qbittorrent: fix OpenVPN stale-process loop and broken _routing_del

Agent-Logs-Url: https://github.com/alexbelgium/hassio-addons/sessions/9b5f5807-1537-4008-9933-f6a6b21ec5b4

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com>

qbittorrent/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 5.2.0-7 (12-05-2026)
+- Fix OpenVPN stale-process crash loop on S6 service restart: kill any existing OpenVPN daemon and clean up stale interface/routing state before re-establishing the tunnel (same class of fix as WireGuard 5.2.0-3)
+- Fix broken routing rule cleanup: `_routing_del` was deleting rules with `from all`/`to all` wildcard which never matched the specific `from IP`/`to IP` rules added by `_routing_add`, leaving stale routing rules after VPN teardown and causing DNS resolution failures when OpenVPN tried to reconnect
+
 ## 5.2.0-6 (12-05-2026)
 - Minor bugs fixed
 

qbittorrent/config.yaml

@@ -143,4 +143,4 @@ schema:
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.2.0-6"
+version: "5.2.0-7"

qbittorrent/rootfs/usr/local/sbin/vpn

@@ -192,13 +192,36 @@ _routing_add() {
 
 _routing_del() {
     bashio::log.info "Removing routing rules for VPN interface ${config["Interface"]}..."
+    local table="${config["Table"]}"
+    local line prio rest
 
-    while _cmd "ip -4 rule del priority 1 from all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -4 rule del priority 1 to all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -4 route del default dev ${config["Interface"]} table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 rule del priority 1 from all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 rule del priority 1 to all table ${config["Table"]} 2>/dev/null"; do :; done
-    while _cmd "ip -6 route del default dev ${config["Interface"]} table ${config["Table"]} 2>/dev/null"; do :; done
+    # Remove all IPv4 policy rules pointing to our custom routing table.
+    # We must parse `ip rule list` and delete each matching rule individually,
+    # because the rules were added with specific from/to selectors (e.g.
+    # "from 10.8.0.2" or "to 8.8.8.8") — not the "from all" wildcard that
+    # the old code tried to delete, which never matched anything.
+    while IFS= read -r line; do
+        [[ "${line}" =~ ^[[:space:]]*([0-9]+):[[:space:]]+(.*lookup[[:space:]]+${table}.*)$ ]] || continue
+        prio="${BASH_REMATCH[1]}"
+        rest="${BASH_REMATCH[2]}"
+        # shellcheck disable=SC2206 — word-split is intentional: ip needs individual tokens
+        local -a rule_args=( ${rest} )
+        ip -4 rule del prio "${prio}" "${rule_args[@]}" 2>/dev/null || true
+    done < <(ip -4 rule list 2>/dev/null)
+
+    # Same for IPv6
+    while IFS= read -r line; do
+        [[ "${line}" =~ ^[[:space:]]*([0-9]+):[[:space:]]+(.*lookup[[:space:]]+${table}.*)$ ]] || continue
+        prio="${BASH_REMATCH[1]}"
+        rest="${BASH_REMATCH[2]}"
+        # shellcheck disable=SC2206 — word-split is intentional: ip needs individual tokens
+        local -a rule_args=( ${rest} )
+        ip -6 rule del prio "${prio}" "${rule_args[@]}" 2>/dev/null || true
+    done < <(ip -6 rule list 2>/dev/null)
+
+    # Flush all routes in our custom table
+    ip -4 route flush table "${table}" 2>/dev/null || true
+    ip -6 route flush table "${table}" 2>/dev/null || true
 }
 
 # --- Firewall Specific Functions ---
@@ -500,6 +523,22 @@ _openvpn_up() {
     bashio::log.warning "This routing table will be used for traffic from the VPN interface and to the configured DNS servers."
     bashio::log.warning "Qbittorrent bittorrent client shall be set to use the VPN interface ${config["Interface"]} only."
 
+    # Clean up any leftover state from a previous run (e.g., after an S6 service restart).
+    # Without this, a second OpenVPN daemon starts while the first is still running, leaving
+    # stale routing rules that cause DNS resolution failures during reconnect — the same class
+    # of bug that was fixed for WireGuard in 5.2.0-3.
+    if pgrep -f "openvpn --config ${config["ConfigFile"]}" > /dev/null 2>&1; then
+        bashio::log.info "Previous OpenVPN process found. Stopping it before re-establishing connection."
+        pkill -TERM -f "openvpn --config ${config["ConfigFile"]}" 2>/dev/null || true
+        sleep 2
+    fi
+    if ip link show "${config["Interface"]}" > /dev/null 2>&1; then
+        bashio::log.info "OpenVPN interface ${config["Interface"]} already exists. Cleaning up before re-establishing connection."
+        ip link set "${config["Interface"]}" down 2>/dev/null || true
+    fi
+    _routing_del 2>/dev/null || true
+    _resolvconf "reset" 2>/dev/null || true
+
     # Register this script as OpenVPN up/down handlers to manage routing
     echo '#!/bin/bash' > ${config["PostUpScript"]}
     echo "${config["MySelf"]} openvpn postup" >> ${config["PostUpScript"]}