Releases: jjacke13/nospoon
Releases · jjacke13/nospoon
v0.5.0-bare-test — Bare runtime support (test release)
Test release from the nospoon-bare branch. Not for production.
Standalone binaries
Single-file executables with embedded Bare runtime + all addons.
No Node.js or npm needed — just download, extract, and run.
| File | Platform |
|---|---|
| nospoon-linux-x64.tar.gz | Linux x86_64 |
| nospoon-linux-arm64.tar.gz | Linux ARM64 (Raspberry Pi) |
| nospoon-darwin-arm64.tar.gz | macOS Apple Silicon |
| nospoon-darwin-x64.tar.gz | macOS Intel |
| nospoon-win32-x64.tar.gz | Windows x64 |
| nospoon-android-arm64.tar.gz | Android ARM64 (embed as libnospoon.so) |
Native addon prebuilds
For use with npm install nospoon (Node.js or Bare runtime).
Usage
tar xzf nospoon-linux-x64.tar.gz
sudo ./bin/nospoon up config.jsoncv0.4.0
Windows Support
nospoon now runs on Windows (x64 and arm64) using Wintun v0.14.1 by WireGuard LLC.
- TUN adapter via Wintun FFI (bundled DLLs, no separate install)
- Full-tunnel mode with split routes, NRPT DNS, and IPv6 leak prevention
- Administrator check on startup with clear error message
- Default config path:
%PROGRAMDATA%\nospoon\config.jsonc
IPv6 Leak Prevention (all platforms)
Full-tunnel mode now blackholes IPv6 traffic through the TUN interface (::/1 + 8000::/1), preventing websites from seeing the client's real IPv6 address. Same approach as WireGuard. Applied to Linux, macOS, and Windows.
Other Changes
- Graceful NAT degradation on Windows server when
MSFT_NetNatWMI class is unavailable - Docker support (
Dockerfileadded in previous release, now documented) - Wintun prebuilt binary license included (
bin/win32-*/LICENSE.txt)
v0.3.2
What's new in 0.3.x
Config file architecture (0.3.0)
- JSONC config files replace CLI flags —
nospoon up [config.jsonc] - Server and client config in a single file format with
"mode"field seedFileoption to read seed from a separate file (keeps secrets out of config)peersmap for authenticated mode (replacespeers.json)- Comment support (
//) in config files - Input validation for all config fields (hex keys, CIDR, MTU range)
Android improvements (0.3.0)
- Config unification — Android uses the same config schema as desktop
- QR code scanning to import full config JSON
- Code cleanup: removed debug instrumentation, deduplicated notifications, immutable collections
Fixes
- Fast Linux shutdown — proper keepalive cleanup + async full-tunnel teardown
- IPv6 link-local (
fe80:) filter in open server mode - Missing
lib/config.jsandlib/validation.jsin npm package (0.3.2)
NixOS module
services.nospoongenerates config from NixOS optionsconfigFileoption for user-managed config (keeps secrets out of Nix store)
v0.2.0
What's new
Android app
- Kotlin VPN client using Bare runtime + bare-kit IPC
- Material Design 3 dark theme UI
- Configurable full-tunnel / subnet-only routing
- QR code scanning for server key and seed
- Multi-config management with persistent storage
- Nix dev shell for CLI builds (
nix develop .#android) - The apk file provided here is a beta/debug-version of the android app. It works but still needs refinements and polishing
macOS support
- utun device creation via Koffi FFI
- Platform dispatchers for TUN and full-tunnel (Linux + macOS)
- pfctl-based NAT for full-tunnel server mode
- DNS auto-switching (networksetup) in full-tunnel client mode
DNS auto-switching for clients in full-tunnel mode
- Linux: resolvectl or /etc/resolv.conf fallback
- macOS: networksetup -setdnsservers
- DNS restored to original on disconnect
NixOS module
- Declarative
services.nospoonconfiguration - Server and client mode with full-tunnel, peers, seed management
- systemd service with auto-restart
v0.1.0
First release of nospoon — a peer-to-peer VPN over HyperDHT.
- TUN interface (Layer 3) — works with any IP protocol
- NAT hole-punching — no public IP or port forwarding needed
- Noise encryption (X25519 + ChaCha20-Poly1305)
- Authenticated mode with per-client public keys and fixed IPs
- Full tunnel mode with kill switch
- Multi-client support with client-to-client routing
- Auto-reconnect with DHT restart on server IP change