PureVPN provider revamp

[reedog117]

Description

PureVPN provider revamp:

• integrates PureVPN inventory-driven server selection and OpenVPN template ingestion by extracting this from the PureVPN Linux client
• removes legacy fallback port behavior in OpenVPN config generation and uses inventory-provided ports
• aligns filtering behavior around stable location fields and inventory tags (including p2p/category/type filtering updates)

Issue

• Closes Bug: gluetun is always trying port 53 for connection when downloaded OpenVPN files from PureVPN reference port 1194. #3148

Assertions

• I am aware that we do not accept manual changes to the servers.json file
• I am aware that any changes to settings should be reflected in the wiki

[reedog117]

This PR is more comprehensive but addresses much of the shortcomings of #3149 by finding a better avenue to get an updated server list and parsing accepted protocols, port numbers, and other attributes directly from the same source used by PureVPN's GUI clients.

[reedog117]

Test results summary for the PureVPN provider revamp branch.

Branch / commit

• Branch: codex/purevpn-deb-updater
• Head: 9c634605

1) Targeted validation on host (macOS)

go build ./cmd/gluetun
go test ./internal/provider/purevpn/... ./internal/provider/purevpn/updater/...

Result: ✅ pass

2) Targeted validation in Linux amd64 container

docker run --rm --platform linux/amd64 \
  -v "$PWD":/src -w /src golang:1.25-alpine3.22 \
  sh -lc '/usr/local/go/bin/go build ./cmd/gluetun && /usr/local/go/bin/go test ./internal/provider/purevpn/... ./internal/provider/purevpn/updater/...'

Result: ✅ pass

3) Full suite on host (informational)

go test ./...

Result: ⚠️ not fully green in this local macOS environment due unrelated/platform-sensitive tests:

• internal/natpmp (UDP/rpc timeout expectation mismatch)
• internal/netlink (wireguard support panic on unspecified platform)
• internal/tun (operation not permitted on TUN node creation)

PureVPN-related packages are green in all runs above.

[reedog117]

This potentially also closes #1501 #1725 and #1653

[reedog117]

[Generated by Codex]

Summary of review feedback addressed:

• Reverted OpenVPN TLS help text change and restored SERVER_REGIONS wording in:
  • internal/openvpn/logs.go
  • internal/openvpn/logs_test.go
• Restored Surfshark retro-compatibility logic in getLocationFilterChoices.
• Restored region validation/filtering behavior for non-PureVPN providers (including NordVPN).
• Kept SERVER_REGIONS parsing in read() for compatibility, and now ignore regions only when provider is PureVPN during validation.
• Removed the extra PureVPN filtering feature set (PureVPNServerTypes, PureVPNCountryCodes, PureVPNLocationCodes) from this PR so it can be split separately.
• Updated PureVPN updater networking to use injected client (u.client) instead of direct http.DefaultClient calls:
  • Added client *http.Client to updater
  • Default to http.DefaultClient only if nil
  • Switched .deb and inventory fetches to u.client

Validation done locally:

• go test ./internal/configuration/settings ./internal/provider/purevpn/... ./internal/provider/utils ./internal/storage ./internal/openvpn
• go build ./cmd/gluetun
• Real containerized PureVPN UDP connect test with credentials:
  • OpenVPN reached Initialization Sequence Completed
  • In-container egress IP checks confirmed VPN-routed traffic (distinct from host IP)

[reedog117]

[Generated by Codex]\n\nI split the selector work into a dedicated stacked PR based on :\n- https://github.com/reedog117/gluetun/pull/1\n\nThis contains the PureVPN selector functionality (, , , , country/location code selectors) separated from the base updater changes.

[reedog117]

@qdm12 what additional steps are needed at this point to merge this and then i can bring in the newer selector functionality?

[qdm12]

Thanks! More comments to address, I'll review one last time after that. It's a bit of a huge PR, so it takes time to review 😉

[reedog117]

Thanks! More comments to address, I'll review one last time after that. It's a bit of a huge PR, so it takes time to review 😉

Awesome - will work on this in the next few days

[qdm12]

I actually need this rather fast, this is blocking #3301 which I would like to finish soon (because purevpn is the only one using the public ip fetcher and this makes package imports shitty basically)
I'll circle back in a few days and comment here, I will pick up the PR if you didn't get the time to plunge back by then

[qdm12]

FYI working on it now

[qdm12]

@reedog117 Ok so I went through that mountain of AI slop (interesting takeaways here and there, huge mistakes too)

Now I need someone to test it out!

Servers data is updated on a branch at https://github.com/qdm12/gluetun-servers/blob/purevpn-3165/pkg/servers/purevpn.json and is used by the container image qmcgaw/gluetun:pr-3165 (amd64 only, manually pushed).

Now what I am especially curious, is to find if those hostnames found in the purevpn linux app such as be2-auto-udp.ptoserver.com, which do not DNS resolve, do in fact work. Can you try running that container image using SERVER_HOSTNAMES=be2-auto-udp.ptoserver.com for example to see if it works? The IP address(es) are taken from the purevpn linux app, but I wonder if they work at all (here).

Below is the list of all server hostnames failing to DNS resolve but that were found in the linux app, if you feel like testing a few more:

Details

ae2-auto-tcp.ptoserver.com ae2-auto-udp.ptoserver.com ae2-tcp-pf.ptoserver.com ae2-udp-pf.ptoserver.com af2-auto-tcp.ptoserver.com af2-auto-udp.ptoserver.com af2-tcp.ptoserver.com af2-udp.ptoserver.com al2-auto-tcp.ptoserver.com al2-auto-udp.ptoserver.com al2-tcp.ptoserver.com al2-udp.ptoserver.com ao2-auto-tcp.ptoserver.com ao2-auto-udp.ptoserver.com ao2-udp.ptoserver.com ar2-auto-tcp.ptoserver.com ar2-auto-udp.ptoserver.com ar2-tcp.ptoserver.com ar2-udp.ptoserver.com at2-auto-tcp.ptoserver.com at2-auto-udp.ptoserver.com at2-tcp.ptoserver.com at2-udp.ptoserver.com au2-auto-tcp.ptoserver.com au2-auto-udp.ptoserver.com au2-sd-udp.ptoserver.com aubn2-auto-tcp.ptoserver.com aubn2-auto-udp.ptoserver.com aupe2-auto-tcp.ptoserver.com aupe2-auto-udp.ptoserver.com aupe2-tcp.ptoserver.com aupe2-udp.ptoserver.com ausd2-auto-tcp.ptoserver.com ausd2-auto-udp.ptoserver.com ausd2-tcp.ptoserver.com ausd2-udp.ptoserver.com aw2-auto-tcp.ptoserver.com aw2-auto-udp.ptoserver.com aw2-tcp.ptoserver.com aw2-udp.ptoserver.com bb2-auto-tcp.ptoserver.com bb2-auto-udp.ptoserver.com bb2-tcp.ptoserver.com bb2-udp.ptoserver.com bd2-auto-tcp.ptoserver.com bd2-auto-udp.ptoserver.com bd2-tcp.ptoserver.com bd2-udp.ptoserver.com be2-auto-tcp.ptoserver.com be2-auto-udp.ptoserver.com be2-tcp-pf.ptoserver.com be2-udp-pf.ptoserver.com bg2-auto-tcp.ptoserver.com bg2-auto-udp.ptoserver.com bg2-tcp.ptoserver.com bg2-udp.ptoserver.com bh2-auto-tcp.ptoserver.com bh2-auto-udp.ptoserver.com bh2-tcp.ptoserver.com bh2-udp.ptoserver.com bm2-auto-tcp.ptoserver.com bm2-auto-udp.ptoserver.com bm2-tcp.ptoserver.com bm2-udp.ptoserver.com bn2-auto-tcp.ptoserver.com bn2-auto-udp.ptoserver.com bn2-tcp.ptoserver.com bn2-udp.ptoserver.com bo2-auto-tcp.ptoserver.com bo2-auto-udp.ptoserver.com bo2-tcp.ptoserver.com bo2-udp.ptoserver.com br2-auto-tcp.ptoserver.com br2-auto-udp.ptoserver.com br2-tcp.ptoserver.com br2-udp.ptoserver.com bs2-auto-tcp.ptoserver.com bs2-auto-udp.ptoserver.com bs2-tcp.ptoserver.com bs2-udp.ptoserver.com ca2-auto-tcp.ptoserver.com ca2-auto-udp.ptoserver.com caq2-auto-tcp.ptoserver.com caq2-auto-udp.ptoserver.com caq2-tcp.ptoserver.com caq2-udp.ptoserver.com cato2-auto-tcp.ptoserver.com cato2-auto-udp.ptoserver.com cato2-tcp-pf.ptoserver.com cato2-udp-pf.ptoserver.com cav2-auto-tcp.ptoserver.com cav2-auto-udp.ptoserver.com cav2-tcp.ptoserver.com cav2-udp.ptoserver.com ch2-auto-tcp.ptoserver.com ch2-auto-udp.ptoserver.com ch2-tcp-pf.ptoserver.com ch2-udp-pf.ptoserver.com cl2-auto-tcp.ptoserver.com cl2-auto-udp.ptoserver.com cl2-tcp.ptoserver.com cl2-udp.ptoserver.com cn2-auto-tcp.ptoserver.com cn2-auto-udp.ptoserver.com cz2-auto-tcp.ptoserver.com cz2-auto-udp.ptoserver.com cz2-tcp.ptoserver.com cz2-udp.ptoserver.com de2-auto-tcp.ptoserver.com de2-auto-udp.ptoserver.com de2-tcp-pf.ptoserver.com de2-udp-pf.ptoserver.com dk2-auto-tcp.ptoserver.com dk2-auto-udp.ptoserver.com dk2-tcp.ptoserver.com dk2-udp.ptoserver.com dz2-auto-tcp.ptoserver.com dz2-auto-udp.ptoserver.com dz2-tcp.ptoserver.com dz2-udp.ptoserver.com ee2-auto-tcp.ptoserver.com ee2-auto-udp.ptoserver.com ee2-tcp.ptoserver.com ee2-udp.ptoserver.com eg2-auto-tcp.ptoserver.com eg2-auto-udp.ptoserver.com eg2-tcp.ptoserver.com eg2-udp.ptoserver.com es2-auto-tcp.ptoserver.com es2-auto-udp.ptoserver.com es2-tcp.ptoserver.com es2-udp.ptoserver.com fi2-auto-tcp.ptoserver.com fi2-auto-udp.ptoserver.com fi2-tcp.ptoserver.com fi2-udp.ptoserver.com fr2-auto-tcp.ptoserver.com fr2-auto-udp.ptoserver.com fr2-tcp-pf.ptoserver.com fr2-udp-pf.ptoserver.com gr2-auto-tcp.ptoserver.com gr2-auto-udp.ptoserver.com gr2-tcp.ptoserver.com gr2-udp.ptoserver.com hk2-auto-tcp.ptoserver.com hk2-auto-udp.ptoserver.com hk2-tcp-pf.ptoserver.com hk2-udp-pf.ptoserver.com hu2-auto-tcp.ptoserver.com hu2-auto-udp.ptoserver.com hu2-tcp.ptoserver.com hu2-udp.ptoserver.com ie2-auto-tcp.ptoserver.com ie2-auto-udp.ptoserver.com ie2-ovpn-tcp.pointtoserver.com ie2-ovpn-udp.pointtoserver.com ie2-tcp.ptoserver.com ie2-udp.ptoserver.com in2-auto-tcp.ptoserver.com in2-auto-udp.ptoserver.com in2-udp-qr.ptoserver.com it2-auto-tcp.ptoserver.com it2-auto-udp.ptoserver.com it2-tcp-pf.ptoserver.com it2-tcp.ptoserver.com it2-udp-pf.ptoserver.com it2-udp.ptoserver.com jp2-auto-tcp.ptoserver.com jp2-auto-udp.ptoserver.com jp2-tcp-pf.ptoserver.com jp2-udp-pf.ptoserver.com kr2-auto-tcp.ptoserver.com kr2-auto-udp.ptoserver.com kr2-tcp.ptoserver.com kr2-udp.ptoserver.com ky2-auto-tcp.ptoserver.com ky2-auto-udp.ptoserver.com ky2-tcp.ptoserver.com ky2-udp.ptoserver.com lt2-auto-tcp.ptoserver.com lt2-auto-udp.ptoserver.com lt2-tcp.ptoserver.com lt2-udp.ptoserver.com lu2-auto-tcp.ptoserver.com lu2-auto-udp.ptoserver.com lu2-tcp.ptoserver.com lu2-udp.ptoserver.com lv2-auto-tcp.ptoserver.com lv2-auto-udp.ptoserver.com lv2-tcp.ptoserver.com lv2-udp.ptoserver.com mc2-auto-tcp.ptoserver.com mc2-auto-udp.ptoserver.com mc2-tcp.ptoserver.com mc2-udp.ptoserver.com md2-auto-tcp.ptoserver.com md2-auto-udp.ptoserver.com md2-tcp.ptoserver.com md2-udp.ptoserver.com ng2-auto-tcp.ptoserver.com ng2-auto-udp.ptoserver.com ng2-tcp.ptoserver.com ng2-udp.ptoserver.com nl2-auto-tcp.ptoserver.com nl2-auto-udp.ptoserver.com nl2-tcp-pf.ptoserver.com nl2-udp-pf.ptoserver.com no2-auto-tcp.ptoserver.com no2-auto-udp.ptoserver.com no2-tcp.ptoserver.com no2-udp.ptoserver.com nz2-auto-tcp.ptoserver.com nz2-auto-udp.ptoserver.com nz2-tcp.ptoserver.com nz2-udp.ptoserver.com om2-auto-tcp.ptoserver.com om2-auto-udp.ptoserver.com om2-tcp.ptoserver.com om2-udp.ptoserver.com pa2-auto-tcp.ptoserver.com pa2-auto-udp.ptoserver.com pa2-tcp.ptoserver.com pa2-udp.ptoserver.com ph2-auto-tcp.ptoserver.com ph2-auto-udp.ptoserver.com ph2-tcp.ptoserver.com ph2-udp.ptoserver.com pl2-auto-tcp.ptoserver.com pl2-auto-udp.ptoserver.com pl2-ovpn-tcp.ptoserver.com pl2-ovpn-udp.ptoserver.com pl2-tcp.ptoserver.com pl2-udp.ptoserver.com pr2-auto-tcp.ptoserver.com pr2-auto-udp.ptoserver.com pr2-tcp.ptoserver.com pr2-udp.ptoserver.com pt2-auto-tcp.ptoserver.com pt2-auto-udp.ptoserver.com pt2-tcp.ptoserver.com pt2-udp.ptoserver.com ro2-auto-tcp.ptoserver.com ro2-auto-udp.ptoserver.com ro2-tcp.ptoserver.com ro2-udp.ptoserver.com rs2-auto-tcp.ptoserver.com rs2-auto-udp.ptoserver.com rs2-tcp.ptoserver.com rs2-udp.ptoserver.com ru2-auto-tcp.ptoserver.com ru2-auto-udp.ptoserver.com ru2-tcp-pf.ptoserver.com ru2-udp-pf.ptoserver.com se2-auto-tcp.ptoserver.com se2-auto-udp.ptoserver.com se2-tcp-pf.ptoserver.com se2-udp-pf.ptoserver.com se2-udp-qr.ptoserver.com sg2-auto-tcp.ptoserver.com sg2-auto-udp.ptoserver.com sg2-tcp-pf.ptoserver.com sg2-udp-pf.ptoserver.com sk2-auto-tcp.ptoserver.com sk2-auto-udp.ptoserver.com sk2-tcp.ptoserver.com sk2-udp.ptoserver.com tr2-auto-tcp.ptoserver.com tr2-auto-udp.ptoserver.com tr2-tcp-pf.ptoserver.com tr2-udp-pf.ptoserver.com tw2-auto-tcp.ptoserver.com tw2-auto-udp.ptoserver.com ua2-auto-tcp.ptoserver.com ua2-auto-udp.ptoserver.com ua2-tcp.ptoserver.com ua2-udp.ptoserver.com uk2-auto-tcp.ptoserver.com uk2-auto-udp.ptoserver.com uk2-tcp.ptoserver.com uk2-udp.ptoserver.com ukl2-auto-tcp.ptoserver.com ukl2-auto-udp.ptoserver.com ukl2-tcp-pf.ptoserver.com ukl2-udp-pf.ptoserver.com ukm2-auto-tcp.ptoserver.com ukm2-auto-udp.ptoserver.com ukm2-tcp.ptoserver.com ukm2-udp.ptoserver.com us-global-tcp2.ptoserver.com us2-auto-tcp.ptoserver.com us2-auto-udp.ptoserver.com us2-tcp.ptoserver.com usca2-auto-tcp.ptoserver.com usca2-auto-udp.ptoserver.com usca2-tcp-pf.ptoserver.com usca2-udp-pf.ptoserver.com usfl2-auto-tcp.ptoserver.com usfl2-auto-udp.ptoserver.com usfl2-tcp.ptoserver.com usfl2-udp.ptoserver.com usga2-auto-tcp.ptoserver.com usga2-auto-udp.ptoserver.com usga2-tcp.ptoserver.com usga2-udp.ptoserver.com usil2-auto-tcp.ptoserver.com usil2-auto-udp.ptoserver.com usil2-tcp.ptoserver.com usil2-udp.ptoserver.com usnj2-auto-tcp.ptoserver.com usnj2-auto-udp.ptoserver.com usnj2-tcp.ptoserver.com usnj2-udp.ptoserver.com usny2-auto-tcp.ptoserver.com usny2-auto-udp.ptoserver.com usny2-tcp-pf.ptoserver.com usny2-udp-pf.ptoserver.com usphx2-auto-tcp.ptoserver.com usphx2-auto-udp.ptoserver.com usphx2-tcp.ptoserver.com usphx2-udp.ptoserver.com ussa2-auto-tcp.ptoserver.com ussa2-auto-udp.ptoserver.com ussa2-tcp-pf.ptoserver.com ussa2-udp-pf.ptoserver.com ussf2-auto-tcp.ptoserver.com ussf2-auto-udp.ptoserver.com ussf2-tcp.ptoserver.com ussf2-udp.ptoserver.com ustx2-auto-tcp.ptoserver.com ustx2-auto-udp.ptoserver.com ustx2-tcp.ptoserver.com ustx2-udp.ptoserver.com usut2-auto-tcp.ptoserver.com usut2-auto-udp.ptoserver.com usut2-tcp.ptoserver.com usut2-udp.ptoserver.com usva2-auto-tcp.ptoserver.com usva2-auto-udp.ptoserver.com usva2-tcp.ptoserver.com usva2-udp.ptoserver.com uswdc2-auto-tcp.ptoserver.com uswdc2-auto-udp.ptoserver.com uswdc2-tcp.ptoserver.com uswdc2-udp.ptoserver.com vg2-auto-tcp.ptoserver.com vg2-auto-udp.ptoserver.com vg2-tcp.ptoserver.com vg2-udp.ptoserver.com vleu-be2-ovpn-tcp.pointtoserver.com vn2-auto-tcp.ptoserver.com vn2-auto-udp.ptoserver.com vn2-tcp.ptoserver.com vn2-udp.ptoserver.com za2-auto-tcp.ptoserver.com za2-auto-udp.ptoserver.com za2-tcp.ptoserver.com za2-udp.ptoserver.com

[reedog117]

Can confirm that be2-auto-udp.ptoserver.com does not resolve for me either. This brings up an interesting point since the provider themselves is baking in these non-functional domain names. Do we filter the non-resolving ones out? Or do we leave them in since we do not know if the provider may bring these up later? Also wondering if we can just have this filtering / available hostname update function occur on the client side rather than during image build to save on runner resources.

[qdm12]

Do we filter the non-resolving ones out?

Yeah we can do that. Did you try connecting to it using gluetun / openvpn? Because it still has some IP addresses, maybe there is just no DNS record for it.