v0.5.0-bare-test — Bare runtime support (test release)

Test release from the nospoon-bare branch. Not for production.

Standalone binaries

Single-file executables with embedded Bare runtime + all addons.
No Node.js or npm needed — just download, extract, and run.

File	Platform
nospoon-linux-x64.tar.gz	Linux x86_64
nospoon-linux-arm64.tar.gz	Linux ARM64 (Raspberry Pi)
nospoon-darwin-arm64.tar.gz	macOS Apple Silicon
nospoon-darwin-x64.tar.gz	macOS Intel
nospoon-win32-x64.tar.gz	Windows x64
nospoon-android-arm64.tar.gz	Android ARM64 (embed as libnospoon.so)

Native addon prebuilds

For use with npm install nospoon (Node.js or Bare runtime).

Usage

tar xzf nospoon-linux-x64.tar.gz
sudo ./bin/nospoon up config.jsonc

v0.4.0

Windows Support

nospoon now runs on Windows (x64 and arm64) using Wintun v0.14.1 by WireGuard LLC.

• TUN adapter via Wintun FFI (bundled DLLs, no separate install)
• Full-tunnel mode with split routes, NRPT DNS, and IPv6 leak prevention
• Administrator check on startup with clear error message
• Default config path: %PROGRAMDATA%\nospoon\config.jsonc

IPv6 Leak Prevention (all platforms)

Full-tunnel mode now blackholes IPv6 traffic through the TUN interface (::/1 + 8000::/1), preventing websites from seeing the client's real IPv6 address. Same approach as WireGuard. Applied to Linux, macOS, and Windows.

Other Changes

• Graceful NAT degradation on Windows server when MSFT_NetNat WMI class is unavailable
• Docker support (Dockerfile added in previous release, now documented)
• Wintun prebuilt binary license included (bin/win32-*/LICENSE.txt)

v0.3.2

What's new in 0.3.x

Config file architecture (0.3.0)

• JSONC config files replace CLI flags — nospoon up [config.jsonc]
• Server and client config in a single file format with "mode" field
• seedFile option to read seed from a separate file (keeps secrets out of config)
• peers map for authenticated mode (replaces peers.json)
• Comment support (//) in config files
• Input validation for all config fields (hex keys, CIDR, MTU range)

Android improvements (0.3.0)

• Config unification — Android uses the same config schema as desktop
• QR code scanning to import full config JSON
• Code cleanup: removed debug instrumentation, deduplicated notifications, immutable collections

Fixes

• Fast Linux shutdown — proper keepalive cleanup + async full-tunnel teardown
• IPv6 link-local (fe80:) filter in open server mode
• Missing lib/config.js and lib/validation.js in npm package (0.3.2)

NixOS module

• services.nospoon generates config from NixOS options
• configFile option for user-managed config (keeps secrets out of Nix store)

v0.2.0

What's new

Android app

• Kotlin VPN client using Bare runtime + bare-kit IPC
• Material Design 3 dark theme UI
• Configurable full-tunnel / subnet-only routing
• QR code scanning for server key and seed
• Multi-config management with persistent storage
• Nix dev shell for CLI builds (nix develop .#android)
• The apk file provided here is a beta/debug-version of the android app. It works but still needs refinements and polishing

macOS support

• utun device creation via Koffi FFI
• Platform dispatchers for TUN and full-tunnel (Linux + macOS)
• pfctl-based NAT for full-tunnel server mode
• DNS auto-switching (networksetup) in full-tunnel client mode

DNS auto-switching for clients in full-tunnel mode

• Linux: resolvectl or /etc/resolv.conf fallback
• macOS: networksetup -setdnsservers
• DNS restored to original on disconnect

NixOS module

• Declarative services.nospoon configuration
• Server and client mode with full-tunnel, peers, seed management
• systemd service with auto-restart

v0.1.0

First release of nospoon — a peer-to-peer VPN over HyperDHT.

• TUN interface (Layer 3) — works with any IP protocol
• NAT hole-punching — no public IP or port forwarding needed
• Noise encryption (X25519 + ChaCha20-Poly1305)
• Authenticated mode with per-client public keys and fixed IPs
• Full tunnel mode with kill switch
• Multi-client support with client-to-client routing
• Auto-reconnect with DHT restart on server IP change