AlgoVPN 2.0.1

A maintenance release focused on Ansible 12 compatibility, cloud provider fixes, and dependency updates.

🔧 Bug Fixes

Ansible 12 Compatibility

• Fixed Ansible 12 boolean type checking (#14834) - Resolved deployments breaking due to stricter boolean handling
• Fixed Ansible 12 double-templating issues (#14836) - Corrected Jinja2 spacing issues causing template failures
• Fixed Ansible 12 compatibility issues (#14840) - General compatibility fixes for the Ansible 12.x series
• Fixed AWS EC2 and Lightsail deployment failures (#14861) - Resolved Ansible 12-specific API issues
• Fixed GCE deployment error (#14860) - Corrected JSON parsing issues with Ansible 12

Cloud Provider Fixes

• Fixed Vultr deployment issues (#14852, #14853) - Resolved regions string conversion bug and startup script JSON serialization
• Fixed Scaleway deployment (#14848) - Replaced broken organization_info module
• Fixed DigitalOcean API error handling (#14830) - Improved debugging for API errors
• Fixed update-users not working (#14859) - Resolved user management failures

Other Fixes

• Added missing ansible.utils collection (#14880) - Fixed 'No filter named ipmath' errors for ansible-core users
• Removed unused dependencies - Cleaned up pyopenssl and boto dependencies

⚠️ Breaking Changes

• Removed Exoscale support (#14841) - CloudStack API has been deprecated by Exoscale

🔄 Infrastructure Updates

• Updated Hetzner server type (#14874) - Changed from deprecated cpx11 to cpx22
• Added pre-commit hooks (#14831) - Comprehensive code quality checks
• Switched Dependabot to uv (#14862) - Improved dependency management
• Added Claude Code GitHub Actions (#14873) - Automated issue triage and PR reviews

📦 Dependency Updates

• ansible 11.9.0 → 12.2.0
• boto3 1.40.3 → 1.41.5
• azure-identity 1.23.1 → 1.25.1
• azure-mgmt-compute 35.0.0 → 37.1.0
• hcloud 2.5.4 → 2.11.1
• google-auth 2.40.3 → 2.43.0
• linode-api4 5.33.1 → 5.38.0
• openstacksdk 4.6.0 → 4.8.0
• pyyaml 6.0.2 → 6.0.3
• requests 2.32.4 → 2.32.5

📋 Full Changelog

v2.0.0...v2.0.1

Algo VPN 2.0.0

A major release with comprehensive security improvements, performance optimizations, and modernized infrastructure.

🔒 Security Enhancements

• Certificate Authority constraints (#14811) - Prevents certificate reuse across deployments with unique CA identifiers
• Refactored PKI management (#14809) - Replaced legacy OpenSSL scripts with Ansible crypto modules for better security and maintainability
• Prevented sensitive information logging (#14779) - Enhanced privacy by removing sensitive data from logs
• Modernized WireGuard key management (#14803) - Improved key generation and handling
• Security-hardened CI/CD (#14769) - Updated GitHub Actions with security best practices
• Jinja2 security update - Updated to ~3.1.6 for CVE-2025-27516 fix

🚀 Performance Improvements

• 30-60% faster deployments - Comprehensive performance optimizations throughout the codebase
• Self-bootstrapping Python environment (#14814) - Automatic uv setup for faster, more reliable installations
• Optimized cloud-init templates - Reduced startup time for cloud deployments
• Improved DNS caching - Better performance for DNS queries

🌐 Network and Routing Fixes

• Fixed multi-homed system routing (#14826) - Proper output interface specification for servers with multiple IPs
• Fixed iptables NAT rules (#14825) - Resolved VPN traffic routing issues
• IPv6 WireGuard endpoints (#14780) - Added support for IPv6 addresses in WireGuard configurations
• BSD IPv6 improvements (#14786) - Fixed address selection on BSD systems
• DigitalOcean multi-IP handling - Better support for droplets with both public and private IPs

☁️ Cloud Provider Updates

• Vultr API v2 support (#14773) - Updated to latest Vultr API
• AWS Lightsail fixes (#14823) - Resolved boto3 parameter issues
• AWS credentials file support (#14778) - Can now use standard AWS credentials file
• Azure improvements (#14781, #14774) - Fixed requirements path, updated to collection v3.7.0
• DigitalOcean cloud-init (#14801) - Fixed compatibility and deprecation warnings
• Hetzner instance types (#14762) - Switched to globally available types

📚 Documentation Improvements

• New FAQ: Single cipher suite rationale (#14827, closes #231) - Explains security benefits of our cryptographic choices
• New FAQ: Censorship circumvention stance (#14827, closes #230) - Clarifies Algo's focus on privacy vs anonymity
• Windows client guide (#14787) - Comprehensive setup instructions
• Installation requirements (#14790) - Clarified sudo requirements
• Grammar and clarity (#14770) - Improved throughout documentation

🔧 Infrastructure and Testing

• Comprehensive test suite - Added 15+ new test files covering all major components
• Jinja2 expression validation (#14817) - Detects inline comments that break templates
• Stricter linting (#14789) - Enhanced code quality with ansible-lint
• Installation reliability (#14788) - Added timeouts and retry logic
• OpenSSL 3+ compatibility (#14772) - Fixed PKCS#12 mobileconfig generation

📦 Dependency Updates

• Ansible 11.9.0 - Latest stable version
• GitHub Actions - All workflows updated to latest versions
• Python packaging - Modern setup with uv and pyproject.toml
• Removed legacy requirements.txt in favor of lockfile

🐛 Bug Fixes

• Ubuntu 22.04 compatibility issues (#14824)
• Server selection in update-user script (#14727)
• SSH tunnel certificate naming (#14771)
• AWS CloudFormation warnings (#14782)
• POSIX shell compliance (#14789)

💔 Breaking Changes

• Python 3.11+ required - Older Python versions no longer supported
• Certificate constraints - CAs now include deployment-specific constraints
• Ansible crypto modules - Legacy OpenSSL command usage removed

🎯 Milestone Completion

This release closes the 2.0 milestone with all planned features implemented and tested.

📝 Upgrade Notes

• Existing Algo servers will continue to work but won't benefit from the new features
• To use new features, deploy a fresh Algo server (recommended approach)
• Python environment will self-bootstrap with uv on first run

---

Algo VPN continues to focus on security through simplicity, providing a personal VPN that "just works" while maintaining the highest security standards.

Special thanks to all contributors who helped make this release possible!

AlgoVPN 1.1

v1.1

AlgoVPN 1.1

AlgoVPN 1.0

v1.0

Update CHANGELOG.md