Bug: Gluetun Not Connecting to Custom OpenVPN Provider (ARM64)

[AH3GMfrY]

Is this urgent?

None

Host OS

Linux Server 22.04 LTS

CPU arch

aarch64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

v3.39.1 built on 2024-09-29T18:16:23.495Z (commit 67ae5f5)

What's the problem 🤔

I am experiencing an issue with Gluetun when trying to connect to a custom OpenVPN provider (Kaspersky VPN). The same setup worked perfectly on an older Intel x64 PC running Ubuntu Server 22.04 LTS with Docker Compose. I recently migrated to a more power-friendly Orange Pi 5 with ARM64, using Ubuntu Server 22.04 LTS ported by Joshua-Riek.

Actual Behavior: Gluetun fails to connect, showing the error: read UDPv4 [ECONNREFUSED]: Connection refused (fd=3, code=111)

Troubleshooting Steps Taken:
Added firewall rules as suggested here
Tried OpenVPN 2.5 as suggested here
Changed to TCP as suggested here

Despite these efforts, the issue persists. I suspect there might be an architecture-specific problem or a configuration issue that I am missing. I am not very experienced with networking and VPN configurations, so I may be missing something obvious. Any guidance or assistance would be greatly appreciated.

Thank you!

custom.conf example:

  client
  dev tun
  proto udp
  remote XXX.XX.XXX.XX 1194
  auth-user-pass
  remote-cert-tls server
  nobind
  <ca>
  -----BEGIN CERTIFICATE-----
  XXX
  -----END CERTIFICATE-----
  </ca>

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version v3.39.1 built on 2024-09-29T18:16:23.495Z (commit 67ae5f5)
📣 All control server routes will become private by default after the v3.41.0 release
🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-22T13:56:33Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-22T13:56:33Z INFO [routing] local ethernet link found: eth0
2024-10-22T13:56:33Z INFO [routing] local ipnet found: 172.18.0.0/16
2024-10-22T13:56:33Z INFO [firewall] enabling...
2024-10-22T13:56:33Z INFO [firewall] enabled successfully
2024-10-22T13:56:34Z INFO [storage] merging by most recent 20478 hardcoded servers and 20480 servers read from /gluetun/servers.json
2024-10-22T13:56:34Z INFO [storage] Using privado servers from file which are 187 days more recent
2024-10-22T13:56:34Z INFO [storage] Using private internet access servers from file which are 176 days more recent
2024-10-22T13:56:34Z INFO Alpine version: 3.20.3
2024-10-22T13:56:34Z INFO OpenVPN 2.5 version: 2.5.10
2024-10-22T13:56:34Z INFO OpenVPN 2.6 version: 2.6.11
2024-10-22T13:56:34Z INFO Unbound version: 1.20.0
2024-10-22T13:56:34Z INFO IPtables version: v1.8.10
2024-10-22T13:56:34Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       └── OpenVPN server selection settings:
|   |           ├── Protocol: UDP
|   |           └── Custom configuration file: /gluetun/custom.conf
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Custom configuration file: /gluetun/custom.conf
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-10-22T13:56:34Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-22T13:56:34Z INFO [routing] adding route for 0.0.0.0/0
2024-10-22T13:56:34Z INFO [firewall] setting allowed subnets...
2024-10-22T13:56:34Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-22T13:56:34Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-22T13:56:34Z INFO [http server] http server listening on [::]:8000
2024-10-22T13:56:34Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-22T13:56:34Z INFO [firewall] allowing VPN connection...
2024-10-22T13:56:34Z INFO [openvpn] Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-10-22T13:56:34Z INFO [openvpn] OpenVPN 2.6.11 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-10-22T13:56:34Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-10-22T13:56:34Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]1XX.XX.XX.XX:1194
2024-10-22T13:56:34Z INFO [openvpn] UDPv4 link local: (not bound)
2024-10-22T13:56:34Z INFO [openvpn] UDPv4 link remote: [AF_INET]1XX.XX.XX.XX:1194
2024-10-22T13:56:34Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)
2024-10-22T13:56:36Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)
2024-10-22T13:56:40Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-22T13:56:40Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-22T13:56:40Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-22T13:56:40Z INFO [vpn] stopping

Share your configuration

name: gluetun
services:
    gluetun:
        cap_add:
            - NET_ADMIN
        cpu_shares: 90
        command: []
        container_name: gluetun
        deploy:
            resources:
                limits:
                    memory: "8308916224"
        devices:
            - /dev/net/tun:/dev/net/tun
        environment:
            OPENVPN_CUSTOM_CONFIG: /gluetun/custom.conf
            OPENVPN_PASSWORD: X
            OPENVPN_USER: X
            TZ: ""
            UPDATER_PERIOD: ""
            VPN_SERVICE_PROVIDER: custom
            VPN_TYPE: openvpn
        hostname: gluetun
        image: qmcgaw/gluetun:v3.39.1
        labels:
            icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons/png/gluetun.png
        networks:
            default: null
        ports:
            - mode: ingress
              target: 8888
              published: "8888"
              protocol: tcp
            - mode: ingress
              target: 8388
              published: "8388"
              protocol: tcp
            - mode: ingress
              target: 8388
              published: "8388"
              protocol: udp
        restart: unless-stopped
        volumes:
            - type: bind
              source: /DATA/AppData/$AppID/data
              target: /gluetun
              bind:
                create_host_path: true
networks:
    default:
        name: gluetun

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image