diff --git a/Dockerfile b/Dockerfile
index 25d2ce4d..a3f875eb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG ALPINE_VERSION=3.12
+ARG ALPINE_VERSION=3.13
 ARG GO_VERSION=1.16
 ARG BUILDPLATFORM=linux/amd64
 
diff --git a/README.md b/README.md
index 08ea3c00..3abd1828 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ HideMyAss, Mullvad, NordVPN, Privado, Private Internet Access, PrivateVPN,
 PureVPN, Surfshark, TorGuard, VyprVPN and Windscribe VPN servers
 using Go, OpenVPN, iptables, DNS over TLS, ShadowSocks and an HTTP proxy*
 
-**ANNOUNCEMENT**: *New Docker image name `qmcgaw/gluetun`*
+**ANNOUNCEMENT**:
 
 <img height="250" src="https://raw.githubusercontent.com/qdm12/gluetun/master/title.svg?sanitize=true">
 
@@ -38,7 +38,7 @@ using Go, OpenVPN, iptables, DNS over TLS, ShadowSocks and an HTTP proxy*
 
 ## Features
 
-- Based on Alpine 3.12 for a small Docker image of 52MB
+- Based on Alpine 3.13 for a small Docker image of 52MB
 - Supports: **Cyberghost**, **FastestVPN**, **HideMyAss**, **Mullvad**, **NordVPN**, **Privado**, **Private Internet Access**, **PrivateVPN**, **PureVPN**,  **Surfshark**, **TorGuard**, **Vyprvpn**, **Windscribe**, servers
 - Supports Openvpn only for now
 - DNS over TLS baked in with service provider(s) of your choice
@@ -60,6 +60,7 @@ using Go, OpenVPN, iptables, DNS over TLS, ShadowSocks and an HTTP proxy*
 
 1. On some devices you may need to setup your tunnel kernel module on your host with `insmod /lib/modules/tun.ko` or `modprobe tun`
     - [Synology users Wiki page](https://github.com/qdm12/gluetun/wiki/Synology-setup)
+1. ⚠️ Raspberry Pi users running 32 bit systems: from image `v3.16.0` you need to do [this](https://github.com/alpinelinux/docker-alpine/issues/135#issuecomment-812287338) on your host to run the container.
 1. Launch the container with:
 
     ```bash
diff --git a/internal/provider/cyberghost.go b/internal/provider/cyberghost.go
index 7630c019..36981ff8 100644
--- a/internal/provider/cyberghost.go
+++ b/internal/provider/cyberghost.go
@@ -104,7 +104,8 @@ func (c *cyberghost) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
diff --git a/internal/provider/fastestvpn.go b/internal/provider/fastestvpn.go
index 33e3ed91..578f1553 100644
--- a/internal/provider/fastestvpn.go
+++ b/internal/provider/fastestvpn.go
@@ -136,7 +136,8 @@ func (f *fastestvpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		"proto " + connection.Protocol,
 		"remote " + connection.IP.String() + " " + strconv.Itoa(int(connection.Port)),
-		"cipher " + settings.Cipher,
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 	if !settings.Root {
diff --git a/internal/provider/hidemyass.go b/internal/provider/hidemyass.go
index 22fc961e..cce6abf9 100644
--- a/internal/provider/hidemyass.go
+++ b/internal/provider/hidemyass.go
@@ -129,7 +129,8 @@ func (h *hideMyAss) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		"proto " + connection.Protocol,
 		"remote " + connection.IP.String() + strconv.Itoa(int(connection.Port)),
-		"cipher " + settings.Cipher,
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 	}
 
 	if !settings.Root {
diff --git a/internal/provider/mullvad.go b/internal/provider/mullvad.go
index ae943890..f4fa7939 100644
--- a/internal/provider/mullvad.go
+++ b/internal/provider/mullvad.go
@@ -110,7 +110,8 @@ func (m *mullvad) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 	}
 	if settings.Provider.ExtraConfigOptions.OpenVPNIPv6 {
 		lines = append(lines, "tun-ipv6")
diff --git a/internal/provider/nordvpn.go b/internal/provider/nordvpn.go
index c28e4847..89259545 100644
--- a/internal/provider/nordvpn.go
+++ b/internal/provider/nordvpn.go
@@ -125,7 +125,8 @@ func (n *nordvpn) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP.String(), connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if !settings.Root {
diff --git a/internal/provider/piav4.go b/internal/provider/piav4.go
index 9591628c..70bdb688 100644
--- a/internal/provider/piav4.go
+++ b/internal/provider/piav4.go
@@ -176,7 +176,8 @@ func (p *pia) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
diff --git a/internal/provider/privado.go b/internal/provider/privado.go
index 12cbf151..42d8a19d 100644
--- a/internal/provider/privado.go
+++ b/internal/provider/privado.go
@@ -107,7 +107,8 @@ func (s *privado) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if !settings.Root {
diff --git a/internal/provider/privatevpn.go b/internal/provider/privatevpn.go
index dade91e6..d3efe142 100644
--- a/internal/provider/privatevpn.go
+++ b/internal/provider/privatevpn.go
@@ -127,7 +127,8 @@ func (p *privatevpn) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if connection.Protocol == constants.UDP {
diff --git a/internal/provider/purevpn.go b/internal/provider/purevpn.go
index 2a333f71..204216ad 100644
--- a/internal/provider/purevpn.go
+++ b/internal/provider/purevpn.go
@@ -111,7 +111,8 @@ func (p *purevpn) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP.String(), connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 	}
 	if !settings.Root {
 		lines = append(lines, "user "+username)
diff --git a/internal/provider/surfshark.go b/internal/provider/surfshark.go
index 9a1d55ff..d4110c3b 100644
--- a/internal/provider/surfshark.go
+++ b/internal/provider/surfshark.go
@@ -123,7 +123,8 @@ func (s *surfshark) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if !settings.Root {
diff --git a/internal/provider/torguard.go b/internal/provider/torguard.go
index 1a36dbd1..35e99323 100644
--- a/internal/provider/torguard.go
+++ b/internal/provider/torguard.go
@@ -138,7 +138,8 @@ func (t *torguard) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		"proto " + connection.Protocol,
 		"remote " + connection.IP.String() + " " + strconv.Itoa(int(connection.Port)),
-		"cipher " + settings.Cipher,
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
diff --git a/internal/provider/vyprvpn.go b/internal/provider/vyprvpn.go
index b78f6ed8..bd23c746 100644
--- a/internal/provider/vyprvpn.go
+++ b/internal/provider/vyprvpn.go
@@ -108,7 +108,8 @@ func (v *vyprvpn) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if !settings.Root {
diff --git a/internal/provider/windscribe.go b/internal/provider/windscribe.go
index 2d0dcdb9..d682e8f4 100644
--- a/internal/provider/windscribe.go
+++ b/internal/provider/windscribe.go
@@ -113,7 +113,8 @@ func (w *windscribe) BuildConf(connection models.OpenVPNConnection,
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", connection.Protocol),
 		fmt.Sprintf("remote %s %d", connection.IP, connection.Port),
-		fmt.Sprintf("cipher %s", settings.Cipher),
+		"data-ciphers-fallback " + settings.Cipher,
+		"data-ciphers " + settings.Cipher,
 		fmt.Sprintf("auth %s", settings.Auth),
 	}
 	if strings.HasSuffix(settings.Cipher, "-gcm") {