Bug: openvpn read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)

[rkbest13]

Is this urgent?

None

Host OS

ubuntu 22.04 LTS server

CPU arch

None

VPN service provider

AirVPN

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2024-10-05T07:55:45.678Z (commit 3d6d03b)

What's the problem 🤔

Container has been working great untill recently i updated the image and it keeps getting unhealthy warning. The suggested configuration seem ok.
The log below just keep restarting the vpn and error repeats again and again.
Sever ip is not changed, confirmed from the providers list

Share your logs (at least 10 lines)

Running version latest built on 2024-10-05T07:55:45.678Z (commit 3d6d03b)

2024-10-06T00:13:04Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.3 and family v4
2024-10-06T00:13:04Z INFO [routing] local ethernet link found: eth0
2024-10-06T00:13:04Z INFO [routing] local ipnet found: 172.17.0.0/16
2024-10-06T00:13:04Z INFO [firewall] enabling...
2024-10-06T00:13:04Z INFO [firewall] enabled successfully
2024-10-06T00:13:05Z INFO [storage] creating /gluetun/servers.json with 20553 hardcoded servers
2024-10-06T00:13:05Z INFO Alpine version: 3.20.3
2024-10-06T00:13:05Z INFO OpenVPN 2.5 version: 2.5.10
2024-10-06T00:13:05Z INFO OpenVPN 2.6 version: 2.6.11
2024-10-06T00:13:05Z INFO IPtables version: v1.8.10
2024-10-06T00:13:05Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: fastestvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Countries: Switzerland
|   |       ├── Hostnames: ch-01.jumptoserver.com
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Outbound subnets:
|       └── 10.13.58.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-10-06T00:13:05Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.3 and family v4
2024-10-06T00:13:05Z INFO [routing] adding route for 0.0.0.0/0
2024-10-06T00:13:05Z INFO [firewall] setting allowed subnets...
2024-10-06T00:13:05Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.3 and family v4
2024-10-06T00:13:05Z INFO [routing] adding route for 10.13.58.0/24
2024-10-06T00:13:05Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-10-06T00:13:05Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-06T00:13:05Z INFO [http server] http server listening on [::]:8000
2024-10-06T00:13:05Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-06T00:13:05Z INFO [firewall] allowing VPN connection...
2024-10-06T00:13:05Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-10-06T00:13:05Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-10-06T00:13:05Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-10-06T00:13:05Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-10-06T00:13:05Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.213.10:4443
2024-10-06T00:13:05Z INFO [openvpn] UDPv4 link local: (not bound)
2024-10-06T00:13:05Z INFO [openvpn] UDPv4 link remote: [AF_INET]37.120.213.10:4443
2024-10-06T00:13:05Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-10-06T00:13:07Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-10-06T00:13:11Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-06T00:13:11Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-06T00:13:11Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-06T00:13:11Z INFO [vpn] stopping
2024-10-06T00:13:11Z INFO [vpn] starting
2024-10-06T00:13:11Z INFO [firewall] allowing VPN connection...
2024-10-06T00:13:11Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-10-06T00:13:11Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-10-06T00:13:11Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-10-06T00:13:11Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-10-06T00:13:11Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.213.10:4443
2024-10-06T00:13:11Z INFO [openvpn] UDPv4 link local: (not bound)
2024-10-06T00:13:11Z INFO [openvpn] UDPv4 link remote: [AF_INET]37.120.213.10:4443
2024-10-06T00:13:11Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-10-06T00:13:13Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-10-06T00:13:17Z INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-10-06T00:13:22Z INFO [healthcheck] program has been unhealthy for 11s: restarting VPN

Share your configuration

version: "3.8"
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - OPENVPN_USER=${VPN_USERNAME}
      - OPENVPN_PASSWORD=${VPN_PASSWORD}
      - SERVER_COUNTRIES=Switzerland
      - SERVER_HOSTNAMES=ch-01.jumptoserver.com
      - FIREWALL_OUTBOUND_SUBNETS=10.13.58.0/24
    ports:
      - 6881:6881 #qBitTorrent
      - 6881:6881/udp #qBitTorrent
      - 8080:8080 #qBitTorrent
    restart: unless-stopped

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

untill recently i updated the image

Ok, from which image did you update from? Does it work on release image tags v3.38 or v3.39?

Also be careful with your issue fields you selected, you picked AirVPN although you use fastestvpn...

EDIT: also that warning No server certificate verification method has been enabled. seems odd

[rkbest13]

Will check today.

I selected FastestVPN but I think it was giving me long character warning and might have defaulted the first option when the page refreshed after error.

[rkbest13]

So I tried all the images backward with no luck even after using 3.37.0. After failing all test, the log were different this time with no warning for connection refused but still unhealthy.

Used different route by changing country and server address and this time it connected healthy.
Wonder if this is something others will be also noticing with Switzerland server.

[qdm12]

Maybe a misconfiguration on the switzerland server then. Please reach out to fastestvpn. Closing this since it doesn't look like a Gluetun bug, but more of a server misconfiguration, especially given it doesn't work as well on previous docker image tags.

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.