2020.1-beta1
Pre-release
Pre-release
Added
- Add translations for Finnish and Danish.
- Copy WireGuard key when clicking on it.
Windows
- Sign all binaries in the app instead of just the installer.
Changed
- Increase OpenVPN ping timeout from 20 to 25 seconds. Might make working tunnels disconnect
a bit less frequently. - Use traffic data from WireGuard to infer connectivity, instead of continuously pinging.
Should improve stability of the connection and reduce power use. - Update
wireguard-go
tov0.0.20200121
- Remove WireGuard keys from accounts when they are removed from the local account history.
- Upgrade from Electron 6 to Electron 7.
- Disable WireGuard protocol option if there's no WireGuard key.
Android
- Wait for traffic to be routed through the tunnel device before advertising blocked state.
- Connect automatically if
MullvadVpnService
is started with an intent which
has theandroid.net.VpnService
action. Effectively, this should enable
Always On behavior on Android versions where it's supported. - Allow notification to be dismissed when the UI is not shown and the tunnel is disconnected.
Windows
- Use a branded TAP driver for OpenVPN to prevent conflicts with other software and solve issues
related to driver upgrades. Also use the NDIS 6 driver on Windows 7. - Be more aggressive when installing routes, in effect taking ownership of existing duplicate route
entries. This allows the daemon to initialize properly even if a previous instance did not have a
clean shutdown.
Fixed
- Don't try to replace WireGuard key if account has too many keys already.
- Fix bogus update notification caused by an outdated cache.
- Fix layout issues when showing messages in WireGuard key view.
- Fix translation of "System default" after selecting "System default" in language settings.
Windows
- Fix regression due to which a TAP adapter issue was not given as the specific block reason when
the tunnel could not be started. - Fix occasional failure to shut down the old daemon process during installation by killing it if
necessary. - Make WireGuard work with IPv6 enabled even if there is no functioning TAP adapter for OpenVPN.
- Restart daemon when coming back from system hibernation with terminated user session, since
it's perceived as a cold boot from the user's perspective, so the app should act accordingly. - Change the optimization level for releases from the default value to
s
, as a temporary fix for
the system service crashing on Windows for newer CPU models.
Android
- Fix notification message to not show
null
version when version check cache is stale right
after an update. - Fix
null
pointer exception when connectivity event intent has no network info. - Fix fast loop trying to fetch location and preventing the device from sleeping. This should
improve battery life in some cases. - Fix crash when starting the app right after quitting it.
- Restart background service if it stops responding.
- Fix crash when VPN permission is revoked, either manually or by starting another VPN app.
- Fix crash caused by local JNI reference table overflow after running for a long time.
- Dismiss notification after service has stopped.
- Don't show missing connectivity error message in WireGuard key management screen if a
reconnection is expected to happen. - Fix showing new key as invalid immediately after regeneration.
Linux
- DNS management with static
/etc/resolv.conf
will now work even when no
/etc/resolv.conf
exists.
Security
- Add automatic key rotation for WireGuard (every 7 days by default). This limits the potential
for an attacker to correlate traffic with a public key and identity, and reduces the harm of
software that might leak the private tunnel IP (since it is no longer fixed).
Windows
- Stop OpenVPN from loading
C:\etc\ssl\openssl.cnf
on start. This file was being loaded when an
OpenVPN tunnel was being created. Any user could create the file, and the process loading it runs
as the SYSTEM user. Since the config file allows loading arbitrary code, it was an attack vector
allowing local unprivileged users to run code as SYSTEM.
macOS
- Limit macOS firewall rules to only allow UDP packets in the rules meant to enable being a DHCPv4
server when local network sharing is enabled.