diff --git a/src/Dockerfile b/src/Dockerfile
index 97839d9..48f5ed6 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -1,5 +1,5 @@
 # FROM debian:bookworm
-FROM debian:bookworm-slim as BUILDER
+FROM debian:bookworm as BUILDER
 ARG URL
 ARG DEBNAME
 RUN \
@@ -9,19 +9,17 @@ RUN \
   tar xv -C /tmp -f /tmp/client.tar.gz && \
   dpkg -i "/tmp/${DEBNAME}"
 
-FROM debian:bookworm-slim
+FROM alpine:3.21
 
 COPY --from=BUILDER /usr/local/bin/barracudavpn /app/
 
 RUN \
-  DEBIAN_FRONTEND=noninteractive apt-get update && \
-  DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
-  DEBIAN_FRONTEND=noninteractive apt-get install -y iproute2 gettext-base tini && \
-  rm -rf /var/lib/apt/lists/*
+  apk -U upgrade && \
+  apk add iproute2 gettext tini
 
 COPY rootfs /
 
 HEALTHCHECK --interval=30s --start-period=30s --timeout=3s \
   CMD /app/healthcheck.sh
 
-ENTRYPOINT [ "/usr/bin/tini-static", "--", "/app/entrypoint.sh" ]
+ENTRYPOINT [ "/sbin/tini", "--", "/app/entrypoint.sh" ]
diff --git a/src/rootfs/app/barracudavpn.conf_credentials.tpl b/src/rootfs/app/barracudavpn.conf_credentials.tpl
new file mode 100755
index 0000000..7ac7e9e
--- /dev/null
+++ b/src/rootfs/app/barracudavpn.conf_credentials.tpl
@@ -0,0 +1,90 @@
+ADAccessibility=0
+adapterReordering=0
+allowENA=1
+allowFWRule=1
+AuthType=2
+AuthUser=0
+BINDIP = 0
+certenhancedKeyUsage="1.3.6.1.5.5.7.3.2"
+certissuer=""
+certissuerX500=""
+CertLookupPattern=""
+CertMultipleSelection=0
+certname=""
+CertSEarchOrder=0
+certserialnumber=""
+certSerialNummberAutoUpdate=1
+clientIP=0
+CloseOnConnect=0
+compress=1
+credential_Persist=0
+CryptoMode=1
+Default=1
+dhcp=2
+DHCPv6=2
+driverLessMode=0
+enableMSLogon=0
+encryption=4
+FallbackProfile=""
+fastDynReconnect=1
+fastDynReconnectPermanent=1
+hash=1
+ipFamily=23
+ipLegacyMode=1
+KEEPALIVE = 10
+KeySpec=0
+lastActiveDirectory=""
+license=""
+mode=1
+mustConnect=0
+oneTimePassword=0
+phionX509=0
+PrivateEncrypt=1
+ProbeEncryption=0
+proxy=""
+proxydomain=""
+proxyType=0
+proxyport=""
+proxyuser=""
+reconnectAdapterReset=0
+reconnectCycle=1
+ReconnectImmediate=1
+redirectBlockingTCP=0
+redirectNonBlockingTCP=0
+redirectUDP=0
+rememberLoginUser=0
+SERVER = ${SERVER}
+SERVERPORT = ${SERVERPORT}
+ShowPopup=1
+silent=0
+simulateSSL=0
+smartcard_keynumber=0
+smartcard=0
+SPECIAL = NESSUNO
+startScript=""
+startScriptAsServiceUser=0
+startScriptInteractive=0
+stopScript=""
+stopScriptAsServiceUser=0
+stopScriptInteractive=0
+store="MY"
+StoreFlags=-1
+streamCompression=1
+TAP = /dev/tun0
+TerminateCountdown=2
+timeoutAlive=10
+timeoutIfUSerLogout=1
+tracereport=1
+TryTimeout=60
+TUNNELENC = AES128-MD5
+TUNNELMODE = UDP
+tunnelProbing=0
+TUNNELREKEY =
+tunnelRTT=0
+tunnelSoftHeartbeat=0
+unattended=1
+usePolSrv=0
+usePolSrvInterceptVPNHandshake=0
+usePolSrvTerminateVPN=0
+usePolSrvTimeout=30
+WRITEDNS = MERGE
\ No newline at end of file
diff --git a/src/rootfs/app/barracudavpn.conf.tpl b/src/rootfs/app/barracudavpn.conf_licfile.tpl
similarity index 100%
rename from src/rootfs/app/barracudavpn.conf.tpl
rename to src/rootfs/app/barracudavpn.conf_licfile.tpl
diff --git a/src/rootfs/app/entrypoint.sh b/src/rootfs/app/entrypoint.sh
index 9cec289..24adc8a 100755
--- a/src/rootfs/app/entrypoint.sh
+++ b/src/rootfs/app/entrypoint.sh
@@ -1,58 +1,7 @@
-#!/bin/bash
+#!/bin/sh
 
 stty -echoctl # hide ^C
 
-set +H # disable history expansion, to enable the use of exclamation mark in the password
-# set +o histexpand
-
-
-# add tap device if it doesn't exists
-if [ ! -d /sys/class/net/tap0 ] ; then
-    ip tuntap add mode tap tap0
-fi
-
-# TODO: check if /sys/class/net/tap0/operstate says "up" and quit?
-
-CONFIGDIR=/app/config/
-CONFIGFILE="${CONFIGDIR}/barracudavpn.conf"
-
-mkdir -p "${CONFIGDIR}"
-
-if [ -z "${VPN_PASSWORD}${VPN_PASSWORD_FILE}" ]; then
-    echo "You need to specify the password (VPN_PASSWORD or VPN_PASSWORD_FILE env variable)"
-    exit 1
-fi
-
-if [ ! -z "${VPN_PASSWORD_FILE}" ]; then
-    if [ ! -r "${LIC_FILE}" ]; then
-        echo "The specified password file (${VPN_PASSWORD_FILE}) is not readable"
-        exit 1
-    fi
-fi
-
-VPN_PASSWORD_FILE_CONTENT=$(cat "${VPN_PASSWORD_FILE}")
-VPN_PASSWORD=${VPN_PASSWORD:-$VPN_PASSWORD_FILE_CONTENT}
-
-if [ -z "${LIC_FILE}" ]; then
-    echo "You need to specify the path to the license file (LIC_FILE env variable)"
-    exit 1
-fi
-
-if [ ! -r "${LIC_FILE}" ]; then
-    echo "The license file (${LIC_FILE}) is not readable"
-    exit 1
-fi
-
-if [ -z "${SERVER}" ]; then
-    echo "You need to specify the server (SERVER env variable)"
-    exit 1
-fi
-
-export SERVERPORT=${SERVERPORT:-691}
-
-# generate new config file
-envsubst < /app/barracudavpn.conf.tpl > "${CONFIGFILE}"
-
 stop_vpn() {
     echo Closing VPN connection
     /app/barracudavpn --config "${CONFIGDIR}" --stop
@@ -60,14 +9,117 @@ stop_vpn() {
     exit
 }
 
-start_vpn() {
+start_vpn_licfile() {
     echo Opening VPN connection
     /app/barracudavpn --config "${CONFIGDIR}" --start  --keypwd "${VPN_PASSWORD}" --serverpwd "${VPN_PASSWORD}"
 }
 
+start_vpn_credentials() {
+    echo Opening VPN connection
+    /app/barracudavpn --config "${CONFIGDIR}" --start  --login "${USERNAME}" --serverpwd "${PASSWORD}"
+}
+
+generate_config_licfile() {
+    if [ -z "${VPN_PASSWORD}${VPN_PASSWORD_FILE}" ]; then
+        echo "You need to specify the password (VPN_PASSWORD or VPN_PASSWORD_FILE env variable)"
+        exit 1
+    fi
+
+    if [ ! -z "${VPN_PASSWORD_FILE}" ]; then
+        if [ ! -r "${VPN_PASSWORD_FILE}" ]; then
+            echo "The specified password file (${VPN_PASSWORD_FILE}) is not readable"
+            exit 1
+        fi
+        VPN_PASSWORD_FILE_CONTENT=$(cat "${VPN_PASSWORD_FILE}")
+        VPN_PASSWORD=${VPN_PASSWORD:-${VPN_PASSWORD_FILE_CONTENT}}
+    fi
+
+    if [ -z "${LIC_FILE}" ]; then
+        echo "You need to specify the path to the license file (LIC_FILE env variable)"
+        exit 1
+    fi
+
+    if [ ! -r "${LIC_FILE}" ]; then
+        echo "The license file (${LIC_FILE}) is not readable"
+        exit 1
+    fi
+
+    # generate new config file
+    envsubst < /app/barracudavpn.conf_licfile.tpl > "${CONFIGFILE}"
+}
+
+generate_config_credentials() {
+    if [ -z "${USERNAME}${USERNAME_FILE}" ]; then
+        echo "You need to specify the username (USERNAME or USERNAME_FILE env variable)"
+        exit 1
+    fi
+
+    if [ ! -z "${USERNAME_FILE}" ]; then
+        if [ ! -r "${USERNAME_FILE}" ]; then
+            echo "The specified username file (${USERNAME_FILE}) is not readable"
+            exit 1
+        fi
+        USERNAME_FILE_CONTENT=$(cat "${USERNAME_FILE}")
+        USERNAME=${USERNAME:-${USERNAME_FILE_CONTENT}}
+    fi
+
+    if [ -z "${PASSWORD}${PASSWORD_FILE}" ]; then
+        echo "You need to specify the password (PASSWORD or PASSWORD_FILE env variable)"
+        exit 1
+    fi
+
+    if [ ! -z "${PASSWORD_FILE}" ]; then
+        if [ ! -r "${PASSWORD_FILE}" ]; then
+            echo "The specified password file (${PASSWORD_FILE}) is not readable"
+            exit 1
+        fi
+        PASSWORD_FILE_CONTENT=$(cat "${PASSWORD_FILE}")
+        PASSWORD=${PASSWORD:-${PASSWORD_FILE_CONTENT}}
+    fi
+
+    # generate new config file
+    envsubst < /app/barracudavpn.conf_credentials.tpl > "${CONFIGFILE}"
+}
+
+TAP_IFACE=${TAP_IFACE:-tap0}
+# add tap device if it doesn't exists
+if [ ! -d "/sys/class/net/${TAP_IFACE}" ] ; then
+    echo Creating "${TAP_IFACE}"
+    ip tuntap add mode tap "${TAP_IFACE}"
+    sleep 5
+fi
+
+# TODO: check if /sys/class/net/${TAP_IFACE}/operstate says "up" and quit?
+
+CONFIGDIR=/app/config/
+CONFIGFILE="${CONFIGDIR}/barracudavpn.conf"
+
+mkdir -p "${CONFIGDIR}"
+
+AUTH_MODE=${AUTH_MODE:-licfile}
+
+if [ -z "${SERVER}" ]; then
+    echo "You need to specify the server (SERVER env variable)"
+    exit 1
+fi
+export SERVERPORT=${SERVERPORT:-691}
+
 trap 'stop_vpn' INT TERM
 
-start_vpn
+case "${AUTH_MODE}" in
+    licfile)
+        generate_config_licfile
+        start_vpn_licfile
+    ;;
+    credentials)
+        generate_config_credentials
+        start_vpn_credentials
+    ;;
+    *)
+        echo "Invalid AUTH_MODE (${AUTH_MODE})"
+        exit 1
+esac
+
 while : ; do
     sleep 1m
 done
diff --git a/src/rootfs/app/healthcheck.sh b/src/rootfs/app/healthcheck.sh
index e9320d9..820120d 100755
--- a/src/rootfs/app/healthcheck.sh
+++ b/src/rootfs/app/healthcheck.sh
@@ -1,9 +1,18 @@
-#!/bin/bash
+#!/bin/sh
 
 CONFIGDIR=/app/config/
+STATUS_OUTPUT=$(/app/barracudavpn --config "${CONFIGDIR}" --status)
+VPN_EXIT=$?
 
-/app/barracudavpn --config "${CONFIGDIR}" --status|grep '^Status:\s*CONNECTED$' && exit 0
-exit 1
+if [ "${VPN_EXIT}" -ne 0 ]; then
+  exit 1
+fi
+
+if echo "${STATUS_OUTPUT}" | grep -q '^Status:[[:space:]]*CONNECTED$'; then
+  exit 0
+else
+  exit 1
+fi
 
 # A "connected" answer contains:
 # Status:      CONNECTED