Tags: trailofbits/algo
Tags
Algo VPN 2.0.0 A major release with comprehensive security improvements, performance optimizations, and modernized infrastructure. - Certificate Authority constraints implementation (#14811) - Prevents certificate reuse across deployments - Refactored PKI management using Ansible crypto modules instead of OpenSSL scripts (#14809) - Prevented sensitive information from being logged (#14779) - Modernized WireGuard key management (#14803) - Security-hardened GitHub Actions workflows (#14769) - Updated Jinja2 to ~3.1.6 for CVE-2025-27516 security fix - Comprehensive performance optimizations reducing deployment time by 30-60% - Self-bootstrapping Python environment with uv for faster, more reliable setup (#14814) - Optimized cloud-init templates and startup scripts - Improved DNS caching configuration - Fixed VPN routing on multi-homed systems with proper output interface specification (#14826) - Fixed VPN traffic routing issues with iptables NAT rules (#14825) - Added IPv6 support for WireGuard endpoint addresses (#14780) - Fixed IPv6 address selection on BSD systems (#14786) - Improved handling of DigitalOcean servers with multiple network interfaces - Added support for Vultr API v2 (#14773) - Fixed AWS Lightsail deployment errors with boto3 parameters (#14823) - Added AWS credentials file support (#14778) - Fixed Azure requirements file path issues (#14781) - Updated Azure Ansible collection to v3.7.0 (#14774) - Fixed DigitalOcean cloud-init compatibility (#14801) - Switched to globally available Hetzner instance types (#14762) - Added FAQ explaining single cipher suite design decision (#231) - Added FAQ clarifying censorship circumvention stance (#230) - Improved Windows client documentation (#14787) - Added sudo requirement documentation for local installations (#14790) - Fixed grammar and spelling throughout documentation (#14770) - Updated Google Cloud Shell deployment guide (#14721) - Added comprehensive unit test suite with 15+ new test files - Added test for detecting inline comments in Jinja2 expressions (#14817) - Implemented stricter ansible-lint rules (#14789) - Added retry logic and timeouts to installation scripts (#14788) - Fixed PKCS#12 mobileconfig compatibility with OpenSSL 3+ (#14772) - Ansible 11.9.0 - All GitHub Actions updated to latest versions - Modern Python packaging with uv and pyproject.toml - Removed legacy requirements.txt in favor of uv.lock - Fixed Ubuntu 22.04 compatibility issues (#14824) - Fixed server selection in update-user script (#14727) - Fixed SSH tunnel user certificate naming (#14771) - Fixed AWS CloudFormation linter warnings (#14782) - Fixed shellcheck POSIX compliance issues (#14789) - Minimum Python version is now 3.11 - Removed support for legacy OpenSSL commands in favor of Ansible crypto modules - Certificate authority now includes constraints preventing cross-deployment certificate reuse This release represents a significant modernization of Algo VPN's infrastructure while maintaining its core philosophy of security through simplicity. The performance improvements and self-bootstrapping setup make deployment faster and more reliable than ever. Special thanks to all contributors who helped make this release possible!