1.4.0

What's Changed

• Add normalized hostname into metrics labels by @soffokl in #48

Full Changelog: 1.3.0...1.4.0

1.3.0

This release contains breaking changes:

• By default, API is exposed only on local interface 127.0.0.1. Just in case someone launches with defaults and forgets to secure it with --proxy.api-bind
• API supports only IPv4
• Proxy supports only IPv4

What's Changed

• By default, bind API only on 127.0.0.1 by @Waldz in #47

Full Changelog: 1.2.1...1.3.0

1.2.1

What's Changed

• Rework bytes sent/received metrics by @Waldz in #42
• Run tests in CI by @Waldz in #41
• Bump github.com/tidwall/gjson from 1.3.2 to 1.9.3 by @dependabot in #29
• Bump google.golang.org/grpc from 1.50.1 to 1.56.3 by @dependabot in #43
• Bump golang.org/x/net from 0.19.0 to 0.23.0 by @dependabot in #44
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @dependabot in #45
• Bump github.com/gin-gonic/gin from 1.4.0 to 1.9.1 by @dependabot in #46

New Contributors

• @dependabot made their first contribution in #29

Full Changelog: 1.2.0...1.2.1

1.2.0

What's Changed

• Added proxy metrics by @ScruffyPants in #38

New Contributors

• @ScruffyPants made their first contribution in #38

Full Changelog: 1.1.0...1.2.0

1.1.0

Changelog

1.1.0 (2022-12-22)

Full Changelog

Merged pull requests:

• Support of multiple upstream proxies #28 (Waldz)

1.0.0

This release contains breaking changes, so the forwarder needs to be run differently.

Before it was run on Docker's "bridge" network and you mapped a transparent proxy port to host:

docker run -p 127.0.0.1:8443:8443 --cap-add NET_ADMIN mysteriumnetwork/openvpn-forwarder

Now forwarder MUST be run on the host network:

docker run --name forwarder --network host --cap-add NET_ADMIN mysteriumnetwork/openvpn-forwarder \
    --proxy.bind=0.0.0.0:8443 \
    --proxy.allow=10.13.0.0/16

Also, don't forget to restrict access with --proxy.allow flag, the otherwise transparent proxy port will be accessible from outside

Before traffic was redirected by changing DST address:

iptables -t nat -A PREROUTING -s 10.13.0.0/16 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1:8443

Now you need to preserve DST address of IP packets:

iptables -t nat -A PREROUTING -s 10.13.0.0/16 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 8443

1.0.0 (2022-12-20)

Changelog

Full Changelog

Merged pull requests:

• Handle HTTPS requests without SNI #27 (Waldz)
• Recover original destination address of redirected requests #26 (Waldz)
• Implement access log #25 (Waldz)

0.4.0

Changelog

0.4.0 (2022-11-18)

Full Changelog

Merged pull requests:

• Gracefully handle HTTP requests with close header #24 (Waldz)
• E2E test for HTTP traffic #22 (Waldz)
• Migrate to Go modules #21 (Waldz)

0.3.0

Changelog

0.3.0 (2022-10-21)

Full Changelog

Merged pull requests:

• Change local environment port to default one - 8443 #19 (Waldz)
• Possibility to exclude domains from forwarding to upstream proxy #18 (Waldz)
• Fix broken E2E environment #17 (Waldz)

0.2.0

• Country targeting #16

0.1.2

Merge pull request #14 from mysteriumnetwork/forwarded-userid

Use Forwarded header instead of custom UserID