Skip to content

v2.0.0 — VPN Protection Stack

Choose a tag to compare

View all tags
@smartwatermelon smartwatermelon released this 16 Feb 22:34
· 51 commits to main since this release
v2.0.0
37d6212
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new

VPN protection stack

The server now has layered VPN protection for Transmission. No single point of failure — if one layer breaks, the others catch it.

  • PIA split-tunnel inversion: All traffic routes through VPN by default. Only Plex, Backblaze, and Safari bypass. (#57)
  • PIA config watchdog: PIA has a habit of forgetting its split tunnel settings after updates. A daemon polls every 60s, detects drift, and restores the config automatically. (#63)
  • VPN monitor: Polls tunnel interfaces every 5s. If the VPN drops, Transmission gets killed immediately. When the tunnel comes back, Transmission restarts with the correct bind address. Refactored from RPC pause/resume to kill/restart — a dead process has zero network activity. (#57, #60)
  • Plex VPN bypass: PF route-to rules keep Plex reachable on your public IP even with VPN active. Works around a PIA transparent proxy bug on macOS. Includes a public IP monitor that updates Plex's customConnections automatically. (#67)
  • PIA split tunnel bug documented: PIA's macOS split tunnel transparent proxy is broken for all bypass apps on macOS 15.x+. Workaround deployed, bug documented with draft upstream issue. (#67)

Automated updates

  • Homebrew packages update daily at 04:30 via LaunchDaemon
  • Mac App Store apps update via native macOS auto-update
  • macOS system updates download automatically (install is manual)
  • (#57, #58, #62)

Other changes

  • prep-airdrop.sh now uses a glob loop for template copying, so new templates are picked up automatically (#65)
  • VPN architecture documented in docs/vpn-transmission.md (#56, #59)
  • README rewritten to reflect current project state (#69)

Full changelog

Features

  • feat(vpn): VPN kill-switch, monitor, and auto-update infrastructure (#57)
  • feat(vpn): add PIA split tunnel config watchdog (Stage 1.5) (#63)
  • feat(vpn): Plex VPN bypass daemon + PIA bug docs (Stage 3b) (#67)

Fixes

  • fix(auto-updates): replace nonexistent brew autoupdate with LaunchAgent (#58)
  • fix(auto-updates): use LaunchDaemon for brew, native macOS for MAS (#62)
  • fix(prep-airdrop): use glob loop for template copying (#65)
  • fix(vpn): read Plex token from transmission-done config (#68)

Other

  • refactor(vpn-monitor): kill/restart instead of RPC pause/resume (#60)
  • docs(vpn): update deployment status after live deployment (#59)
  • docs(readme): rewrite for current project state (#69)
Assets 2
Loading