyberghost
 	EncryptionPreset string `json:"encryptionPreset"` // PIA
 	OpenVPNIPv6      bool   `json:"openvpnIPv6"`      // Mullvad
 }
 // PortForwarding contains settings for port forwarding
 type PortForwarding struct {
 	Enabled  bool     `json:"enabled"`
 	Filepath Filepath `json:"filepath"`
 }
 func (p *PortForwarding) String() string {
 	if p.Enabled {
 		return fmt.Sprintf("on, saved in %s", p.Filepath)
 	}
 	return "off"
 }
 func (p *ProviderSettings) String() string {
 	settingsList := []string{
 		fmt.Sprintf("%s settings:", strings.Title(string(p.Name))),
 		"Network protocol: " + string(p.ServerSelection.Protocol),
 	}
 	customPort := ""
 	if p.ServerSelection.CustomPort > 0 {
 		customPort = fmt.Sprintf("%d", p.ServerSelection.CustomPort)
 	}
 	number := ""
 	if p.ServerSelection.Number > 0 {
 		number = fmt.Sprintf("%d", p.ServerSelection.Number)
 	}
 	ipv6 := "off"
 	if p.ExtraConfigOptions.OpenVPNIPv6 {
 		ipv6 = "on"
 	}
 	switch strings.ToLower(string(p.Name)) {
 	case "private internet access old":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 			"Encryption preset: "+p.ExtraConfigOptions.EncryptionPreset,
 			"Port forwarding: "+p.PortForwarding.String(),
 		)
 	case "private internet access":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 			"Encryption preset: "+p.ExtraConfigOptions.EncryptionPreset,
 			"Port forwarding: "+p.PortForwarding.String(),
 		)
 	case "mullvad":
 		settingsList = append(settingsList,
 			"Country: "+p.ServerSelection.Country,
 			"City: "+p.ServerSelection.City,
 			"ISP: "+p.ServerSelection.ISP,
 			"Custom port: "+customPort,
 			"IPv6: "+ipv6,
 		)
 	case "windscribe":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 			"Custom port: "+customPort,
 		)
 	case "surfshark":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 		)
 	case "cyberghost":
 		settingsList = append(settingsList,
 			"ClientKey: [redacted]",
 			"Group: "+p.ServerSelection.Group,
 			"Region: "+p.ServerSelection.Region,
 		)
 	case "vyprvpn":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 		)
 	case "nordvpn":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 			"Number: "+number,
 		)
 	case "purevpn":
 		settingsList = append(settingsList,
 			"Region: "+p.ServerSelection.Region,
 			"Country: "+p.ServerSelection.Country,
 			"City: "+p.ServerSelection.City,
 		)
 	default:
 		settingsList = append(settingsList,
 			"<Missing String method, please implement me!>",
 		)
 	}
 	if p.ServerSelection.TargetIP != nil {
 		settingsList = append(settingsList,
 			"Target IP address: "+string(p.ServerSelection.TargetIP),
 		)
 	}
 	return strings.Join(settingsList, "\n |--")
 }
--- a/internal/models/server.go
+++ b/internal/models/server.go
@@ -0,0 +1,160 @@
 package models
 import (
 	"encoding/hex"
 	"fmt"
 	"net"
 	"strings"
 )
 type PIAServer struct {
 	Region      string           `json:"region"`
 	PortForward bool             `json:"port_forward"`
 	OpenvpnUDP  PIAServerOpenvpn `json:"openvpn_udp"`
 	OpenvpnTCP  PIAServerOpenvpn `json:"openvpn_tcp"`
 }
 type PIAServerOpenvpn struct {
 	IPs []net.IP `json:"ips"`
 	CN  string   `json:"cn"`
 }
 func (p *PIAServerOpenvpn) String() string {
 	return fmt.Sprintf("models.PIAServerOpenvpn{CN: %q, IPs: %s}", p.CN, goStringifyIPs(p.IPs))
 }
 func (p *PIAServer) String() string {
 	return fmt.Sprintf("{Region: %q, PortForward: %t, OpenvpnUDP: %s, OpenvpnTCP: %s}",
 		p.Region, p.PortForward, p.OpenvpnUDP.String(), p.OpenvpnTCP.String())
 }
 type PIAOldServer struct {
 	IPs    []net.IP `json:"ips"`
 	Region string   `json:"region"`
 }
 func (p *PIAOldServer) String() string {
 	return fmt.Sprintf("{Region: %q, IPs: %s}", p.Region, goStringifyIPs(p.IPs))
 }
 type MullvadServer struct {
 	IPs     []net.IP `json:"ips"`
 	IPsV6   []net.IP `json:"ipsv6"`
 	Country string   `json:"country"`
 	City    string   `json:"city"`
 	ISP     string   `json:"isp"`
 	Owned   bool     `json:"owned"`
 }
 func (s *MullvadServer) String() string {
 	return fmt.Sprintf("{Country: %q, City: %q, ISP: %q, Owned: %t, IPs: %s, IPsV6: %s}",
 		s.Country, s.City, s.ISP, s.Owned, goStringifyIPs(s.IPs), goStringifyIPs(s.IPsV6))
 }
 type WindscribeServer struct {
 	Region string   `json:"region"`
 	IPs    []net.IP `json:"ips"`
 }
 func (s *WindscribeServer) String() string {
 	return fmt.Sprintf("{Region: %q, IPs: %s}", s.Region, goStringifyIPs(s.IPs))
 }
 type SurfsharkServer struct {
 	Region string   `json:"region"`
 	IPs    []net.IP `json:"ips"`
 }
 func (s *SurfsharkServer) String() string {
 	return fmt.Sprintf("{Region: %q, IPs: %s}", s.Region, goStringifyIPs(s.IPs))
 }
 type CyberghostServer struct {
 	Region string   `json:"region"`
 	Group  string   `json:"group"`
 	IPs    []net.IP `json:"ips"`
 }
 func (s *CyberghostServer) String() string {
 	return fmt.Sprintf("{Region: %q, Group: %q, IPs: %s}", s.Region, s.Group, goStringifyIPs(s.IPs))
 }
 type VyprvpnServer struct {
 	Region string   `json:"region"`
 	IPs    []net.IP `json:"ips"`
 }
 func (s *VyprvpnServer) String() string {
 	return fmt.Sprintf("{Region: %q, IPs: %s}", s.Region, goStringifyIPs(s.IPs))
 }
 type NordvpnServer struct { //nolint:maligned
 	Region string `json:"region"`
 	Number uint16 `json:"number"`
 	IP     net.IP `json:"ip"`
 	TCP    bool   `json:"tcp"`
 	UDP    bool   `json:"udp"`
 }
 func (s *NordvpnServer) String() string {
 	return fmt.Sprintf("{Region: %q, Number: %d, TCP: %t, UDP: %t, IP: %s}",
 		s.Region, s.Number, s.TCP, s.UDP, goStringifyIP(s.IP))
 }
 type PurevpnServer struct {
 	Region  string   `json:"region"`
 	Country string   `json:"country"`
 	City    string   `json:"city"`
 	IPs     []net.IP `json:"ips"`
 }
 func (s *PurevpnServer) String() string {
 	return fmt.Sprintf("{Region: %q, Country: %q, City: %q, IPs: %s}",
 		s.Region, s.Country, s.City, goStringifyIPs(s.IPs))
 }
 func goStringifyIP(ip net.IP) string {
 	s := fmt.Sprintf("%#v", ip)
 	s = strings.TrimSuffix(strings.TrimPrefix(s, "net.IP{"), "}")
 	fields := strings.Split(s, ", ")
 	isIPv4 := ip.To4() != nil
 	if isIPv4 {
 		fields = fields[len(fields)-4:]
 	}
 	// Count leading zeros
 	leadingZeros := 0
 	for i := range fields {
 		if fields[i] == "0x0" {
 			leadingZeros++
 		} else {
 			break
 		}
 	}
 	// Remove leading zeros
 	fields = fields[leadingZeros:]
 	for i := range fields {
 		// IPv4 is better understood in integer notation, whereas IPv6 is written in hex notation
 		if isIPv4 {
 			hexString := strings.Replace(fields[i], "0x", "", 1)
 			if len(hexString) == 1 {
 				hexString = "0" + hexString
 			}
 			b, _ := hex.DecodeString(hexString)
 			fields[i] = fmt.Sprintf("%d", b[0])
 		}
 	}
 	return fmt.Sprintf("net.IP{%s}", strings.Join(fields, ", "))
 }
 func goStringifyIPs(ips []net.IP) string {
 	ipStrings := make([]string, len(ips))
 	for i := range ips {
 		ipStrings[i] = goStringifyIP(ips[i])
 		ipStrings[i] = strings.TrimPrefix(ipStrings[i], "net.IP")
 	}
 	return "[]net.IP{" + strings.Join(ipStrings, ", ") + "}"
 }
--- a/internal/models/server_test.go
+++ b/internal/models/server_test.go
@@ -0,0 +1,141 @@
 package models
 import (
 	"net"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func Test_PIAOldServer_String(t *testing.T) {
 	t.Parallel()
 	testCases := map[string]struct {
 		server PIAOldServer
 		s      string
 	}{
 		"no ips": {
 			server: PIAOldServer{Region: "a b"},
 			s:      `{Region: "a b", IPs: []net.IP{}}`,
 		},
 		"with ips": {
 			server: PIAOldServer{Region: "a b", IPs: []net.IP{{1, 1, 1, 1}, {2, 2, 2, 2}}},
 			s:      `{Region: "a b", IPs: []net.IP{{1, 1, 1, 1}, {2, 2, 2, 2}}}`,
 		},
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			s := testCase.server.String()
 			assert.Equal(t, testCase.s, s)
 		})
 	}
 }
 func Test_MullvadServer_String(t *testing.T) {
 	t.Parallel()
 	testCases := map[string]struct {
 		server MullvadServer
 		s      string
 	}{
 		"example": {
 			server: MullvadServer{
 				IPs:     []net.IP{{1, 1, 1, 1}},
 				IPsV6:   []net.IP{{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}},
 				Country: "That Country",
 				City:    "That City",
 				ISP:     "not spying on you",
 				Owned:   true,
 			},
 			s: `{Country: "That Country", City: "That City", ISP: "not spying on you", Owned: true, IPs: []net.IP{{1, 1, 1, 1}}, IPsV6: []net.IP{{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}}}`,
 		},
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			s := testCase.server.String()
 			assert.Equal(t, testCase.s, s)
 		})
 	}
 }
 func Test_goStringifyIP(t *testing.T) {
 	t.Parallel()
 	testCases := map[string]struct {
 		ip net.IP
 		s  string
 	}{
 		"nil ip": {
 			s: "net.IP{net.IP(nil)}",
 		},
 		"empty ip": {
 			ip: net.IP{},
 			s:  "net.IP{}",
 		},
 		"ipv4": {
 			ip: net.IP{10, 16, 54, 25},
 			s:  "net.IP{10, 16, 54, 25}",
 		},
 		"ipv6": {
 			ip: net.IP{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1},
 			s:  "net.IP{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}",
 		},
 		"zeros ipv4": {
 			ip: net.IP{0, 0, 0, 0},
 			s:  "net.IP{}",
 		},
 		"zeros ipv46": {
 			ip: net.ParseIP("::"),
 			s:  "net.IP{}",
 		},
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			s := goStringifyIP(testCase.ip)
 			assert.Equal(t, testCase.s, s)
 		})
 	}
 }
 func Test_stringifyIPs(t *testing.T) {
 	t.Parallel()
 	testCases := map[string]struct {
 		ips []net.IP
 		s   string
 	}{
 		"nil ips": {
 			s: "[]net.IP{}",
 		},
 		"empty ips": {
 			ips: []net.IP{},
 			s:   "[]net.IP{}",
 		},
 		"single ipv4": {
 			ips: []net.IP{{10, 16, 54, 25}},
 			s:   "[]net.IP{{10, 16, 54, 25}}",
 		},
 		"single ipv6": {
 			ips: []net.IP{{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}},
 			s:   "[]net.IP{{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}}",
 		},
 		"mix of ips": {
 			ips: []net.IP{
 				{10, 16, 54, 25},
 				{0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1},
 				{0, 0, 0, 0},
 			},
 			s: "[]net.IP{{10, 16, 54, 25}, {0x20, 0x1, 0xd, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, {}}",
 		},
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 			s := goStringifyIPs(testCase.ips)
 			assert.Equal(t, testCase.s, s)
 		})
 	}
 }
--- a/internal/models/servers.go
+++ b/internal/models/servers.go
@@ -0,0 +1,60 @@
 package models
 type AllServers struct {
 	Version    uint16            `json:"version"`
 	Cyberghost CyberghostServers `json:"cyberghost"`
 	Mullvad    MullvadServers    `json:"mullvad"`
 	Nordvpn    NordvpnServers    `json:"nordvpn"`
 	PiaOld     PiaOldServers     `json:"piaOld"`
 	Pia        PiaServers        `json:"pia"`
 	Purevpn    PurevpnServers    `json:"purevpn"`
 	Surfshark  SurfsharkServers  `json:"surfshark"`
 	Vyprvpn    VyprvpnServers    `json:"vyprvpn"`
 	Windscribe WindscribeServers `json:"windscribe"`
 }
 type CyberghostServers struct {
 	Version   uint16             `json:"version"`
 	Timestamp int64              `json:"timestamp"`
 	Servers   []CyberghostServer `json:"servers"`
 }
 type MullvadServers struct {
 	Version   uint16          `json:"version"`
 	Timestamp int64           `json:"timestamp"`
 	Servers   []MullvadServer `json:"servers"`
 }
 type NordvpnServers struct {
 	Version   uint16          `json:"version"`
 	Timestamp int64           `json:"timestamp"`
 	Servers   []NordvpnServer `json:"servers"`
 }
 type PiaOldServers struct {
 	Version   uint16         `json:"version"`
 	Timestamp int64          `json:"timestamp"`
 	Servers   []PIAOldServer `json:"servers"`
 }
 type PiaServers struct {
 	Version   uint16      `json:"version"`
 	Timestamp int64       `json:"timestamp"`
 	Servers   []PIAServer `json:"servers"`
 }
 type PurevpnServers struct {
 	Version   uint16          `json:"version"`
 	Timestamp int64           `json:"timestamp"`
 	Servers   []PurevpnServer `json:"purevpn"`
 }
 type SurfsharkServers struct {
 	Version   uint16            `json:"version"`
 	Timestamp int64             `json:"timestamp"`
 	Servers   []SurfsharkServer `json:"servers"`
 }
 type VyprvpnServers struct {
 	Version   uint16          `json:"version"`
 	Timestamp int64           `json:"timestamp"`
 	Servers   []VyprvpnServer `json:"servers"`
 }
 type WindscribeServers struct {
 	Version   uint16             `json:"version"`
 	Timestamp int64              `json:"timestamp"`
 	Servers   []WindscribeServer `json:"servers"`
 }
--- a/internal/openvpn/auth.go
+++ b/internal/openvpn/auth.go
@@ -1,20 +1,28 @@
 package openvpn
 import (
 	"strings"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 )
 // WriteAuthFile writes the OpenVPN auth file to disk with the right permissions
 func (c *configurator) WriteAuthFile(user, password string, uid, gid int) error {
-	authExists, err := c.fileManager.FileExists(string(constants.OpenVPNAuthConf))
+	exists, err := c.fileManager.FileExists(string(constants.OpenVPNAuthConf))
 	if err != nil {
 		return err
-	} else if authExists { // in case of container stop/start
+	} else if exists {
-		c.logger.Info("%s: %s already exists", logPrefix, constants.OpenVPNAuthConf)
+		data, err := c.fileManager.ReadFile(string(constants.OpenVPNAuthConf))
-		return nil
+		if err != nil {
 			return err
 		}
 		lines := strings.Split(string(data), "\n")
 		if len(lines) > 1 && lines[0] == user && lines[1] == password {
 			return nil
 		}
 		c.logger.Info("username and password changed", constants.OpenVPNAuthConf)
 	}
 	c.logger.Info("%s: writing auth file %s", logPrefix, constants.OpenVPNAuthConf)
 	return c.fileManager.WriteLinesToFile(
 		string(constants.OpenVPNAuthConf),
 		[]string{user, password},
--- a/internal/openvpn/command.go
+++ b/internal/openvpn/command.go
@@ -1,21 +1,22 @@
 package openvpn
 import (
 	"context"
 	"fmt"
 	"io"
 	"strings"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 )
-func (c *configurator) Start() (stdout io.ReadCloser, waitFn func() error, err error) {
+func (c *configurator) Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error) {
-	c.logger.Info("%s: starting openvpn", logPrefix)
+	c.logger.Info("starting openvpn")
-	stdout, _, waitFn, err = c.commander.Start("openvpn", "--config", string(constants.OpenVPNConf))
+	stdout, _, waitFn, err = c.commander.Start(ctx, "openvpn", "--config", string(constants.OpenVPNConf))
 	return stdout, waitFn, err
 }
-func (c *configurator) Version() (string, error) {
+func (c *configurator) Version(ctx context.Context) (string, error) {
-	output, err := c.commander.Run("openvpn", "--version")
+	output, err := c.commander.Run(ctx, "openvpn", "--version")
 	if err != nil && err.Error() != "exit status 1" {
 		return "", err
 	}
--- a/internal/openvpn/loop.go
+++ b/internal/openvpn/loop.go
@@ -0,0 +1,234 @@
 package openvpn
 import (
 	"context"
 	"net"
 	"net/http"
 	"sync"
 	"time"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/provider"
 	"github.com/qdm12/gluetun/internal/routing"
 	"github.com/qdm12/gluetun/internal/settings"
 	"github.com/qdm12/golibs/command"
 	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/golibs/logging"
 )
 type Looper interface {
 	Run(ctx context.Context, wg *sync.WaitGroup)
 	Restart()
 	PortForward(vpnGatewayIP net.IP)
 	GetSettings() (settings settings.OpenVPN)
 	SetSettings(settings settings.OpenVPN)
 	GetPortForwarded() (portForwarded uint16)
 	SetAllServers(allServers models.AllServers)
 }
 type looper struct {
 	// Variable parameters
 	provider           models.VPNProvider
 	settings           settings.OpenVPN
 	settingsMutex      sync.RWMutex
 	portForwarded      uint16
 	portForwardedMutex sync.RWMutex
 	allServers         models.AllServers
 	allServersMutex    sync.RWMutex
 	// Fixed parameters
 	uid int
 	gid int
 	// Configurators
 	conf    Configurator
 	fw      firewall.Configurator
 	routing routing.Routing
 	// Other objects
 	logger, pfLogger logging.Logger
 	client           *http.Client
 	fileManager      files.FileManager
 	streamMerger     command.StreamMerger
 	cancel           context.CancelFunc
 	// Internal channels
 	restart            chan struct{}
 	portForwardSignals chan net.IP
 }
 func NewLooper(provider models.VPNProvider, settings settings.OpenVPN,
 	uid, gid int, allServers models.AllServers,
 	conf Configurator, fw firewall.Configurator, routing routing.Routing,
 	logger logging.Logger, client *http.Client, fileManager files.FileManager,
 	streamMerger command.StreamMerger, cancel context.CancelFunc) Looper {
 	return &looper{
 		provider:           provider,
 		settings:           settings,
 		uid:                uid,
 		gid:                gid,
 		allServers:         allServers,
 		conf:               conf,
 		fw:                 fw,
 		routing:            routing,
 		logger:             logger.WithPrefix("openvpn: "),
 		pfLogger:           logger.WithPrefix("port forwarding: "),
 		client:             client,
 		fileManager:        fileManager,
 		streamMerger:       streamMerger,
 		cancel:             cancel,
 		restart:            make(chan struct{}),
 		portForwardSignals: make(chan net.IP),
 	}
 }
 func (l *looper) Restart()                      { l.restart <- struct{}{} }
 func (l *looper) PortForward(vpnGateway net.IP) { l.portForwardSignals <- vpnGateway }
 func (l *looper) GetSettings() (settings settings.OpenVPN) {
 	l.settingsMutex.RLock()
 	defer l.settingsMutex.RUnlock()
 	return l.settings
 }
 func (l *looper) SetSettings(settings settings.OpenVPN) {
 	l.settingsMutex.Lock()
 	defer l.settingsMutex.Unlock()
 	l.settings = settings
 }
 func (l *looper) SetAllServers(allServers models.AllServers) {
 	l.allServersMutex.Lock()
 	defer l.allServersMutex.Unlock()
 	l.allServers = allServers
 }
 func (l *looper) Run(ctx context.Context, wg *sync.WaitGroup) {
 	defer wg.Done()
 	select {
 	case <-l.restart:
 	case <-ctx.Done():
 		return
 	}
 	defer l.logger.Warn("loop exited")
 	for ctx.Err() == nil {
 		settings := l.GetSettings()
 		l.allServersMutex.RLock()
 		providerConf := provider.New(l.provider, l.allServers, time.Now)
 		l.allServersMutex.RUnlock()
 		connection, err := providerConf.GetOpenVPNConnection(settings.Provider.ServerSelection)
 		if err != nil {
 			l.logger.Error(err)
 			l.cancel()
 			return
 		}
 		lines := providerConf.BuildConf(
 			connection,
 			settings.Verbosity,
 			l.uid,
 			l.gid,
 			settings.Root,
 			settings.Cipher,
 			settings.Auth,
 			settings.Provider.ExtraConfigOptions,
 		)
 		if err := l.fileManager.WriteLinesToFile(string(constants.OpenVPNConf), lines, files.Ownership(l.uid, l.gid), files.Permissions(0400)); err != nil {
 			l.logger.Error(err)
 			l.cancel()
 			return
 		}
 		if err := l.conf.WriteAuthFile(settings.User, settings.Password, l.uid, l.gid); err != nil {
 			l.logger.Error(err)
 			l.cancel()
 			return
 		}
 		if err := l.fw.SetVPNConnection(ctx, connection); err != nil {
 			l.logger.Error(err)
 			l.cancel()
 			return
 		}
 		openvpnCtx, openvpnCancel := context.WithCancel(context.Background())
 		stream, waitFn, err := l.conf.Start(openvpnCtx)
 		if err != nil {
 			openvpnCancel()
 			l.logAndWait(ctx, err)
 			continue
 		}
 		// Needs the stream line from main.go to know when the tunnel is up
 		go func(ctx context.Context) {
 			for {
 				select {
 				// TODO have a way to disable pf with a context
 				case <-ctx.Done():
 					return
 				case gateway := <-l.portForwardSignals:
 					wg.Add(1)
 					go l.portForward(ctx, wg, providerConf, l.client, gateway)
 				}
 			}
 		}(openvpnCtx)
 		go l.streamMerger.Merge(openvpnCtx, stream, command.MergeName("openvpn"))
 		waitError := make(chan error)
 		go func() {
 			err := waitFn() // blocking
 			waitError <- err
 		}()
 		select {
 		case <-ctx.Done():
 			l.logger.Warn("context canceled: exiting loop")
 			openvpnCancel()
 			<-waitError
 			close(waitError)
 			return
 		case <-l.restart: // triggered restart
 			l.logger.Info("restarting")
 			openvpnCancel()
 			<-waitError
 			close(waitError)
 		case err := <-waitError: // unexpected error
 			openvpnCancel()
 			close(waitError)
 			l.logAndWait(ctx, err)
 		}
 	}
 }
 func (l *looper) logAndWait(ctx context.Context, err error) {
 	l.logger.Error(err)
 	l.logger.Info("retrying in 30 seconds")
 	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
 	defer cancel() // just for the linter
 	<-ctx.Done()
 }
 // portForward is a blocking operation which may or may not be infinite.
 // You should therefore always call it in a goroutine
 func (l *looper) portForward(ctx context.Context, wg *sync.WaitGroup,
 	providerConf provider.Provider, client *http.Client, gateway net.IP) {
 	defer wg.Done()
 	settings := l.GetSettings()
 	if !settings.Provider.PortForwarding.Enabled {
 		return
 	}
 	syncState := func(port uint16) (pfFilepath models.Filepath) {
 		l.portForwardedMutex.Lock()
 		l.portForwarded = port
 		l.portForwardedMutex.Unlock()
 		settings := l.GetSettings()
 		return settings.Provider.PortForwarding.Filepath
 	}
 	providerConf.PortForward(ctx,
 		client, l.fileManager, l.pfLogger,
 		gateway, l.fw, syncState)
 }
 func (l *looper) GetPortForwarded() (portForwarded uint16) {
 	l.portForwardedMutex.RLock()
 	defer l.portForwardedMutex.RUnlock()
 	return l.portForwarded
 }
--- a/internal/openvpn/openvpn.go
+++ b/internal/openvpn/openvpn.go
@@ -1,6 +1,7 @@
 package openvpn
 import (
 	"context"
 	"io"
 	"os"
@@ -10,14 +11,12 @@ import (
 	"golang.org/x/sys/unix"
 )
 const logPrefix = "openvpn configurator"
 type Configurator interface {
-	Version() (string, error)
+	Version(ctx context.Context) (string, error)
 	WriteAuthFile(user, password string, uid, gid int) error
 	CheckTUN() error
 	CreateTUN() error
-	Start() (stdout io.ReadCloser, waitFn func() error, err error)
+	Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error)
 }
 type configurator struct {
@@ -32,7 +31,7 @@ type configurator struct {
 func NewConfigurator(logger logging.Logger, fileManager files.FileManager) Configurator {
 	return &configurator{
 		fileManager: fileManager,
-		logger:      logger,
+		logger:      logger.WithPrefix("openvpn configurator: "),
 		commander:   command.NewCommander(),
 		openFile:    os.OpenFile,
 		mkDev:       unix.Mkdev,
--- a/internal/openvpn/tun.go
+++ b/internal/openvpn/tun.go
@@ -4,13 +4,13 @@ import (
 	"fmt"
 	"os"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants"
 	"golang.org/x/sys/unix"
 )
 // CheckTUN checks the tunnel device is present and accessible
 func (c *configurator) CheckTUN() error {
-	c.logger.Info("%s: checking for device %s", logPrefix, constants.TunnelDevice)
+	c.logger.Info("checking for device %s", constants.TunnelDevice)
 	f, err := c.openFile(string(constants.TunnelDevice), os.O_RDWR, 0)
 	if err != nil {
 		return fmt.Errorf("TUN device is not available: %w", err)
@@ -22,7 +22,7 @@ func (c *configurator) CheckTUN() error {
 }
 func (c *configurator) CreateTUN() error {
-	c.logger.Info("%s: creating %s", logPrefix, constants.TunnelDevice)
+	c.logger.Info("creating %s", constants.TunnelDevice)
 	if err := c.fileManager.CreateDir("/dev/net"); err != nil {
 		return err
 	}
@@ -30,7 +30,7 @@ func (c *configurator) CreateTUN() error {
 	if err := c.mkNod(string(constants.TunnelDevice), unix.S_IFCHR, int(dev)); err != nil {
 		return err
 	}
-	if err := c.fileManager.SetUserPermissions(string(constants.TunnelDevice), 666); err != nil {
+	if err := c.fileManager.SetUserPermissions(string(constants.TunnelDevice), 0666); err != nil {
 		return err
 	}
 	return nil
--- a/internal/params/cyberghost.go
+++ b/internal/params/cyberghost.go
@@ -0,0 +1,42 @@
 package params
 import (
 	"strings"
 	"github.com/qdm12/gluetun/internal/constants"
 	libparams "github.com/qdm12/golibs/params"
 )
 // GetCyberghostGroup obtains the server group for the Cyberghost server from the
 // environment variable CYBERGHOST_GROUP
 func (p *reader) GetCyberghostGroup() (group string, err error) {
 	s, err := p.envParams.GetValueIfInside("CYBERGHOST_GROUP", constants.CyberghostGroupChoices(), libparams.Default("Premium UDP Europe"))
 	return s, err
 }
 // GetCyberghostRegion obtains the country name for the Cyberghost server from the
 // environment variable REGION
 func (p *reader) GetCyberghostRegion() (region string, err error) {
 	choices := append(constants.CyberghostRegionChoices(), "")
 	s, err := p.envParams.GetValueIfInside("REGION", choices)
 	return s, err
 }
 // GetCyberghostClientKey obtains the one line client key to use for openvpn from the
 // environment variable CLIENT_KEY
 func (p *reader) GetCyberghostClientKey() (clientKey string, err error) {
 	clientKey, err = p.envParams.GetEnv("CLIENT_KEY", libparams.CaseSensitiveValue())
 	if err != nil {
 		return "", err
 	} else if len(clientKey) > 0 {
 		return clientKey, nil
 	}
 	content, err := p.fileManager.ReadFile("/files/client.key")
 	if err != nil {
 		return "", err
 	}
 	s := string(content)
 	s = strings.ReplaceAll(s, "\n", "")
 	s = strings.ReplaceAll(s, "\r", "")
 	return s, nil
 }
--- a/internal/params/dns.go
+++ b/internal/params/dns.go
@@ -1,118 +1,165 @@
-package params
+package params
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"strings"
+	"net"
-
+	"strings"
-	libparams "github.com/qdm12/golibs/params"
+	"time"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/gluetun/internal/constants"
-)
+	"github.com/qdm12/gluetun/internal/models"
-
+	libparams "github.com/qdm12/golibs/params"
-// GetDNSOverTLS obtains if the DNS over TLS should be enabled
+)
-// from the environment variable DOT
+
-func (p *paramsReader) GetDNSOverTLS() (DNSOverTLS bool, err error) {
+// GetDNSOverTLS obtains if the DNS over TLS should be enabled
-	return p.envParams.GetOnOff("DOT", libparams.Default("on"))
+// from the environment variable DOT
-}
+func (r *reader) GetDNSOverTLS() (DNSOverTLS bool, err error) { //nolint:gocritic
-
+	return r.envParams.GetOnOff("DOT", libparams.Default("on"))
-// GetDNSOverTLSProviders obtains the DNS over TLS providers to use
+}
-// from the environment variable DOT_PROVIDERS
+
-func (p *paramsReader) GetDNSOverTLSProviders() (providers []models.DNSProvider, err error) {
+// GetDNSOverTLSProviders obtains the DNS over TLS providers to use
-	s, err := p.envParams.GetEnv("DOT_PROVIDERS", libparams.Default("cloudflare"))
+// from the environment variable DOT_PROVIDERS
-	if err != nil {
+func (r *reader) GetDNSOverTLSProviders() (providers []models.DNSProvider, err error) {
-		return nil, err
+	s, err := r.envParams.GetEnv("DOT_PROVIDERS", libparams.Default("cloudflare"))
-	}
+	if err != nil {
-	for _, word := range strings.Split(s, ",") {
+		return nil, err
-		provider := models.DNSProvider(word)
+	}
-		switch provider {
+	for _, word := range strings.Split(s, ",") {
-		case constants.Cloudflare, constants.Google, constants.Quad9, constants.Quadrant, constants.CleanBrowsing, constants.SecureDNS, constants.LibreDNS:
+		provider := models.DNSProvider(word)
-			providers = append(providers, provider)
+		switch provider {
-		default:
+		case constants.Cloudflare, constants.Google, constants.Quad9, constants.Quadrant, constants.CleanBrowsing, constants.SecureDNS, constants.LibreDNS:
-			return nil, fmt.Errorf("DNS over TLS provider %q is not valid", provider)
+			providers = append(providers, provider)
-		}
+		default:
-	}
+			return nil, fmt.Errorf("DNS over TLS provider %q is not valid", provider)
-	return providers, nil
+		}
-}
+	}
-
+	return providers, nil
-// GetDNSOverTLSVerbosity obtains the verbosity level to use for Unbound
+}
-// from the environment variable DOT_VERBOSITY
+
-func (p *paramsReader) GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error) {
+// GetDNSOverTLSVerbosity obtains the verbosity level to use for Unbound
-	n, err := p.envParams.GetEnvIntRange("DOT_VERBOSITY", 0, 5, libparams.Default("1"))
+// from the environment variable DOT_VERBOSITY
-	return uint8(n), err
+func (r *reader) GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error) {
-}
+	n, err := r.envParams.GetEnvIntRange("DOT_VERBOSITY", 0, 5, libparams.Default("1"))
-
+	return uint8(n), err
-// GetDNSOverTLSVerbosityDetails obtains the log level to use for Unbound
+}
-// from the environment variable DOT_VERBOSITY_DETAILS
+
-func (p *paramsReader) GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error) {
+// GetDNSOverTLSVerbosityDetails obtains the log level to use for Unbound
-	n, err := p.envParams.GetEnvIntRange("DOT_VERBOSITY_DETAILS", 0, 4, libparams.Default("0"))
+// from the environment variable DOT_VERBOSITY_DETAILS
-	return uint8(n), err
+func (r *reader) GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error) {
-}
+	n, err := r.envParams.GetEnvIntRange("DOT_VERBOSITY_DETAILS", 0, 4, libparams.Default("0"))
-
+	return uint8(n), err
-// GetDNSOverTLSValidationLogLevel obtains the log level to use for Unbound DOT validation
+}
-// from the environment variable DOT_VALIDATION_LOGLEVEL
+
-func (p *paramsReader) GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error) {
+// GetDNSOverTLSValidationLogLevel obtains the log level to use for Unbound DOT validation
-	n, err := p.envParams.GetEnvIntRange("DOT_VALIDATION_LOGLEVEL", 0, 2, libparams.Default("0"))
+// from the environment variable DOT_VALIDATION_LOGLEVEL
-	return uint8(n), err
+func (r *reader) GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error) {
-}
+	n, err := r.envParams.GetEnvIntRange("DOT_VALIDATION_LOGLEVEL", 0, 2, libparams.Default("0"))
-
+	return uint8(n), err
-// GetDNSMaliciousBlocking obtains if malicious hostnames/IPs should be blocked
+}
-// from being resolved by Unbound, using the environment variable BLOCK_MALICIOUS
+
-func (p *paramsReader) GetDNSMaliciousBlocking() (blocking bool, err error) {
+// GetDNSMaliciousBlocking obtains if malicious hostnames/IPs should be blocked
-	return p.envParams.GetOnOff("BLOCK_MALICIOUS", libparams.Default("on"))
+// from being resolved by Unbound, using the environment variable BLOCK_MALICIOUS
-}
+func (r *reader) GetDNSMaliciousBlocking() (blocking bool, err error) {
-
+	return r.envParams.GetOnOff("BLOCK_MALICIOUS", libparams.Default("on"))
-// GetDNSSurveillanceBlocking obtains if surveillance hostnames/IPs should be blocked
+}
-// from being resolved by Unbound, using the environment variable BLOCK_SURVEILLANCE
+
-// and BLOCK_NSA for retrocompatibility
+// GetDNSSurveillanceBlocking obtains if surveillance hostnames/IPs should be blocked
-func (p *paramsReader) GetDNSSurveillanceBlocking() (blocking bool, err error) {
+// from being resolved by Unbound, using the environment variable BLOCK_SURVEILLANCE
-	// Retro-compatibility
+// and BLOCK_NSA for retrocompatibility
-	s, err := p.envParams.GetEnv("BLOCK_NSA")
+func (r *reader) GetDNSSurveillanceBlocking() (blocking bool, err error) {
-	if err != nil {
+	// Retro-compatibility
-		return false, err
+	s, err := r.envParams.GetEnv("BLOCK_NSA")
-	} else if len(s) != 0 {
+	if err != nil {
-		p.logger.Warn("You are using the old environment variable BLOCK_NSA, please consider changing it to BLOCK_SURVEILLANCE")
+		return false, err
-		return p.envParams.GetOnOff("BLOCK_NSA", libparams.Compulsory())
+	} else if len(s) != 0 {
-	}
+		r.logger.Warn("You are using the old environment variable BLOCK_NSA, please consider changing it to BLOCK_SURVEILLANCE")
-	return p.envParams.GetOnOff("BLOCK_SURVEILLANCE", libparams.Default("off"))
+		return r.envParams.GetOnOff("BLOCK_NSA", libparams.Compulsory())
-}
+	}
-
+	return r.envParams.GetOnOff("BLOCK_SURVEILLANCE", libparams.Default("off"))
-// GetDNSAdsBlocking obtains if ads hostnames/IPs should be blocked
+}
-// from being resolved by Unbound, using the environment variable BLOCK_ADS
+
-func (p *paramsReader) GetDNSAdsBlocking() (blocking bool, err error) {
+// GetDNSAdsBlocking obtains if ads hostnames/IPs should be blocked
-	return p.envParams.GetOnOff("BLOCK_ADS", libparams.Default("off"))
+// from being resolved by Unbound, using the environment variable BLOCK_ADS
-}
+func (r *reader) GetDNSAdsBlocking() (blocking bool, err error) {
-
+	return r.envParams.GetOnOff("BLOCK_ADS", libparams.Default("off"))
-// GetDNSUnblockedHostnames obtains a list of hostnames to unblock from block lists
+}
-// from the comma separated list for the environment variable UNBLOCK
+
-func (p *paramsReader) GetDNSUnblockedHostnames() (hostnames []string, err error) {
+// GetDNSUnblockedHostnames obtains a list of hostnames to unblock from block lists
-	s, err := p.envParams.GetEnv("UNBLOCK")
+// from the comma separated list for the environment variable UNBLOCK
-	if err != nil {
+func (r *reader) GetDNSUnblockedHostnames() (hostnames []string, err error) {
-		return nil, err
+	s, err := r.envParams.GetEnv("UNBLOCK")
-	}
+	if err != nil {
-	if len(s) == 0 {
+		return nil, err
-		return nil, nil
+	} else if len(s) == 0 {
-	}
+		return nil, nil
-	hostnames = strings.Split(s, ",")
+	}
-	for _, hostname := range hostnames {
+	hostnames = strings.Split(s, ",")
-		if !p.verifier.MatchHostname(hostname) {
+	for _, hostname := range hostnames {
-			return nil, fmt.Errorf("hostname %q does not seem valid", hostname)
+		if !r.verifier.MatchHostname(hostname) {
-		}
+			return nil, fmt.Errorf("hostname %q does not seem valid", hostname)
-	}
+		}
-	return hostnames, nil
+	}
-}
+	return hostnames, nil
-
+}
-// GetDNSOverTLSCaching obtains if Unbound caching should be enable or not
+
-// from the environment variable DOT_CACHING
+// GetDNSOverTLSCaching obtains if Unbound caching should be enable or not
-func (p *paramsReader) GetDNSOverTLSCaching() (caching bool, err error) {
+// from the environment variable DOT_CACHING
-	return p.envParams.GetOnOff("DOT_CACHING")
+func (r *reader) GetDNSOverTLSCaching() (caching bool, err error) {
-}
+	return r.envParams.GetOnOff("DOT_CACHING")
-
+}
-// GetDNSOverTLSPrivateAddresses obtains if Unbound caching should be enable or not
+
-// from the environment variable DOT_PRIVATE_ADDRESS
+// GetDNSOverTLSPrivateAddresses obtains if Unbound caching should be enable or not
-func (p *paramsReader) GetDNSOverTLSPrivateAddresses() (privateAddresses []string) {
+// from the environment variable DOT_PRIVATE_ADDRESS
-	s, _ := p.envParams.GetEnv("DOT_PRIVATE_ADDRESS")
+func (r *reader) GetDNSOverTLSPrivateAddresses() (privateAddresses []string, err error) {
-	for _, s := range strings.Split(s, ",") {
+	s, err := r.envParams.GetEnv("DOT_PRIVATE_ADDRESS")
-		privateAddresses = append(privateAddresses, s)
+	if err != nil {
-	}
+		return nil, err
-	return privateAddresses
+	} else if len(s) == 0 {
-}
+		return nil, nil
 	}
 	privateAddresses = strings.Split(s, ",")
 	for _, address := range privateAddresses {
 		ip := net.ParseIP(address)
 		_, _, err := net.ParseCIDR(address)
 		if ip == nil && err != nil {
 			return nil, fmt.Errorf("private address %q is not a valid IP or CIDR range", address)
 		}
 	}
 	return privateAddresses, nil
 }
 // GetDNSOverTLSIPv6 obtains if Unbound should resolve ipv6 addresses using ipv6 DNS over TLS
 //  servers from the environment variable DOT_IPV6
 func (r *reader) GetDNSOverTLSIPv6() (ipv6 bool, err error) {
 	return r.envParams.GetOnOff("DOT_IPV6", libparams.Default("off"))
 }
 // GetDNSUpdatePeriod obtains the period to use to update the block lists and cryptographic files
 // and restart Unbound from the environment variable DNS_UPDATE_PERIOD
 func (r *reader) GetDNSUpdatePeriod() (period time.Duration, err error) {
 	s, err := r.envParams.GetEnv("DNS_UPDATE_PERIOD", libparams.Default("24h"))
 	if err != nil {
 		return period, err
 	}
 	return time.ParseDuration(s)
 }
 // GetDNSPlaintext obtains the plaintext DNS address to use if DNS over TLS is disabled
 // from the environment variable DNS_PLAINTEXT_ADDRESS
 func (r *reader) GetDNSPlaintext() (ip net.IP, err error) {
 	s, err := r.envParams.GetEnv("DNS_PLAINTEXT_ADDRESS", libparams.Default("1.1.1.1"))
 	if err != nil {
 		return nil, err
 	}
 	ip = net.ParseIP(s)
 	if ip == nil {
 		return nil, fmt.Errorf("DNS plaintext address %q is not a valid IP address", s)
 	}
 	return ip, nil
 }
 // GetDNSKeepNameserver obtains if the nameserver present in /etc/resolv.conf
 // should be kept instead of overridden, from the environment variable DNS_KEEP_NAMESERVER
 func (r *reader) GetDNSKeepNameserver() (on bool, err error) {
 	return r.envParams.GetOnOff("DNS_KEEP_NAMESERVER", libparams.Default("off"))
 }
--- a/internal/params/firewall.go
+++ b/internal/params/firewall.go
@@ -1,29 +1,66 @@
-package params
+package params
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"net"
+	"net"
-	"strings"
+	"strconv"
-)
+	"strings"
-
+
-// GetExtraSubnets obtains the CIDR subnets from the comma separated list of the
+	libparams "github.com/qdm12/golibs/params"
-// environment variable EXTRA_SUBNETS
+)
-func (p *paramsReader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
+
-	s, err := p.envParams.GetEnv("EXTRA_SUBNETS")
+// GetFirewall obtains if the firewall should be enabled from the environment variable FIREWALL
-	if err != nil {
+func (r *reader) GetFirewall() (enabled bool, err error) {
-		return nil, err
+	return r.envParams.GetOnOff("FIREWALL", libparams.Default("on"))
-	} else if s == "" {
+}
-		return nil, nil
+
-	}
+// GetExtraSubnets obtains the CIDR subnets from the comma separated list of the
-	subnets := strings.Split(s, ",")
+// environment variable EXTRA_SUBNETS
-	for _, subnet := range subnets {
+func (r *reader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
-		_, cidr, err := net.ParseCIDR(subnet)
+	s, err := r.envParams.GetEnv("EXTRA_SUBNETS")
-		if err != nil {
+	if err != nil {
-			return nil, fmt.Errorf("could not parse subnet %q from environment variable with key EXTRA_SUBNETS: %w", subnet, err)
+		return nil, err
-		} else if cidr == nil {
+	} else if s == "" {
-			return nil, fmt.Errorf("parsing subnet %q resulted in a nil CIDR", subnet)
+		return nil, nil
-		}
+	}
-		extraSubnets = append(extraSubnets, *cidr)
+	subnets := strings.Split(s, ",")
-	}
+	for _, subnet := range subnets {
-	return extraSubnets, nil
+		_, cidr, err := net.ParseCIDR(subnet)
-}
+		if err != nil {
 			return nil, fmt.Errorf("could not parse subnet %q from environment variable with key EXTRA_SUBNETS: %w", subnet, err)
 		} else if cidr == nil {
 			return nil, fmt.Errorf("parsing subnet %q resulted in a nil CIDR", subnet)
 		}
 		extraSubnets = append(extraSubnets, *cidr)
 	}
 	return extraSubnets, nil
 }
 // GetAllowedVPNInputPorts obtains a list of input ports to allow from the
 // VPN server side in the firewall, from the environment variable FIREWALL_VPN_INPUT_PORTS
 func (r *reader) GetVPNInputPorts() (ports []uint16, err error) {
 	s, err := r.envParams.GetEnv("FIREWALL_VPN_INPUT_PORTS", libparams.Default(""))
 	if err != nil {
 		return nil, err
 	}
 	if len(s) == 0 {
 		return nil, nil
 	}
 	portsStr := strings.Split(s, ",")
 	ports = make([]uint16, len(portsStr))
 	for i := range portsStr {
 		portInt, err := strconv.Atoi(portsStr[i])
 		if err != nil {
 			return nil, fmt.Errorf("VPN input port %q is not valid (%s)", portInt, err)
 		} else if portInt <= 0 || portInt > 65535 {
 			return nil, fmt.Errorf("VPN input port %d must be between 1 and 65535", portInt)
 		}
 		ports[i] = uint16(portInt)
 	}
 	return ports, nil
 }
 // GetFirewallDebug obtains if the firewall should run in debug verbose mode from the environment variable FIREWALL_DEBUG
 func (r *reader) GetFirewallDebug() (debug bool, err error) {
 	return r.envParams.GetOnOff("FIREWALL_DEBUG", libparams.Default("off"))
 }
--- a/internal/params/mullvad.go
+++ b/internal/params/mullvad.go
@@ -0,0 +1,34 @@
 package params
 import (
 	"github.com/qdm12/gluetun/internal/constants"
 	libparams "github.com/qdm12/golibs/params"
 )
 // GetMullvadCountry obtains the country for the Mullvad server from the
 // environment variable COUNTRY
 func (r *reader) GetMullvadCountry() (country string, err error) {
 	choices := append(constants.MullvadCountryChoices(), "")
 	return r.envParams.GetValueIfInside("COUNTRY", choices)
 }
 // GetMullvadCity obtains the city for the Mullvad server from the
 // environment variable CITY
 func (r *reader) GetMullvadCity() (country string, err error) {
 	choices := append(constants.MullvadCityChoices(), "")
 	return r.envParams.GetValueIfInside("CITY", choices)
 }
 // GetMullvadISP obtains the ISP for the Mullvad server from the
 // environment variable ISP
 func (r *reader) GetMullvadISP() (isp string, err error) {
 	choices := append(constants.MullvadISPChoices(), "")
 	return r.envParams.GetValueIfInside("ISP", choices)
 }
 // GetMullvadPort obtains the port to reach the Mullvad server on from the
 // environment variable PORT
 func (r *reader) GetMullvadPort() (port uint16, err error) {
 	n, err := r.envParams.GetEnvIntRange("PORT", 0, 65535, libparams.Default("0"))
 	return uint16(n), err
 }
--- a/internal/params/nordvpn.go
+++ b/internal/params/nordvpn.go
@@ -0,0 +1,23 @@
 package params
 import (
 	"github.com/qdm12/gluetun/internal/constants"
 	libparams "github.com/qdm12/golibs/params"
 )
 // GetNordvpnRegion obtains the region (country) for the NordVPN server from the
 // environment variable REGION
 func (r *reader) GetNordvpnRegion() (region string, err error) {
 	choices := append(constants.NordvpnRegionChoices(), "")
 	return r.envParams.GetValueIfInside("REGION", choices)
 }
 // GetNordvpnRegion obtains the server number (optional) for the NordVPN server from the
 // environment variable SERVER_NUMBER
 func (r *reader) GetNordvpnNumber() (number uint16, err error) {
 	n, err := r.envParams.GetEnvIntRange("SERVER_NUMBER", 0, 65535, libparams.Default("0"))
 	if err != nil {
 		return 0, err
 	}
 	return uint16(n), nil
 }
--- a/internal/params/openvpn.go
+++ b/internal/params/openvpn.go
@@ -1,13 +1,88 @@
-package params
+package params
-
+
-import (
+import (
-	libparams "github.com/qdm12/golibs/params"
+	"fmt"
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"net"
-)
+
-
+	"github.com/qdm12/gluetun/internal/models"
-// GetNetworkProtocol obtains the network protocol to use to connect to the
+	libparams "github.com/qdm12/golibs/params"
-// VPN servers from the environment variable PROTOCOL
+)
-func (p *paramsReader) GetNetworkProtocol() (protocol models.NetworkProtocol, err error) {
+
-	s, err := p.envParams.GetValueIfInside("PROTOCOL", []string{"tcp", "udp"}, libparams.Default("udp"))
+// GetUser obtains the user to use to connect to the VPN servers
-	return models.NetworkProtocol(s), err
+func (r *reader) GetUser() (s string, err error) {
-}
+	defer func() {
 		unsetenvErr := r.unsetEnv("USER")
 		if err == nil {
 			err = unsetenvErr
 		}
 	}()
 	return r.envParams.GetEnv("USER", libparams.CaseSensitiveValue(), libparams.Compulsory())
 }
 // GetPassword obtains the password to use to connect to the VPN servers
 func (r *reader) GetPassword(required bool) (s string, err error) {
 	defer func() {
 		unsetenvErr := r.unsetEnv("PASSWORD")
 		if err == nil {
 			err = unsetenvErr
 		}
 	}()
 	options := []libparams.GetEnvSetter{libparams.CaseSensitiveValue()}
 	if required {
 		options = append(options, libparams.Compulsory())
 	}
 	return r.envParams.GetEnv("PASSWORD", options...)
 }
 // GetNetworkProtocol obtains the network protocol to use to connect to the
 // VPN servers from the environment variable PROTOCOL
 func (r *reader) GetNetworkProtocol() (protocol models.NetworkProtocol, err error) {
 	s, err := r.envParams.GetValueIfInside("PROTOCOL", []string{"tcp", "udp"}, libparams.Default("udp"))
 	return models.NetworkProtocol(s), err
 }
 // GetOpenVPNVerbosity obtains the verbosity level for verbosity between 0 and 6
 // from the environment variable OPENVPN_VERBOSITY
 func (r *reader) GetOpenVPNVerbosity() (verbosity int, err error) {
 	return r.envParams.GetEnvIntRange("OPENVPN_VERBOSITY", 0, 6, libparams.Default("1"))
 }
 // GetOpenVPNRoot obtains if openvpn should be run as root
 // from the environment variable OPENVPN_ROOT
 func (r *reader) GetOpenVPNRoot() (root bool, err error) {
 	return r.envParams.GetYesNo("OPENVPN_ROOT", libparams.Default("no"))
 }
 // GetTargetIP obtains the IP address to override over the list of IP addresses filtered
 // from the environment variable OPENVPN_TARGET_IP
 func (r *reader) GetTargetIP() (ip net.IP, err error) {
 	s, err := r.envParams.GetEnv("OPENVPN_TARGET_IP")
 	if len(s) == 0 {
 		return nil, nil
 	} else if err != nil {
 		return nil, err
 	}
 	ip = net.ParseIP(s)
 	if ip == nil {
 		return nil, fmt.Errorf("target IP address %q is not valid", s)
 	}
 	return ip, nil
 }
 // GetOpenVPNCipher obtains a custom cipher to use with OpenVPN
 // from the environment variable OPENVPN_CIPHER
 func (r *reader) GetOpenVPNCipher() (cipher string, err error) {
 	return r.envParams.GetEnv("OPENVPN_CIPHER")
 }
 // GetOpenVPNAuth obtains a custom auth algorithm to use with OpenVPN
 // from the environment variable OPENVPN_AUTH
 func (r *reader) GetOpenVPNAuth() (auth string, err error) {
 	return r.envParams.GetEnv("OPENVPN_AUTH")
 }
 // GetOpenVPNIPv6 obtains if ipv6 should be tunneled through the
 // openvpn tunnel from the environment variable OPENVPN_IPV6
 func (r *reader) GetOpenVPNIPv6() (ipv6 bool, err error) {
 	return r.envParams.GetOnOff("OPENVPN_IPV6", libparams.Default("off"))
 }
--- a/internal/params/params.go
+++ b/internal/params/params.go
@@ -1,77 +1,149 @@
-package params
+package params
-
+
-import (
+import (
-	"net"
+	"net"
-	"os"
+	"os"
-
+	"time"
-	"github.com/qdm12/golibs/logging"
+
-	libparams "github.com/qdm12/golibs/params"
+	"github.com/qdm12/gluetun/internal/models"
-	"github.com/qdm12/golibs/verification"
+	"github.com/qdm12/golibs/files"
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/golibs/logging"
-)
+	libparams "github.com/qdm12/golibs/params"
-
+	"github.com/qdm12/golibs/verification"
-// ParamsReader contains methods to obtain parameters
+)
-type ParamsReader interface {
+
-	// DNS over TLS getters
+// Reader contains methods to obtain parameters
-	GetDNSOverTLS() (DNSOverTLS bool, err error)
+type Reader interface {
-	GetDNSOverTLSProviders() (providers []models.DNSProvider, err error)
+	GetVPNSP() (vpnServiceProvider models.VPNProvider, err error)
-	GetDNSOverTLSCaching() (caching bool, err error)
+
-	GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error)
+	// DNS over TLS getters
-	GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error)
+	GetDNSOverTLS() (DNSOverTLS bool, err error)
-	GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error)
+	GetDNSOverTLSProviders() (providers []models.DNSProvider, err error)
-	GetDNSMaliciousBlocking() (blocking bool, err error)
+	GetDNSOverTLSCaching() (caching bool, err error)
-	GetDNSSurveillanceBlocking() (blocking bool, err error)
+	GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error)
-	GetDNSAdsBlocking() (blocking bool, err error)
+	GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error)
-	GetDNSUnblockedHostnames() (hostnames []string, err error)
+	GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error)
-	GetDNSOverTLSPrivateAddresses() (privateAddresses []string)
+	GetDNSMaliciousBlocking() (blocking bool, err error)
-
+	GetDNSSurveillanceBlocking() (blocking bool, err error)
-	// Firewall getters
+	GetDNSAdsBlocking() (blocking bool, err error)
-	GetExtraSubnets() (extraSubnets []net.IPNet, err error)
+	GetDNSUnblockedHostnames() (hostnames []string, err error)
-
+	GetDNSOverTLSPrivateAddresses() (privateAddresses []string, err error)
-	// VPN getters
+	GetDNSOverTLSIPv6() (ipv6 bool, err error)
-	GetNetworkProtocol() (protocol models.NetworkProtocol, err error)
+	GetDNSUpdatePeriod() (period time.Duration, err error)
-
+	GetDNSPlaintext() (ip net.IP, err error)
-	// PIA getters
+	GetDNSKeepNameserver() (on bool, err error)
-	GetUser() (s string, err error)
+
-	GetPassword() (s string, err error)
+	// System
-	GetPortForwarding() (activated bool, err error)
+	GetUID() (uid int, err error)
-	GetPortForwardingStatusFilepath() (filepath models.Filepath, err error)
+	GetGID() (gid int, err error)
-	GetPIAEncryption() (models.PIAEncryption, error)
+	GetTimezone() (timezone string, err error)
-	GetPIARegion() (models.PIARegion, error)
+	GetIPStatusFilepath() (filepath models.Filepath, err error)
-
+
-	// Shadowsocks getters
+	// Firewall getters
-	GetShadowSocks() (activated bool, err error)
+	GetFirewall() (enabled bool, err error)
-	GetShadowSocksLog() (activated bool, err error)
+	GetExtraSubnets() (extraSubnets []net.IPNet, err error)
-	GetShadowSocksPort() (port uint16, err error)
+	GetVPNInputPorts() (ports []uint16, err error)
-	GetShadowSocksPassword() (password string, err error)
+	GetFirewallDebug() (debug bool, err error)
-
+
-	// Tinyproxy getters
+	// VPN getters
-	GetTinyProxy() (activated bool, err error)
+	GetUser() (s string, err error)
-	GetTinyProxyLog() (models.TinyProxyLogLevel, error)
+	GetPassword(required bool) (s string, err error)
-	GetTinyProxyPort() (port uint16, err error)
+	GetNetworkProtocol() (protocol models.NetworkProtocol, err error)
-	GetTinyProxyUser() (user string, err error)
+	GetOpenVPNVerbosity() (verbosity int, err error)
-	GetTinyProxyPassword() (password string, err error)
+	GetOpenVPNRoot() (root bool, err error)
-
+	GetTargetIP() (ip net.IP, err error)
-	// Version getters
+	GetOpenVPNCipher() (cipher string, err error)
-	GetVersion() string
+	GetOpenVPNAuth() (auth string, err error)
-	GetBuildDate() string
+	GetOpenVPNIPv6() (tunnel bool, err error)
-	GetVcsRef() string
+
-}
+	// PIA getters
-
+	GetPortForwarding() (activated bool, err error)
-type paramsReader struct {
+	GetPortForwardingStatusFilepath() (filepath models.Filepath, err error)
-	envParams libparams.EnvParams
+	GetPIAEncryptionPreset() (preset string, err error)
-	logger    logging.Logger
+	GetPIARegion() (region string, err error)
-	verifier  verification.Verifier
+	GetPIAOldRegion() (region string, err error)
-	unsetEnv  func(key string) error
+
-}
+	// Mullvad getters
-
+	GetMullvadCountry() (country string, err error)
-// NewParamsReader returns a paramsReadeer object to read parameters from
+	GetMullvadCity() (country string, err error)
-// environment variables
+	GetMullvadISP() (country string, err error)
-func NewParamsReader(logger logging.Logger) ParamsReader {
+	GetMullvadPort() (port uint16, err error)
-	return &paramsReader{
+
-		envParams: libparams.NewEnvParams(),
+	// Windscribe getters
-		logger:    logger,
+	GetWindscribeRegion() (country string, err error)
-		verifier:  verification.NewVerifier(),
+	GetWindscribePort(protocol models.NetworkProtocol) (port uint16, err error)
-		unsetEnv:  os.Unsetenv,
+
-	}
+	// Surfshark getters
-}
+	GetSurfsharkRegion() (country string, err error)
 	// Cyberghost getters
 	GetCyberghostGroup() (group string, err error)
 	GetCyberghostRegion() (region string, err error)
 	GetCyberghostClientKey() (clientKey string, err error)
 	// Vyprvpn getters
 	GetVyprvpnRegion() (region string, err error)
 	// NordVPN getters
 	GetNordvpnRegion() (region string, err error)
 	GetNordvpnNumber() (number uint16, err error)
 	// PureVPN getters
 	GetPurevpnRegion() (region string, err error)
 	GetPurevpnCountry() (country string, err error)
 	GetPurevpnCity() (city string, err error)
 	// Shadowsocks getters
 	GetShadowSocks() (activated bool, err error)
 	GetShadowSocksLog() (activated bool, err error)
 	GetShadowSocksPort() (port uint16, err error)
 	GetShadowSocksPassword() (password string, err error)
 	GetShadowSocksMethod() (method string, err error)
 	// Tinyproxy getters
 	GetTinyProxy() (activated bool, err error)
 	GetTinyProxyLog() (models.TinyProxyLogLevel, error)
 	GetTinyProxyPort() (port uint16, err error)
 	GetTinyProxyUser() (user string, err error)
 	GetTinyProxyPassword() (password string, err error)
 	// Public IP getters
 	GetPublicIPPeriod() (period time.Duration, err error)
 	GetVersionInformation() (enabled bool, err error)
 	GetUpdaterPeriod() (period time.Duration, err error)
 }
 type reader struct {
 	envParams   libparams.EnvParams
 	logger      logging.Logger
 	verifier    verification.Verifier
 	unsetEnv    func(key string) error
 	fileManager files.FileManager
 }
 // Newreader returns a paramsReadeer object to read parameters from
 // environment variables
 func NewReader(logger logging.Logger, fileManager files.FileManager) Reader {
 	return &reader{
 		envParams:   libparams.NewEnvParams(),
 		logger:      logger,
 		verifier:    verification.NewVerifier(),
 		unsetEnv:    os.Unsetenv,
 		fileManager: fileManager,
 	}
 }
 // GetVPNSP obtains the VPN service provider to use from the environment variable VPNSP
 func (r *reader) GetVPNSP() (vpnServiceProvider models.VPNProvider, err error) {
 	s, err := r.envParams.GetValueIfInside("VPNSP", []string{"pia", "private internet access", "private internet access old", "mullvad", "windscribe", "surfshark", "cyberghost", "vyprvpn", "nordvpn", "purevpn"})
 	if s == "pia" {
 		s = "private internet access"
 	}
 	return models.VPNProvider(s), err
 }
 func (r *reader) GetVersionInformation() (enabled bool, err error) {
 	return r.envParams.GetOnOff("VERSION_INFORMATION", libparams.Default("on"))
 }
--- a/internal/params/pia.go
+++ b/internal/params/pia.go
@@ -1,85 +1,71 @@
-package params
+package params
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"math/rand"
+
-
+	"github.com/qdm12/gluetun/internal/constants"
-	libparams "github.com/qdm12/golibs/params"
+	"github.com/qdm12/gluetun/internal/models"
-	"github.com/qdm12/private-internet-access-docker/internal/constants"
+	libparams "github.com/qdm12/golibs/params"
-	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
-)
+
-
+// GetPortForwarding obtains if port forwarding on the VPN provider server
-// GetUser obtains the user to use to connect to the VPN servers
+// side is enabled or not from the environment variable PORT_FORWARDING
-func (p *paramsReader) GetUser() (s string, err error) {
+// Only valid for older PIA servers for now
-	defer func() {
+func (r *reader) GetPortForwarding() (activated bool, err error) {
-		unsetenvErr := p.unsetEnv("USER")
+	s, err := r.envParams.GetEnv("PORT_FORWARDING", libparams.Default("off"))
-		if err == nil {
+	if err != nil {
-			err = unsetenvErr
+		return false, err
-		}
+	}
-	}()
+	// Custom for retro-compatibility
-	s, err = p.envParams.GetEnv("USER")
+	if s == "false" || s == "off" {
-	if err != nil {
+		return false, nil
-		return "", err
+	} else if s == "true" || s == "on" {
-	} else if len(s) == 0 {
+		return true, nil
-		return s, fmt.Errorf("USER environment variable cannot be empty")
+	}
-	}
+	return false, fmt.Errorf("PORT_FORWARDING can only be \"on\" or \"off\"")
-	return s, nil
+}
-}
+
-
+// GetPortForwardingStatusFilepath obtains the port forwarding status file path
-// GetPassword obtains the password to use to connect to the VPN servers
+// from the environment variable PORT_FORWARDING_STATUS_FILE
-func (p *paramsReader) GetPassword() (s string, err error) {
+func (r *reader) GetPortForwardingStatusFilepath() (filepath models.Filepath, err error) {
-	defer func() {
+	filepathStr, err := r.envParams.GetPath("PORT_FORWARDING_STATUS_FILE", libparams.Default("/tmp/gluetun/forwarded_port"), libparams.CaseSensitiveValue())
-		unsetenvErr := p.unsetEnv("PASSWORD")
+	return models.Filepath(filepathStr), err
-		if err == nil {
+}
-			err = unsetenvErr
+
-		}
+// GetPIAEncryptionPreset obtains the encryption level for the PIA connection
-	}()
+// from the environment variable PIA_ENCRYPTION, and using ENCRYPTION for
-	s, err = p.envParams.GetEnv("PASSWORD")
+// retro compatibility
-	if err != nil {
+func (r *reader) GetPIAEncryptionPreset() (preset string, err error) {
-		return "", err
+	// Retro-compatibility
-	} else if len(s) == 0 {
+	s, err := r.envParams.GetValueIfInside("ENCRYPTION", []string{
-		return s, fmt.Errorf("PASSWORD environment variable cannot be empty")
+		constants.PIAEncryptionPresetNormal,
-	}
+		constants.PIAEncryptionPresetStrong,
-	return s, nil
+		""})
-}
+	if err != nil {
-
+		return "", err
-// GetPortForwarding obtains if port forwarding on the VPN provider server
+	} else if len(s) != 0 {
-// side is enabled or not from the environment variable PORT_FORWARDING
+		r.logger.Warn("You are using the old environment variable ENCRYPTION, please consider changing it to PIA_ENCRYPTION")
-func (p *paramsReader) GetPortForwarding() (activated bool, err error) {
+		return s, nil
-	s, err := p.envParams.GetEnv("PORT_FORWARDING", libparams.Default("off"))
+	}
-	if err != nil {
+	return r.envParams.GetValueIfInside(
-		return false, err
+		"PIA_ENCRYPTION",
-	}
+		[]string{
-	// Custom for retro-compatibility
+			constants.PIAEncryptionPresetNormal,
-	if s == "false" || s == "off" {
+			constants.PIAEncryptionPresetStrong,
-		return false, nil
+		},
-	} else if s == "true" || s == "on" {
+		libparams.Default(constants.PIAEncryptionPresetStrong))
-		return true, nil
+}
-	}
+
-	return false, fmt.Errorf("PORT_FORWARDING can only be \"on\" or \"off\"")
+// GetPIARegion obtains the region for the PIA server from the
-}
+// environment variable REGION
-
+func (r *reader) GetPIARegion() (region string, err error) {
-// GetPortForwardingStatusFilepath obtains the port forwarding status file path
+	choices := append(constants.PIAGeoChoices(), "")
-// from the environment variable PORT_FORWARDING_STATUS_FILE
+	return r.envParams.GetValueIfInside("REGION", choices)
-func (p *paramsReader) GetPortForwardingStatusFilepath() (filepath models.Filepath, err error) {
+}
-	filepathStr, err := p.envParams.GetPath("PORT_FORWARDING_STATUS_FILE", libparams.Default("/forwarded_port"))
+
-	return models.Filepath(filepathStr), err
+// GetPIAOldRegion obtains the region for the PIA server from the
-}
+// environment variable REGION
-
+func (r *reader) GetPIAOldRegion() (region string, err error) {
-// GetPIAEncryption obtains the encryption level for the PIA connection
+	choices := append(constants.PIAOldGeoChoices(), "")
-// from the environment variable ENCRYPTION
+	return r.envParams.GetValueIfInside("REGION", choices)
-func (p *paramsReader) GetPIAEncryption() (models.PIAEncryption, error) {
+}
 	s, err := p.envParams.GetValueIfInside("ENCRYPTION", []string{"normal", "strong"}, libparams.Default("strong"))
 	return models.PIAEncryption(s), err
 }
 // GetPIARegion obtains the region for the PIA server from the
 // environment variable REGION
 func (p *paramsReader) GetPIARegion() (region models.PIARegion, err error) {
 	choices := constants.PIAGeoChoices()
 	s, err := p.envParams.GetValueIfInside("REGION", choices)
 	if len(s) == 0 { // Suggestion by @rorph https://github.com/rorph
 		s = choices[rand.Int()%len(choices)]
 	}
 	return models.PIARegion(s), err
 }
--- a/internal/params/publicip.go
+++ b/internal/params/publicip.go
@@ -0,0 +1,17 @@
 package params
 import (
 	"time"
 	libparams "github.com/qdm12/golibs/params"
 )
 // GetPublicIPPeriod obtains the period to fetch the IP address periodically.
 // Set to 0 to disable
 func (r *reader) GetPublicIPPeriod() (period time.Duration, err error) {
 	s, err := r.envParams.GetEnv("PUBLICIP_PERIOD", libparams.Default("12h"))
 	if err != nil {
 		return 0, err
 	}
 	return time.ParseDuration(s)
 }
--- a/Show More
+++ b/Show More