fix(version): log last release by tag name alphabetically instead of date

by not restricting the destination address to 127.0.0.1

cmd/gluetun/main.go

@@ -331,11 +331,15 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 	}
 
 	const tunDevice = "/dev/net/tun"
-	if err := tun.Check(tunDevice); err != nil {
+	err = tun.Check(tunDevice)
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			return fmt.Errorf("checking TUN device: %w (see the Wiki errors/tun page)", err)
+		}
 		logger.Info(err.Error() + "; creating it...")
 		err = tun.Create(tunDevice)
 		if err != nil {
-			return err
+			return fmt.Errorf("creating tun device: %w", err)
 		}
 	}
 

go.mod

@@ -3,7 +3,7 @@ module github.com/qdm12/gluetun
 go 1.21
 
 require (
-	github.com/breml/rootcerts v0.2.14
+	github.com/breml/rootcerts v0.2.17
 	github.com/fatih/color v1.16.0
 	github.com/golang/mock v1.6.0
 	github.com/klauspost/compress v1.17.4

go.sum

@@ -4,8 +4,8 @@ github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/g
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/breml/rootcerts v0.2.14 h1:Bu0Ullru+/GTr/S582LCzP1P57WgncIEFylXkBBXgEI=
-github.com/breml/rootcerts v0.2.14/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
+github.com/breml/rootcerts v0.2.17 h1:0/M2BE2Apw0qEJCXDOkaiu7d5Sx5ObNfe1BkImJ4u1I=
+github.com/breml/rootcerts v0.2.17/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

internal/configuration/settings/openvpnselection.go

@@ -45,7 +45,6 @@ func (o OpenVPNSelection) validate(vpnProvider string) (err error) {
 		providers.Ipvanish,
 		providers.Perfectprivacy,
 		providers.Privado,
-		providers.VPNUnlimited,
 		providers.Vyprvpn,
 	) {
 		return fmt.Errorf("%w: for VPN service provider %s",

internal/configuration/sources/env/serverselection.go

@@ -55,14 +55,14 @@ func (s *Source) readServerSelection(vpnProvider, vpnType string) (
 		return ss, err
 	}
 
-	// VPNUnlimited only
+	// Surfshark only
 	ss.MultiHopOnly, err = s.env.BoolPtr("MULTIHOP_ONLY")
 	if err != nil {
 		return ss, err
 	}
 
 	// VPNUnlimited only
-	ss.MultiHopOnly, err = s.env.BoolPtr("STREAM_ONLY")
+	ss.StreamOnly, err = s.env.BoolPtr("STREAM_ONLY")
 	if err != nil {
 		return ss, err
 	}

internal/firewall/iptables.go

@@ -211,9 +211,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string,
 	}
 
 	err = c.runIptablesInstructions(ctx, []string{
-		fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p tcp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
-		fmt.Sprintf("-t nat %s PREROUTING %s -d 127.0.0.1 -p udp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
 	})
 	if err != nil {
@@ -222,9 +222,9 @@ func (c *Config) redirectPort(ctx context.Context, intf string,
 	}
 
 	err = c.runIP6tablesInstructions(ctx, []string{
-		fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p tcp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p tcp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
-		fmt.Sprintf("-t nat %s PREROUTING %s -d ::1 -p udp --dport %d -j REDIRECT --to-ports %d",
+		fmt.Sprintf("-t nat %s PREROUTING %s -p udp --dport %d -j REDIRECT --to-ports %d",
 			appendOrDelete(remove), interfaceFlag, sourcePort, destinationPort),
 	})
 	if err != nil {

internal/models/markdown.go

@@ -120,7 +120,7 @@ func getMarkdownHeaders(vpnProvider string) (headers []string) {
 	case providers.Mullvad:
 		return []string{countryHeader, cityHeader, ispHeader, ownedHeader, hostnameHeader, vpnHeader}
 	case providers.Nordvpn:
-		return []string{countryHeader, regionHeader, cityHeader, hostnameHeader}
+		return []string{countryHeader, regionHeader, cityHeader, hostnameHeader, vpnHeader}
 	case providers.Perfectprivacy:
 		return []string{cityHeader, tcpHeader, udpHeader}
 	case providers.Privado:
@@ -136,7 +136,8 @@ func getMarkdownHeaders(vpnProvider string) (headers []string) {
 	case providers.SlickVPN:
 		return []string{regionHeader, countryHeader, cityHeader, hostnameHeader}
 	case providers.Surfshark:
-		return []string{regionHeader, countryHeader, cityHeader, hostnameHeader, multiHopHeader, tcpHeader, udpHeader}
+		return []string{regionHeader, countryHeader, cityHeader, hostnameHeader,
+			vpnHeader, multiHopHeader, tcpHeader, udpHeader}
 	case providers.Torguard:
 		return []string{countryHeader, cityHeader, hostnameHeader, tcpHeader, udpHeader}
 	case providers.VPNSecure:

internal/netlink/ipv6.go

@@ -14,16 +14,21 @@ func (n *NetLink) IsIPv6Supported() (supported bool, err error) {
 	// as IPv6 routes at container start, see:
 	// https://github.com/qdm12/gluetun/issues/1241#issuecomment-1333405949
 	for _, route := range routes {
+		link, err := n.LinkByIndex(route.LinkIndex)
+		if err != nil {
+			return false, fmt.Errorf("finding link corresponding to route: %w", err)
+		}
+
 		sourceIsIPv6 := route.Src.IsValid() && route.Src.Is6()
 		destinationIsIPv6 := route.Dst.IsValid() && route.Dst.Addr().Is6()
-		if sourceIsIPv6 || destinationIsIPv6 {
-			link, err := n.LinkByIndex(route.LinkIndex)
-			if err != nil {
-				return false, fmt.Errorf("finding IPv6 supported link: %w", err)
-			}
-			n.debugLogger.Debugf("IPv6 is supported by link %s", link.Name)
-			return true, nil
+		switch {
+		case !sourceIsIPv6 && !destinationIsIPv6,
+			destinationIsIPv6 && route.Dst.Addr().IsLoopback():
+			continue
 		}
+
+		n.debugLogger.Debugf("IPv6 is supported by link %s", link.Name)
+		return true, nil
 	}
 
 	n.debugLogger.Debugf("IPv6 is not supported after searching %d routes",

internal/openvpn/extract/extract.go

@@ -18,6 +18,11 @@ var (
 func extractDataFromLines(lines []string) (
 	connection models.Connection, err error) {
 	for i, line := range lines {
+		hashSymbolIndex := strings.Index(line, "#")
+		if hashSymbolIndex >= 0 {
+			line = line[:hashSymbolIndex]
+		}
+
 		ip, port, protocol, err := extractDataFromLine(line)
 		if err != nil {
 			return connection, fmt.Errorf("on line %d: %w", i+1, err)
@@ -64,6 +69,13 @@ func extractDataFromLine(line string) (
 			return ip, 0, "", fmt.Errorf("extracting from remote line: %w", err)
 		}
 		return ip, port, protocol, nil
+
+	case strings.HasPrefix(line, "port "):
+		port, err = extractPort(line)
+		if err != nil {
+			return ip, 0, "", fmt.Errorf("extracting from port line: %w", err)
+		}
+		return ip, port, "", nil
 	}
 
 	return ip, 0, "", nil
@@ -133,3 +145,25 @@ func extractRemote(line string) (ip netip.Addr, port uint16,
 
 	return ip, port, protocol, nil
 }
+
+var (
+	errPostLineFieldsCount = errors.New("post line has not 2 fields as expected")
+)
+
+func extractPort(line string) (port uint16, err error) {
+	fields := strings.Fields(line)
+	const expectedFieldsCount = 2
+	if len(fields) != expectedFieldsCount {
+		return 0, fmt.Errorf("%w: %s", errPostLineFieldsCount, line)
+	}
+
+	portInt, err := strconv.Atoi(fields[1])
+	if err != nil {
+		return 0, fmt.Errorf("%w: %s", errPortNotValid, line)
+	} else if portInt < 1 || portInt > 65535 {
+		return 0, fmt.Errorf("%w: %d must be between 1 and 65535", errPortNotValid, portInt)
+	}
+	port = uint16(portInt)
+
+	return port, nil
+}

internal/openvpn/extract/extract_test.go

@@ -118,6 +118,14 @@ func Test_extractDataFromLine(t *testing.T) {
 			port:     1194,
 			protocol: constants.UDP,
 		},
+		"extract_port_fail": {
+			line:  "port a",
+			isErr: errPortNotValid,
+		},
+		"extract_port_success": {
+			line: "port 1194",
+			port: 1194,
+		},
 	}
 
 	for name, testCase := range testCases {

internal/provider/airvpn/openvpnconf.go

@@ -11,12 +11,15 @@ import (
 
 func (p *Provider) OpenVPNConfig(connection models.Connection,
 	settings settings.OpenVPN, ipv6Supported bool) (lines []string) {
+	const defaultMTU = 1320               // see https://github.com/qdm12/gluetun/issues/1650#issuecomment-1988298206
+	const defaultMSSFix = defaultMTU - 28 // 28 bytes of IPv4 UDP header size
 	providerSettings := utils.OpenVPNProviderSettings{
 		AuthUserPass:  true,
 		RemoteCertTLS: true,
 		Auth:          openvpn.SHA512,
 		CAs:           []string{"MIIGVjCCBD6gAwIBAgIJAIzYQ+/kXyADMA0GCSqGSIb3DQEBDQUAMHkxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJJVDEQMA4GA1UEBxMHUGVydWdpYTETMBEGA1UEChMKYWlydnBuLm9yZzEWMBQGA1UEAxMNYWlydnBuLm9yZyBDQTEeMBwGCSqGSIb3DQEJARYPaW5mb0BhaXJ2cG4ub3JnMCAXDTIxMTAwNjExNTQ0OFoYDzIxMjEwOTEyMTE1NDQ4WjB5MQswCQYDVQQGEwJJVDELMAkGA1UECBMCSVQxEDAOBgNVBAcTB1BlcnVnaWExEzARBgNVBAoTCmFpcnZwbi5vcmcxFjAUBgNVBAMTDWFpcnZwbi5vcmcgQ0ExHjAcBgkqhkiG9w0BCQEWD2luZm9AYWlydnBuLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMYbdmsls/rU82MZziaNPHRMuRSM/shdnfCek+PAX+XAr2ceBGqg8vQpj8AEm7MxWIPwKG3C2E19zs+4nu9I+03ziVIngkaZPG9mQ14tAtmy7UV/zw5xKmNbkSsEzTmJUF4Xz+WPBpqOAV9uCin1b9QrnIyOLiqCrkofHFeqwHxHisJ4WlYeg1PAWO9eG1XIyBeJP1cCH+8FiKbTbWbyieKjgrjyrthFnipTyC8Tv2HkzSCaIiW3q/W9pmyTD1yogFsJh58Yyy8FGTbHzbgKE9/oVrMzACdAey4Ee3p5cABG98UMENqfM8eVFKII/ol7pWh38w/J6mJNmCOCTZXFhRzWiE3EQQbM8ZNrJ43MslSV2i4/gH62MnReXLfT7C+VqEAOWqO3PcIZCYoyPtu1mN35SjrUHuBq7liJdH8g7tmkUAI8JklJuvAWzqu30p7CqTzOyV9UiujygOd1dGRWxr9zxCZ3pkTtX6gwaXY6CB1Y4uWYMSOTK3PH4HDaxJJqUlEBCY5A7xXRqc4jqMZgu5TaOcUOyepIe7AgrXXFvqIeaHs42xEtS1D53rhPMHTTDYzR8K8apQinQ36V/uexkqwRxTTw6gdBhS7BfvlkQ5g1JkmuoBeiFxd1VQeqBGUlESt9KSNwYwzTKqMeS+ilycEhFcoxhMNVe/NElujImJWlAgMBAAGjgd4wgdswHQYDVR0OBBYEFOUV1xOonjHj0TDX8R/04mPSUMiIMIGrBgNVHSMEgaMwgaCAFOUV1xOonjHj0TDX8R/04mPSUMiIoX2kezB5MQswCQYDVQQGEwJJVDELMAkGA1UECBMCSVQxEDAOBgNVBAcTB1BlcnVnaWExEzARBgNVBAoTCmFpcnZwbi5vcmcxFjAUBgNVBAMTDWFpcnZwbi5vcmcgQ0ExHjAcBgkqhkiG9w0BCQEWD2luZm9AYWlydnBuLm9yZ4IJAIzYQ+/kXyADMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAL76hAC3X5/ZR3q6iIIkfU4PuIAknES2gkgThV6QGCPIf6Lz1FRZNmR6tcJ5Jqlxq5tJDb6ImgU1swu+xoaVw8Fj2idxHVMPZqEoV3+/H2FB3fZnawZ4ftqf0qhs59oaMOijo6hnFf+nLosW/b8WDg8QXXDcBJ7IJlDaC3p0WAK7iNGHZFe54GVGyQLCsGbNpSMamSOV+B2pC8YrQ+RehKIxxij01EHFxBkcIRj4hH1a6gZ1mcmavzeweT2DfSmFJK5EHR8JeEG0TnwH+AACXuuh2NAeD1hWQNoaUShl06l9E3tJC+RlyilsjFx2ULfJQsm2z5Dmlm9gJ8+ESf4CzdWJBytxxKWmOFznzT9XnjiFJsfiIaNgs3yBg9QvQuUAYSzsUQ+V/hSbzSRQ9SmOClZ0OnFfMeE0hL7UJmp2WCGserqUWtd71hUEe+QOtIZ64BJwDIbRB7tvg/I3KdAARNA38HfX60m1qUXeZe/t7ysD68ttuxrKLRPAK2aEWtQrSJcc452e0Zjw0XUeZtq/9VZlqheuUe3S7RLdbmRGlAWMUOxlA+FLt6AehjYlWNyajEZhPKFiEwE3Uy9P+0K7sxzk1Aw5S6eScKY66zBX/1sgv6l2PrTjow/BqXkwGAtgkCQyVE0SWru59zzXbBLV1/qex6OalILYOpAZSgiC1FVd"}, //nolint:lll
 		TLSCrypt:      "a3a7d8f4e778d279d9076a8d47a9aa0c6054aed5752ddefa5efac1ea982740f1ffcabadf0d3709dae18c1fad61e14f72a8eb7cb931ed0209e67c1d325353a657a1198ef649f1c23861a2a19f2c6b27aa5e43be761e0c71e9c2e8d33b75af289effb1b1e4ec603d865f74e2b4348ff631c5c81202d90003ed263dca4022aa9861520e00cc26e40fa171b9985a2763ccb4c63560b7e6b0f897978fb25a2d5889cd6d46a29509fa09830aff18d6e81a8dc1a0182402e3039c3316180e618705ca35f2763f8a62ca5983d145faa2276532ae5e18459a0b729dc67f41b928e592b39467ec3d79c70205595718b1bce56ca4ff58e692ce09c8282d2770d2bf5c217c06",                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   //nolint:lll
+		MssFix:        defaultMSSFix,
 		ExtraLines: []string{
 			"comp-lzo no", // Explicitly disable compression
 			"push-peer-info",

internal/provider/custom/connection.go

@@ -40,16 +40,28 @@ func getOpenVPNConnection(extractor Extractor,
 		connection.Port = customPort
 	}
 
+	if len(selection.Names) > 0 {
+		// Set the server name for PIA port forwarding code used
+		// together with the custom provider.
+		connection.ServerName = selection.Names[0]
+	}
+
 	return connection, nil
 }
 
 func getWireguardConnection(selection settings.ServerSelection) (
 	connection models.Connection) {
-	return models.Connection{
+	connection = models.Connection{
 		Type:     vpn.Wireguard,
 		IP:       selection.Wireguard.EndpointIP,
 		Port:     *selection.Wireguard.EndpointPort,
 		Protocol: constants.UDP,
 		PubKey:   selection.Wireguard.PublicKey,
 	}
+	if len(selection.Names) > 0 {
+		// Set the server name for PIA port forwarding code used
+		// together with the custom provider.
+		connection.ServerName = selection.Names[0]
+	}
+	return connection
 }

internal/provider/privado/updater/servers.go

@@ -13,7 +13,7 @@ import (
 
 func (u *Updater) FetchServers(ctx context.Context, minServers int) (
 	servers []models.Server, err error) {
-	const url = "https://privado.io/apps/ovpn_configs.zip"
+	const url = "https://privadovpn.com/apps/ovpn_configs.zip"
 	contents, err := u.unzipper.FetchAndExtract(ctx, url)
 	if err != nil {
 		return nil, err

internal/provider/privatevpn/updater/servers.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/qdm12/gluetun/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants/vpn"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/provider/common"
 	"github.com/qdm12/gluetun/internal/updater/openvpn"
@@ -64,6 +65,7 @@ func (u *Updater) FetchServers(ctx context.Context, minServers int) (
 			continue
 		}
 		server := models.Server{
+			VPN:     vpn.OpenVPN,
 			Country: country,
 			City:    city,
 			IPs:     ips,

internal/provider/surfshark/servers/locationdata.go

@@ -41,7 +41,6 @@ func LocationData() (data []ServerLocation) {
 		{Region: "Asia Pacific", Country: "Malaysia", City: "Kuala Lumpur", RetroLoc: "Malaysia", Hostname: "my-kul.prod.surfshark.com", MultiHop: false},
 		{Region: "Asia Pacific", Country: "New Zealand", City: "Auckland", RetroLoc: "New Zealand", Hostname: "nz-akl.prod.surfshark.com", MultiHop: false},
 		{Region: "Asia Pacific", Country: "Philippines", City: "Manila", RetroLoc: "Philippines", Hostname: "ph-mnl.prod.surfshark.com", MultiHop: false},
-		{Region: "Asia Pacific", Country: "Singapore in", City: "", RetroLoc: "Singapore in", Hostname: "sg-in.prod.surfshark.com", MultiHop: true},
 		{Region: "Asia Pacific", Country: "Singapore", City: "Singapore", RetroLoc: "Singapore mp001", Hostname: "sg-sng-mp001.prod.surfshark.com", MultiHop: false},
 		{Region: "Asia Pacific", Country: "Singapore", City: "Singapore", Hostname: "sg-sng-st005.prod.surfshark.com"},
 		{Region: "Asia Pacific", Country: "Singapore", City: "Singapore", Hostname: "sg-sng-st006.prod.surfshark.com"},
@@ -80,7 +79,6 @@ func LocationData() (data []ServerLocation) {
 		{Region: "Europe", Country: "Greece", City: "Athens", RetroLoc: "Greece", Hostname: "gr-ath.prod.surfshark.com", MultiHop: false},
 		{Region: "Europe", Country: "Hungary", City: "Budapest", RetroLoc: "Hungary", Hostname: "hu-bud.prod.surfshark.com", MultiHop: false},
 		{Region: "Europe", Country: "Iceland", City: "Reykjavik", RetroLoc: "Iceland", Hostname: "is-rkv.prod.surfshark.com", MultiHop: false},
-		{Region: "Europe", Country: "India UK", City: "", RetroLoc: "India UK", Hostname: "in-uk.prod.surfshark.com", MultiHop: true},
 		{Region: "Europe", Country: "Ireland", City: "Dublin", RetroLoc: "Ireland", Hostname: "ie-dub.prod.surfshark.com", MultiHop: false},
 		{Region: "Europe", Country: "Italy", City: "Milan", RetroLoc: "Italy Milan", Hostname: "it-mil.prod.surfshark.com", MultiHop: false},
 		{Region: "Europe", Country: "Italy", City: "Rome", RetroLoc: "Italy Rome", Hostname: "it-rom.prod.surfshark.com", MultiHop: false},
@@ -129,7 +127,6 @@ func LocationData() (data []ServerLocation) {
 		{Region: "The Americas", Country: "Chile", City: "Santiago", RetroLoc: "Chile", Hostname: "cl-san.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "Colombia", City: "Bogota", RetroLoc: "Colombia", Hostname: "co-bog.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "Costa Rica", City: "San Jose", RetroLoc: "Costa Rica", Hostname: "cr-sjn.prod.surfshark.com", MultiHop: false},
-		{Region: "The Americas", Country: "Mexico", City: "Mexico City", RetroLoc: "Mexico City Mexico", Hostname: "mx-mex.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Atlanta", RetroLoc: "US Atlanta", Hostname: "us-atl.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Bend", RetroLoc: "US Bend", Hostname: "us-bdn.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Boston", RetroLoc: "US Boston", Hostname: "us-bos.prod.surfshark.com", MultiHop: false},
@@ -152,13 +149,10 @@ func LocationData() (data []ServerLocation) {
 		{Region: "The Americas", Country: "United States", City: "New York", RetroLoc: "US New York City st004", Hostname: "us-nyc-st004.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "New York", RetroLoc: "US New York City st005", Hostname: "us-nyc-st005.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "New York", RetroLoc: "US New York City", Hostname: "us-nyc.prod.surfshark.com", MultiHop: false},
-		{Region: "The Americas", Country: "United States", City: "Orlando", RetroLoc: "US Orlando", Hostname: "us-orl.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Phoenix", RetroLoc: "US Phoenix", Hostname: "us-phx.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Salt Lake City", RetroLoc: "US Salt Lake City", Hostname: "us-slc.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "San Francisco", RetroLoc: "US San Francisco mp001", Hostname: "us-sfo-mp001.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "San Francisco", RetroLoc: "US San Francisco", Hostname: "us-sfo.prod.surfshark.com", MultiHop: false},
 		{Region: "The Americas", Country: "United States", City: "Seattle", RetroLoc: "US Seatle", Hostname: "us-sea.prod.surfshark.com", MultiHop: false},
-		{Region: "The Americas", Country: "United States", City: "St. Louis", RetroLoc: "US Saint Louis", Hostname: "us-stl.prod.surfshark.com", MultiHop: false},
-		{Region: "The Americas", Country: "United States", City: "Tampa", RetroLoc: "US Tampa", Hostname: "us-tpa.prod.surfshark.com", MultiHop: false},
 	}
 }

internal/provider/torguard/openvpnconf.go

@@ -13,18 +13,18 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
 		RemoteCertTLS: true,
 		AuthUserPass:  true,
 		Ciphers: []string{
-			openvpn.AES256gcm,
+			openvpn.AES256gcm, // In case the OpenVPN server accepts it
+			openvpn.AES128gcm, // For OpenVPN 2.6, see https://github.com/qdm12/gluetun/issues/2271#issuecomment-2103349935
+			openvpn.AES128cbc, // For OpenVPN 2.5, see https://github.com/qdm12/gluetun/issues/2271#issuecomment-2103349935
 		},
-		Auth:          openvpn.SHA256,
-		MssFix:        1450,   //nolint:gomnd
-		TunMTUExtra:   32,     //nolint:gomnd
-		SndBuf:        393216, //nolint:gomnd
-		RcvBuf:        393216, //nolint:gomnd
-		Ping:          5,      //nolint:gomnd
-		RenegDisabled: true,
-		KeyDirection:  "1",
-		CAs:           []string{"MIIDMTCCAhmgAwIBAgIJAKnGGJK6qLqSMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCVRHLVZQTi1DQTAgFw0xOTA1MjExNDIzMTFaGA8yMDU5MDUxMTE0MjMxMVowFDESMBAGA1UEAwwJVEctVlBOLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv0UgPD3xVAvhhP6q1HCmeAWbH+9HPkyQ2P6qM5oHY5dntjmq8YT48FZGHWv7+s9O47v6Bv7rEc4UwQx15cc2LByivX2JwmE8JACvNfwEnZXYAPq9WU3ZgRrAGvA09ItuLqK2fQ4A7h8bFhmyxCbSzP1sSIT/zJY6ebuh5rDQSMJRMaoI0t1zorEZ7PlEmh+o0w5GPs0D0vY50UcnEzB4GOdWC9pJREwEqppWYLN7RRdG8JyIqmA59mhARCnQFUo38HWic4trxFe71jtD7YInNV7ShQtg0S0sXo36Rqfz72Jo08qqI70dNs5DN1aGNkQ/tRK9DhL5DLmTkaCw7mEFQIDAQABo4GDMIGAMB0GA1UdDgQWBBR7DcymXBp6u/jAaZOPUjUhEyhXfjBEBgNVHSMEPTA7gBR7DcymXBp6u/jAaZOPUjUhEyhXfqEYpBYwFDESMBAGA1UEAwwJVEctVlBOLUNBggkAqcYYkrqoupIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE79ngbdSlP7IBbfnJ+2Ju7vqt9/GyhcsYtjibp6gsMUxKlD8HuvlSGj5kNO5wiwN7XXqsjYtJfdhmzzVbXksi8Fnbnfa8GhFl4IAjLJ5cxaWOxjr6wx2AhIs+BVVARjaU7iTK91RXJnl6u7UDHTkQylBTl7wgpMeG6GjhaHfcOL1t7D2w8x23cTO+p+n53P3cBq+9TiAUORdzXJvbCxlPMDSDArsgBjC57W7dtdnZo7gTfQG77JTDFBeSwPwLF7PjBB4S6rzU/4fcYwy83XKP6zDn9tgUJDnpFb/7jJ/PbNkK4BWYJp3XytOtt66v9SEKw+v/fJ+VkjU16vE/9Q3h4="}, //nolint:lll
-		TLSAuth:       "770e8de5fc56e0248cc7b5aab56be80d0e19cbf003c1b3ed68efbaf08613c3a1a019dac6a4b84f13a6198f73229ffc21fa512394e288f82aa2cf0180f01fb3eb1a71e00a077a20f6d7a83633f5b4f47f27e30617eaf8485dd8c722a8606d56b3c183f65da5d3c9001a8cbdb96c793d936251098b24fe52a6dd2472e98cfccbc466e63520d63ade7a0eacc36208c3142a1068236a52142fbb7b3ed83d785e12a28261bccfb3bcb62a8d2f6d18f5df5f3652e59c5627d8d9c8f7877c4d7b08e19a5c363556ba68d392be78b75152dd55ba0f74d45089e84f77f4492d886524ea6c82b9f4dd83d46528d4f5c3b51cfeaf2838d938bd0597c426b0e440434f2c451f",                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   //nolint:lll
+		Auth:         openvpn.SHA256,
+		TunMTUExtra:  32, //nolint:gomnd
+		KeyDirection: "1",
+		CAs: []string{
+			"MIIDMTCCAhmgAwIBAgIJAKnGGJK6qLqSMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCVRHLVZQTi1DQTAgFw0xOTA1MjExNDIzMTFaGA8yMDU5MDUxMTE0MjMxMVowFDESMBAGA1UEAwwJVEctVlBOLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv0UgPD3xVAvhhP6q1HCmeAWbH+9HPkyQ2P6qM5oHY5dntjmq8YT48FZGHWv7+s9O47v6Bv7rEc4UwQx15cc2LByivX2JwmE8JACvNfwEnZXYAPq9WU3ZgRrAGvA09ItuLqK2fQ4A7h8bFhmyxCbSzP1sSIT/zJY6ebuh5rDQSMJRMaoI0t1zorEZ7PlEmh+o0w5GPs0D0vY50UcnEzB4GOdWC9pJREwEqppWYLN7RRdG8JyIqmA59mhARCnQFUo38HWic4trxFe71jtD7YInNV7ShQtg0S0sXo36Rqfz72Jo08qqI70dNs5DN1aGNkQ/tRK9DhL5DLmTkaCw7mEFQIDAQABo4GDMIGAMB0GA1UdDgQWBBR7DcymXBp6u/jAaZOPUjUhEyhXfjBEBgNVHSMEPTA7gBR7DcymXBp6u/jAaZOPUjUhEyhXfqEYpBYwFDESMBAGA1UEAwwJVEctVlBOLUNBggkAqcYYkrqoupIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE79ngbdSlP7IBbfnJ+2Ju7vqt9/GyhcsYtjibp6gsMUxKlD8HuvlSGj5kNO5wiwN7XXqsjYtJfdhmzzVbXksi8Fnbnfa8GhFl4IAjLJ5cxaWOxjr6wx2AhIs+BVVARjaU7iTK91RXJnl6u7UDHTkQylBTl7wgpMeG6GjhaHfcOL1t7D2w8x23cTO+p+n53P3cBq+9TiAUORdzXJvbCxlPMDSDArsgBjC57W7dtdnZo7gTfQG77JTDFBeSwPwLF7PjBB4S6rzU/4fcYwy83XKP6zDn9tgUJDnpFb/7jJ/PbNkK4BWYJp3XytOtt66v9SEKw+v/fJ+VkjU16vE/9Q3h4=",                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             //nolint:lll
+			"MIIFwjCCA6qgAwIBAgIRAPqbeSF13PE019f4UOUhbx8wDQYJKoZIhvcNAQENBQAwPTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUgUm9vdCBDQSAxIDIwMjAwIBcNMjMwNjI1MTM0ODU2WhgPMjA1MzA2MTcxMzQ4NTZaMD0xETAPBgNVBAoMCFRvckd1YXJkMSgwJgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1Z1zrVEDLc8DUUFsCGz0H3fOi+YVGeuHsmNvIlKDnLpXqPkKjfcFOxs1pwMNYr8fBBkBct9W2oh1G1DxYLfjM1K8hlZNY1fvRs6mRFAX/nj+poK0gT5n0uTD0vQ5j/AqHO2wXCQm1xa2lUb7WrIt0ixKpgglRCeZwTXV2p7f9JZUI+ORX0B1zrV83e1ruefK+RCd3vf2UKurvz+sm0DS8xAC4LBX8xh1kk7MiAsK3a1mTufHpYmjAyS736yi+1rSCDEb7hBI3QXAGVwRFrGofHhR409XfB7aYwJela+bxRW44UD5az0uaeBM0GJcexH1fwi9F7ExAdR0kwWbJYX70S1F8es0Ik1ZpsLo2UEHc2/ueQMfpaLUL4kWfZOKNWWFSSbXR1YxPHitBSH638v4GfyNadBtG8UpVZ0dpsR/3VDoWH+WmowmlwhOAr5S/qt/iXf+/l8aHh4E/5AN4yTM1cCX+5LnKFCfJoWaxShI3TKi6Iw/80JWfAXAV52OKErRRuQ2YM+sQnJu+0vlW3oeNSQD2JwvSs0RD0zMC6Q6kCQXuDXyogS5K9qBlMt7UKDfZgaNnfiYvHjDh1XeQDN2hWUm0fTf14SCz4Lo8uE+CfnJHjU3zwk4GLvF8cs8RXhf8uZ5V/QHLxX9tK7FmLiTD8q1/U2tuzNlHgJURt8beGkCAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUM5sAY05zw9+2R6IdqRB5uRRmxpkwdQYDVR0jBG4wbIAUM5sAY05zw9+2R6IdqRB5uRRmxpmhQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgwJgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA+pt5IXXc8TTX1/hQ5SFvHzANBgkqhkiG9w0BAQ0FAAOCAgEAnHPYMbo5Tf3tCD8HKVoibt4dtd9wEUh/XDFg2RNM8caa9x32gZJXCXSDUatdHYabukrsYqZIIt/XeL0SB8KzCQVyiMIHadCZBKc8Va/ays9lP/Kky6f3jkbrT5t9IhyHYNDWkrXmY/gNXCPoeulRQ55R0I1g5ko/JwvNp6q/V3fwvcpJJaFSh/NTOvBGCPR/pnR8isgmjF/i7KcN/b8gvO4EiqCk4AVl30aDUJBDyjnisCk9JMS4JxAYkJ9MGkqI1wHno3eKqBWoUEtyNe58VFQwxUgSf8cTV+p6DEZaM14qqDXzIQ3kHdGTH5ciqlzok0ocUM3AXvpHyoPbMPIFJ1uNvrYBWyDeP/KT512VNjpW30GtfMzZXJ2sEkcMAxghdqHxeKkOWVSsHHglHhq2qHsGF7eTZO1CFkV6kL0sn8shlPiJ/EE1//0tXycWstBaTe1TpiOYjLiLpwJvu7oMQIrl/YtCi/tXfkl8BLG0hncCLUovsIqQdjpo6jMux8p7D8L7yDV9GuQGxoT542GM53o83/esHhDSEMzDydH/cvpht/b9/YOzBxTMcxdxL8RDOKommtIfro1VE2z0YJ0KURD7jZe9mygV2KXokIBG4V+vhOglb7hT//drKFz6GDZAqs/KKeUIZxUWlpPaNssJygwDq6EjlNdelrxdWIYtR9Y=", //nolint:lll
+		},
+		TLSAuth: "770e8de5fc56e0248cc7b5aab56be80d0e19cbf003c1b3ed68efbaf08613c3a1a019dac6a4b84f13a6198f73229ffc21fa512394e288f82aa2cf0180f01fb3eb1a71e00a077a20f6d7a83633f5b4f47f27e30617eaf8485dd8c722a8606d56b3c183f65da5d3c9001a8cbdb96c793d936251098b24fe52a6dd2472e98cfccbc466e63520d63ade7a0eacc36208c3142a1068236a52142fbb7b3ed83d785e12a28261bccfb3bcb62a8d2f6d18f5df5f3652e59c5627d8d9c8f7877c4d7b08e19a5c363556ba68d392be78b75152dd55ba0f74d45089e84f77f4492d886524ea6c82b9f4dd83d46528d4f5c3b51cfeaf2838d938bd0597c426b0e440434f2c451f", //nolint:lll
 	}
 	return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
 }

internal/provider/vpnsecure/updater/website.go

@@ -93,6 +93,7 @@ func parseHTMLGridItem(gridItem *html.Node) (
 	}
 
 	host := findHost(gridItemDT)
+	host = naToEmpty(host)
 	if host == "" {
 		return server, htmlutils.WrapWarning("host not found", gridItemDT)
 	}
@@ -110,18 +111,21 @@ func parseHTMLGridItem(gridItem *html.Node) (
 	}
 
 	region := findSpanStrong(gridItemDD, "Region:")
+	region = naToEmpty(region)
 	if region == "" {
 		warning := fmt.Sprintf("region for host %s not found", host)
 		return server, htmlutils.WrapWarning(warning, gridItemDD)
 	}
 
 	city := findSpanStrong(gridItemDD, "City:")
+	city = naToEmpty(city)
 	if city == "" {
 		warning := fmt.Sprintf("region for host %s not found", host)
 		return server, htmlutils.WrapWarning(warning, gridItemDD)
 	}
 
 	premiumString := findSpanStrong(gridItemDD, "Premium:")
+	premiumString = naToEmpty(premiumString)
 	if premiumString == "" {
 		warning := fmt.Sprintf("premium for host %s not found", host)
 		return server, htmlutils.WrapWarning(warning, gridItemDD)
@@ -135,6 +139,13 @@ func parseHTMLGridItem(gridItem *html.Node) (
 	}, ""
 }
 
+func naToEmpty(current string) (output string) {
+	if current == "N / A" {
+		return ""
+	}
+	return current
+}
+
 func findCountry(countryNode *html.Node) (country string) {
 	for node := countryNode.FirstChild; node != nil; node = node.NextSibling {
 		if node.Data != "a" {

internal/provider/vpnunlimited/connection.go

@@ -8,7 +8,7 @@ import (
 
 func (p *Provider) GetConnection(selection settings.ServerSelection, ipv6Supported bool) (
 	connection models.Connection, err error) {
-	defaults := utils.NewConnectionDefaults(0, 1194, 0) //nolint:gomnd
+	defaults := utils.NewConnectionDefaults(1197, 1197, 0) //nolint:gomnd
 	return utils.GetConnection(p.Name(),
 		p.storage, selection, defaults, ipv6Supported, p.randSource)
 }

internal/server/openvpn.go

@@ -5,6 +5,9 @@ import (
 	"encoding/json"
 	"net/http"
 	"strings"
+
+	"github.com/qdm12/gluetun/internal/constants"
+	"github.com/qdm12/gluetun/internal/constants/vpn"
 )
 
 func newOpenvpnHandler(ctx context.Context, looper VPNLooper,
@@ -56,9 +59,16 @@ func (h *openvpnHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *openvpnHandler) getStatus(w http.ResponseWriter) {
-	status := h.looper.GetStatus()
+	vpnStatus := h.looper.GetStatus()
+	openVPNStatus := vpnStatus
+	if vpnStatus != constants.Stopped {
+		vpnSettings := h.looper.GetSettings()
+		if vpnSettings.Type != vpn.OpenVPN {
+			openVPNStatus = constants.Stopped
+		}
+	}
 	encoder := json.NewEncoder(w)
-	data := statusWrapper{Status: string(status)}
+	data := statusWrapper{Status: string(openVPNStatus)}
 	if err := encoder.Encode(data); err != nil {
 		h.warner.Warn(err.Error())
 		w.WriteHeader(http.StatusInternalServerError)
@@ -78,10 +88,20 @@ func (h *openvpnHandler) setStatus(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
-	outcome, err := h.looper.ApplyStatus(h.ctx, status)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusBadRequest)
-		return
+
+	var outcome string
+	loopSettings := h.looper.GetSettings()
+	if status == constants.Running && loopSettings.Type != vpn.OpenVPN {
+		// Stop Wireguard if it was the selected type and we want to start OpenVPN
+		loopSettings.Type = vpn.OpenVPN
+		outcome = h.looper.SetSettings(h.ctx, loopSettings)
+	} else {
+		// Only update status of OpenVPN
+		outcome, err = h.looper.ApplyStatus(h.ctx, status)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
 	}
 	encoder := json.NewEncoder(w)
 	if err := encoder.Encode(outcomeWrapper{Outcome: outcome}); err != nil {

internal/updater/unzip/fetch.go

@@ -18,6 +18,7 @@ func (u *Unzipper) FetchAndExtract(ctx context.Context, url string) (
 	if err != nil {
 		return nil, err
 	}
+	request.Header.Set("User-Agent", "gluetun")
 
 	response, err := u.client.Do(request)
 	if err != nil {

internal/version/version.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"sort"
 	"time"
 
 	"github.com/qdm12/gluetun/internal/models"
@@ -49,13 +50,17 @@ func getLatestRelease(ctx context.Context, client *http.Client) (tagName, name s
 	if err != nil {
 		return "", "", time, err
 	}
+	// Sort releases by tag names (semver)
+	sort.Slice(releases, func(i, j int) bool {
+		return releases[i].TagName > releases[j].TagName
+	})
 	for _, release := range releases {
 		if release.Prerelease {
 			continue
 		}
 		return release.TagName, release.Name, release.PublishedAt, nil
 	}
-	return "", "", time, errReleaseNotFound
+	return "", "", time, fmt.Errorf("%w", errReleaseNotFound)
 }
 
 var errCommitNotFound = errors.New("commit not found")