diff --git a/dsvpn/Makefile b/dsvpn/Makefile
index 0e2aa6138..c3215e93a 100644
--- a/dsvpn/Makefile
+++ b/dsvpn/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/jedisct1/dsvpn.git
-PKG_SOURCE_VERSION:=8abb2d22c1059ebf86ab1bdb62e71da3e22cf604
+PKG_SOURCE_VERSION:=3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a
 PKG_NAME:=dsvpn
-PKG_VERSION:=0.1.3-$(PKG_SOURCE_VERSION)
+PKG_VERSION:=0.1.4-$(PKG_SOURCE_VERSION)
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/dsvpn/patches/nofirewall.patch b/dsvpn/patches/nofirewall.patch
index c293f97e7..89c866640 100644
--- a/dsvpn/patches/nofirewall.patch
+++ b/dsvpn/patches/nofirewall.patch
@@ -1,8 +1,6 @@
-diff --git a/src/os.c b/src/os.c
-index d5e4482..ee525aa 100644
---- a/src/os.c
-+++ b/src/os.c
-@@ -445,20 +445,25 @@ Cmds firewall_rules_cmds(int is_server)
+--- a/src/os.c	2019-12-06 19:49:50.323898270 +0100
++++ b/src/os.c	2019-12-06 19:54:20.987206244 +0100
+@@ -445,24 +445,28 @@
  #ifdef __linux__
          static const char
              *set_cmds[] =
@@ -13,6 +11,8 @@ index d5e4482..ee525aa 100644
                    "ip link set dev $IF_NAME up",
 +#ifndef NO_DEFAULT_FIREWALL
 +                  "sysctl net.ipv4.ip_forward=1",
+                   "iptables -t raw -I PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
+                   "--src-type LOCAL -j DROP",
                    "iptables -t nat -A POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE",
                    "iptables -t filter -A FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
                    "RELATED,ESTABLISHED -j ACCEPT",
@@ -24,38 +24,42 @@ index d5e4482..ee525aa 100644
                  "iptables -t nat -D POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE",
                  "iptables -t filter -D FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
                  "RELATED,ESTABLISHED -j ACCEPT",
--                "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT", NULL
-+                "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT", 
+                 "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT",
+                 "iptables -t raw -D PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
+                 "--src-type LOCAL -j DROP",
 +#endif
-+                NULL
+                 NULL
              };
  #elif defined(__APPLE__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
-     defined(__DragonFly__) || defined(__NetBSD__)
-@@ -492,7 +497,10 @@ Cmds firewall_rules_cmds(int is_server)
-                           };
+@@ -503,12 +507,17 @@
  #elif defined(__linux__)
          static const char
--            *set_cmds[]   = { "sysctl net.ipv4.tcp_congestion_control=bbr",
-+            *set_cmds[]   = {
+             *set_cmds[] =
+-                { "sysctl net.ipv4.tcp_congestion_control=bbr",
++                { 
 +#ifndef NO_DEFAULT_CONGESTION
-+                            "sysctl net.ipv4.tcp_congestion_control=bbr",
++                  "sysctl net.ipv4.tcp_congestion_control=bbr",
 +#endif
-                             "ip link set dev $IF_NAME up",
-                             "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
-                             "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
-@@ -505,9 +513,13 @@ Cmds firewall_rules_cmds(int is_server)
-                             "ip -6 rule add table main suppress_prefixlength 0",
+                   "ip link set dev $IF_NAME up",
+-                  "iptables -t raw -I PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
+-                  "--src-type LOCAL -j DROP",
+                   "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME",
+                   "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME",
++#ifndef NO_DEFAULT_FIREWALL
++                  "iptables -t raw -I PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
++                  "--src-type LOCAL -j DROP",
++#endif
+ #ifndef NO_DEFAULT_ROUTES
+                   "ip route add default dev $IF_NAME table 42069",
+                   "ip -6 route add default dev $IF_NAME table 42069",
+@@ -525,8 +534,10 @@
+                 "ip rule delete table main suppress_prefixlength 0",
+                 "ip -6 rule delete table main suppress_prefixlength 0",
  #endif
-                             NULL },
--            *unset_cmds[] = { "ip rule delete table 42069", "ip -6 rule delete table 42069",
-+            *unset_cmds[] = { 
-+#ifndef NO_DEFAULT_ROUTES
-+                              "ip rule delete table 42069", "ip -6 rule delete table 42069",
-                               "ip rule delete table main suppress_prefixlength 0",
--                              "ip -6 rule delete table main suppress_prefixlength 0", NULL };
-+                              "ip -6 rule delete table main suppress_prefixlength 0",
++#ifndef NO_DEFAULT_FIREWALL
+                 "iptables -t raw -D PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
+                 "--src-type LOCAL -j DROP",
 +#endif
-+                               NULL };
+                 NULL
+             };
  #else
-         static const char *const *set_cmds = NULL, *const *unset_cmds = NULL;
- #endif
diff --git a/dsvpn/patches/nostrip.patch b/dsvpn/patches/nostrip.patch
index b9a4166a9..628b16584 100644
--- a/dsvpn/patches/nostrip.patch
+++ b/dsvpn/patches/nostrip.patch
@@ -2,8 +2,8 @@
 +++ b/Makefile	2019-08-03 22:53:00.901364600 +0200
 @@ -5,7 +5,6 @@
  
- dsvpn: Makefile src/vpn.c src/charm.c src/os.c include/charm.h include/vpn.h include/os.h
- 	$(CC) $(CFLAGS) -Iinclude -o $@ src/vpn.c src/charm.c src/os.c
+ dsvpn: $(CFLAGS_FILE) Makefile src/vpn.c src/charm.c src/os.c include/charm.h include/vpn.h include/os.h
+ 	$(CC) $$(cat "$(CFLAGS_FILE)") $(OPTFLAGS) -Iinclude -o $@ src/vpn.c src/charm.c src/os.c
 -	strip $@
  
  install: dsvpn