- MacOS: Minor improvements to wake from sleep behavior
- Linux: Improve Wayland workaround
- All: Fix client notifications
- MacOS: Fix Wifi SSID detection for Automation (again!)
- Linux: Implement Workaround for bleeding-edge Wayland issues
- All: Improve diagnostics
- MacOS: New Split Tunnel system has arrived!
- MacOS: Improve PIA's behavior during sleep to fix crashes after long sleeps
- Linux: Fix Split Tunnel and Wireguard issues when using the latest version of iproute2
- Linux: Fix OpenVPN on Suse variants
- UI: Increase contrast of graph in performance tile
- UI: Add two extra decimal places to data usage values
- UI: Add changelog link to update notification
- Linux: Improve split tunnel robustness in the presence of mount namespaces
- Linux: Fix split tunnel on Linux Mint 20.0+
- Linux: Fix split tunnel on rolling release distributions
- Linux: Fix compatibility with LXC containers
- macOS: Fix Wifi SSID detection for Automation
- Windows: Fix occasional Split Tunnel crash when 'Existing DNS' is used
- All: Remove local port option for OpenVPN connections
- All: Fix a bug that would sometimes cause a crash when trying to connect while disconnecting
- Fix a variety of firewall and split tunnel issues on Windows
- Fix local DNS resolver on some Linux distributions
- Builds for macOS are now universal for x86_64 and arm64
- Improved robustness in firewall backends
- Improved reliability of split tunnel rules for Opera and other applications with "launcher" executables on Windows
- Install logs are now included in debug reports when available
- Login and dedicated IP pages indicate when to retry when rate-limited by API
- Fixed opening combo boxes when another combo box was open, the second combo box no longer closes immediately
- Fixed permissions on piavpn.service to eliminate warning from systemd on some Linux distributions
- Fixed a rare GUI crash that could occur on the Split Tunnel or Automation pages if a setting change occurred while a combo box was open
- Detect absense of iptables on some Linux systems and install if possible.
- Fixed the subscription page link that was redirecting to the home page.
- Improved security on Windows preventing privilege escalation attacks.
- Disabled Split Tunnel on macOS 12 or greater (we are working on it!).
- Fixed an issue with the latest release of iproute2 on Linux systems.
- Custom DNS settings are no longer forgotten when switching to another Settings tab with a setting other than Custom DNS selected.
- Request product feedback by linking to our survey
- Support Handshake domain name resolution (Using HDNS nameservers)
- Public IP is displayed even when not connected
- "Time to Connect" stats can be sent to PIA on an opt-in basis to help improve our service
- Fixed default folder when browsing for applications in Split Tunnel application selection
- Added "Auto" MTU setting to measure actual MTU after connecting
- Added automatic tray icon theme on Windows
- Improved handling of expired accounts
- Fixed connecting to favorite regions after a connection was refused by the server
- Fix issue causing multiple dialogs on driver install on Windows
- Fix issue where deleting a Dedicated IP breaks tooltips
- Fixed a crash on Windows when enabling split tunnel
- Added a notice about split tunnel issues on macOS Monterey
- Added support for Wayland display server on Linux
- Improved OpenVPN TCP timeouts when the server isn't reachable
- Improved macOS Split Tunnel to protect against looping packets
- Fixed an issue where client might not automatically start on macOS Big Sur
- Fixed an issue migrating proxy settings from 2.10 or earlier
- Redesigned the Settings window to improve categorization and allow for future growth
- Separated the three “Kill Switch” setting choices into two separate settings - “VPN Kill Switch” and “Advanced Kill Switch”
- Automation rule triggers on the dashboard are now removed if the rule is deleted
- The “Usage” tile now adjusts units based on the amount of data transferred
- Fixed navigation order issues with VoiceOver on macOS in some Settings pages
- Fixed navigation order of overlay dialogs in Settings window for Windows screen readers
- Fixed an issue causing overlay tips to stop working after removing an Automation rule
- Reduced memory and CPU usage of the graphical client
- Updated icons and graphics
- Connection stats can be sent to PIA on an opt-in basis to help improve our service
- Added a CLI get/set type for the Allow LAN setting
- The split tunnel UI on Windows now displays executable paths instead of link paths for Start Menu apps
- WireGuard now works correctly on macOS and Linux when jumbo frames are enabled on the network interface
- The PIA daemon on Linux no longer writes to stderr when run as a service to avoid flooding system logs
- In-app updates on Linux now detect xfce4-terminal on systems without an x-terminal-emulator symlink
- Fixed a crash on Windows caused by some older OpenGL drivers
- Fixed an install issue on Linux that prevented creation of the piavpn group in some cases
- Fixed an issue causing the support tool to appear more than once on Linux in some cases
- Fixed libxcb dependencies in Linux arm64 build
- Updated to OpenVPN 2.5.1 and OpenSSL 1.1.1k
- Improved accessibility of the "Add Automation Rule" dialog
- Split tunnel on Linux now applies the Split Tunnel Name Servers setting to DNS requests routed through the host (most containers / VMs)
- "Submit Debug Logs" now shows an indicator while collecting diagnostics
- Added additional split tunnel diagnostics for macOS
- Linux installations no longer require ifconfig
- ip no longer has to be at /sbin/ip on Linux
- The PIA daemon on Linux OpenRC systems no longer waits for a network connection before starting
- Fixed restarting the PIA daemon after an upgrade on Linux SysVinit systems
- Fixed an issue in macOS split tunnel that prevented the VPN from connecting when the killswitch was set to Always
- Automation rules can now be created in Settings to automatically connect or disconnect when joining networks
- Fixed macOS split tunnel issues preventing access to LAN devices or bypassed subnets on some systems
- Fixed issues preventing LAN DNS servers from working in the Custom DNS setting
- Fixed the Cmd+W shortcut in the Changelog window on macOS
- Fixed an issue causing WireGuard connections to fail on some systems running macOS 10.13
- Fixed an issue causing PIA to stop responding on some systems running macOS 11
- Additional diagnostics on Windows
- Split tunnel on macOS no longer uses a network kernel extension
- Split tunnel now supports macOS 11.0 (Big Sur)
- Service notifications can now be shown below the Connect button
- Added support for Linux ARM build configurations (armhf and arm64)
- Linux builds are now made on Debian Stretch
- Ubuntu 16.04 is no longer supported (libstdc++ 6.0.22 is now required)
- Added support for renewing Dedicated IPs
- "Bypass" apps on Linux now also bypass the PIA killswitch
- OpenVPN now always uses RSA-4096 for the server authentication handshake
- OpenVPN CBC ciphers now always use SHA-256 for data authentication
- Removed the Data Encrytion "None" setting for OpenVPN
- Updated to Qt 5.15.2, OpenVPN 2.4.10, OpenSSL 1.1.1i
- Fixed an issue causing bypass apps on Linux to occasionally use VPN DNS
- Fixed an issue on Linux causing OpenVPN to fail to connect when PATH exceeds 256 characters
- Fixed an issue preventing the Built-in Resolver from working reliably on some Windows systems
- Fixed a crash when connecting to a region with no servers available for the current protocol
- Removed support for the legacy PIA network
- Added support for upcoming Dedicated IP feature
- Temporarily unavailable regions are displayed in the regions list and ignored by automatic selection
- Regions now report multiple servers per region for improved connection resiliency
- Minor improvements to regions list UI and accessibility
- Improved word breaking in Thai translation
- Fixed some Shadowsocks servers not appearing with next-gen network
- Fixed an issue preventing OpenVPN from connecting on Fedora 33
- Fixed an issue occasionally allowing domains that should be blocked by MACE to remain cached on the system
- Fixed accessibility focus indications for drop-down buttons
- Fixed launching client after install, and launching downloaded updates on some Linux environments
- Fixed missing accessibility annotations on Shadowsocks proxy region list
- Fixed a crash that occurred when geo-located regions were disabled in Settings
- Fixed an issue preventing the crash reporter from starting for client crashes
- Split tunnel on Windows now also splits DNS traffic
- Added "Name Servers" setting to Split Tunnel on Windows and Linux
- Region locations and translations are now updated automatically
- Split tunnel is disabled on macOS 11.0 due to removal of network kernel extensions
- Added
pubiptype topiactl get/monitor(thanks Chase Wright!) - Fixed executable signing on Windows
- Windows hardware acceleration now uses Direct3D 11 instead of OpenGL
- PIA on Windows now requires Windows 8 or later
- Split tunnel app rules on Linux now also split DNS traffic
- Routed packets on Linux are now protected by the PIA killswitch (includes most containers and VMs)
- Split tunnel can now bypass routed packets on Linux
- Fixed a crash on macOS caused by changing screen layouts
- Fixed an issue causing installation to hang in some cases on macOS
- Added notification for OS versions that are no longer supported
- Removed network setting from Help page
- Fixed a possible daemon crash on macOS when split tunnel was enabled
- Fixed dependency issues on some Linux distributions
- Detect additional graphics drivers for automatic safe graphics mode on Windows
- Next Generation network is now the default
- Added the Connection tile
- Updated Qt to 5.15.0
- PIA on macOS now requires 10.13
- Fixed several issues relating to installation or uninstallation on Windows in Safe Mode
- Fixed an issue causing a memory leak on some Windows systems when Windows suspends pia-client to save power
- Fixed an issue preventing split tunnel from working with WireGuard on some newer Linux distributions
- Fixed DNS routing issues with split tunnel on Linux systems not using systemd-resolved
- Fixed an issue causing the WireGuard userspace method to occasionally fail to connect on some Linux systems
- Removed unneeded WireGuard kernel module logging on Linux
- Fixed an issue causing high CPU usage on some Linux systems
- Fixed an issue causing WireGuard to disconnect in some cases using split tunnel with All Other Apps set to Bypass
- Fixed an issue on Windows causing the PIA service to crash when connecting with some Split Tunnel configurations
- Split tunnel is now supported with WireGuard
- Geo-located regions are supported
- The {{BRAND_SHORT}} Next Generation network is now in preview
- Added Built-in Resolver option to Name Servers setting
- Removed Handshake testnet resolver from Name Servers setting (testnet no longer exists, hnsd does not support mainnet)
- Added 'requestportforward' option to '{{BRAND_CODE}}ctl get/set' to control port forwarding setting
- Improved DNS leak protection compatibility with macOS 10.15.4 and later
- Improved compatibility of split tunnel on Windows with other WFP callout drivers
- Fixed an issue preventing IP split tunnel rules from being disabled on Windows in some cases
- Fixed layout of the killswitch warning in some translations
- Changed title of windowed dashboard to "{{BRAND}}"
- The regions list keeps its scroll position as latencies are updated
- Diagnostic improvements in debug reports
- Split tunnel "bypass" rules can be created for IP addresses and subnets
- WireGuard now supports network roaming on Mac in addition to Windows and Linux
- New {{BRAND_CODE}}ctl commands to log in and log out - '{{BRAND_CODE}}ctl login', '{{BRAND_CODE}}ctl logout'
- New {{BRAND_CODE}}ctl command to enable killswitch and/or VPN connections without using the graphical client - '{{BRAND_CODE}}ctl background'
- Fixed an issue that prevented WireGuard from connecting on Windows if the computer had been shut off unexpectedly
- Fixed an issue on some Linux resolvconf systems that could block DNS incorrectly when using WireGuard
- Improved handling of several Mac applications with split tunnel, such as Mail and Calendar
- Split tunnel on Linux attempts to mount net_cls automatically if it's not mounted (as on Fedora)
- The WireGuard connectivity timeout is customizable
- Improved support for IPv6 networks when the Allow LAN setting is enabled
- Fixed an issue that prevented Use Existing DNS from working on some Mac systems
- Fixed an issue causing WireGuard to take a long time to connect on some Windows systems
- Updated Qt to 5.12.8
- Updated OpenVPN to 2.4.9
- Updated OpenSSL to 1.1.1g
- Security improvements
- Fixed long DNS resolution times on Windows on some systems
- WireGuard is now supported as a connection method
- WireGuard on Windows requires Windows 8 or later
- Some settings are not yet supported with WireGuard - split tunnel, port forwarding, and proxy
- Fixed the Mail app on Windows 10 with split tunnel (shares an app family with Calendar)
- Fixed terminal emulator support for Terminator and other terminals on Linux
- VPN IP and forwarded port appear more quickly than in 1.8
- Improved reliability of support tool submissions
- Security improvements
- Split tunnel apps can be configured to use the VPN only or to bypass the VPN
- The default behavior can be set to "Bypass VPN" to use the VPN only for specific apps
- Fixed TCP localhost connections for split tunnel apps on Windows
- Fixed split tunnel for Mac apps that bind to specific ports
- Fixed focus behavior on Mac when closing windows with the keyboard
- Fixed LAN routing problems when split tunnel is enabled on Linux
- Improved reliability of the port forwarding feature
- Updated Qt to 5.12.6
- Updated OpenVPN to 2.4.8
- Updated OpenSSL to 1.1.1d
- Updated TAP adapter to 9.24.2 on Windows
- The Shadowsocks proxy setting can be used to redirect the VPN connection through a Shadowsocks region
- Added the '{{BRAND_CODE}}ctl monitor' command
- Added the 'connectionstate' type to '{{BRAND_CODE}}ctl get'
- Improved firewall rules on Linux to mitigate CVE-2019-14899 on affected distributions
- Improved handling of crashes caused by graphics drivers on Windows
- Fixed an issue preventing apps from being selected for App Exclusions on macOS 10.15
- Fixed an issue causing Windows 10 1507 / LTSB 2015 to restart on shutdown
- Security improvements in the Mac OS installer
- VPN Snooze allows temporarily disconnecting the VPN connection.
- Added "{{BRAND_CODE}}ctl" - a command-line interface to control the client.
- Connection loss is detected more quickly.
- Fixed issues in the App Exclusions feature that could occur when switching network connections.
- App Exclusions supports macOS 10.12.
- Fixed detection of the iptables version for some Linux distributions.
- App Exclusions is improved for listening sockets on Linux.
- The dashboard repositions correctly if the screen resolution changes on macOS.
- Fixed an issue that could cause long delays when the client starts on login.
- Security improvements.
- Added a "Help" link to the App Exclusions feature in Settings
- Split tunneling allows applications to bypass the VPN using the App Exclusions feature.
- Excluded applications bypass the VPN and connect directly to the Internet.
- Windows: This feature currently requires Windows 7 SP1. Support for Windows Store apps requires Windows 10.
- Mac: This feature currently requires macOS 10.13.
- Linux: This feature currently requires iptables 1.6.1 with systemd network control groups on Linux.
- Support connecting via a SOCKS5 proxy
- Notarize application on Mac for compatibility with 10.15
- Update Mac installer to improve compatibility with 10.15
- Minor translation fix for French
- Minor firewall rule fix on Windows
- Support both DHCP-based configuration (like 1.2.1) and static configuration (like 1.3.1) on Windows
- Update Handshake to fix linkage on some Linux distributions and with an additional seed
- Use DHCP-based configuration of the TAP adapter on Windows
- Fixed issues on Windows when the TAP adapter name contained non-ASCII characters
- Fixed minor translation issues
- Countries can be marked as favorite regions
- "Auto" region selects a port forwarding region when port forwarding is enabled
- Support Handshake name resolution (using Handshake's testnet)
- Support some Linux distributions using sysvinit
- Persist the sort selection on the regions page
- Improve robustness of TAP adapter configuration on Windows
- Try alternate protocols and ports automatically if the chosen settings cannot connect
- Fixed an issue causing the VPN to stay connected when logging out of the OS.
- Tiles can be rearranged with drag-and-drop
- Added a setting for "windowed" or "attached" dashboard on all platforms
- Preserve killswitch and VPN connection if client exits unexpectedly
- Fix reconnecting after suspend on Windows
- Fix multiple crashes, in particular crashes after suspend on Windows
- Improve software rendering backend
- Improved accessibility of Changelog window
- Minor fixes for right-to-left desktops on Linux
- Update to OpenVPN 2.4.7
- Update TAP adapter on Windows to 9.23.3.601
- Added additional firewall diagnostics on Windows
- Fix occasional crashes in Windows installer
- Fix macOS installer error on certain systems
- Added tray icon theme setting with alternate styles in response to user feedback
- Improve reliability of VPN IP address
- Attempt to rotate through server IPs more frequently between connection attempts
- Show a warning on Windows when the TAP adapter is not installed
- Improve robustness of firewall rules on Mac OS
- Improve single-instance handling on Linux
- Improve reliability of tray icon on Linux when launched on login
- Clarify warning shown when account can't be verified
- Fix Linux HiDPI support when launched on login for some distributions
- Fix Windows installer on Windows 7 without specific Windows updates
- Fix Allow LAN setting being disabled by default after upgrading from legacy client
- Fix installation issue on Linux due to incorrect umask
- Improve appearance of pop-up tips for languages other than English
- Added option to disable accelerated graphics to fix stability issues
- Set correct group id when re-starting after a crash on Linux
- Added screen reader support
- Avoid assuming IPv6 is present
- Bring the app to the front if relaunched while running
- Avoid insecure directories on Windows
- Made tray icon more robust on Windows
- Fixed window title on Windows installer
- Fixed rare crash when enabling debug logging
- Added Quick Tour displayed on first run
- Slightly more robust uninstaller on Linux
- Fixed iptables handling when DNS is unavailable on Linux
- Remove legacy .desktop file when upgrading on Linux