SOCKS proxy with tun2proxy | tun2socks fails with Connection refused (os error 111) #4
Description
Summary
When passing a working SOCKS5 proxy (from urnetwork) into tun2proxy or tun2socks, all outbound DNS requests fail with Connection refused (os error 111). The same proxy works fine when tested directly in Firefox.
Steps to Reproduce
1.) Start the urnetwork proxy:
go run . --user-auth <redacted> --password <redacted> --country "United States"2.) Verify proxy works in Firefox:
Configure Firefox to use 127.0.0.1:9999 as SOCKS5 proxy
Browsing works as expected
3.) Run tun2proxy container:
docker run -it --rm --name tun2proxy --privileged \
ghcr.io/tun2proxy/tun2proxy-ubuntu:latest \
--proxy socks5://127.0.0.1:99994.) Connect another container through it:
docker run -it --rm --network=container:tun2proxy alpine sh5.) Inside the Alpine container:
apk updateActual Behavior
- Package fetch fails with DNS resolution errors:
WARNING: updating and opening https://dl-cdn.alpinelinux.org/... temporary error (try again later)
- tun2proxy logs show repeated UDP DNS attempts ending in connection refused:
[INFO tun2proxy] Beginning #0 UDP 10.0.0.33:46259 -> 8.8.8.8:53
[INFO tun2proxy] Ending #0 UDP 10.0.0.33:46259 -> 8.8.8.8:53 with "Connection refused (os error 111)"
- No corresponding traffic appears in the urnetwork proxy logs.
Expected Behavior
- DNS queries and TCP connections should be tunneled through the SOCKS5 proxy, allowing the Alpine container to resolve and fetch packages.
Notes
- Direct SOCKS5 usage in Firefox works fine → proxy itself is healthy.
- Failure only occurs when traffic is routed through tun2proxy / tun2socks.
- Issue seems specific to UDP (DNS) handling.