Merge pull request #2216 from alexbelgium/codex/add-fallback-connection-for-wireguard-1cgz6g

Add IPv4 WireGuard fallback for qbittorrent add-on
2026-01-10 09:51:02 +01:00 · 2025-11-19 20:27:58 +01:00
parent 1902eb53de 065674de81
commit 9aa2a374c8
2 changed files with 43 additions and 12 deletions
--- a/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
+++ b/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
@@ -61,7 +61,7 @@ wireguard_runtime_config="${WIREGUARD_STATE_DIR}/${interface_name}.conf"

 cp "${wireguard_config}" "${wireguard_runtime_config}"
 chmod 600 "${wireguard_runtime_config}" 2>/dev/null || true
-bashio::log.info 'Prepared WireGuard runtime configuration with both IPv4 and IPv6 entries.'
+bashio::log.info 'Prepared WireGuard runtime configuration for initial connection attempt.'

 echo "${wireguard_runtime_config}" > "${WIREGUARD_STATE_DIR}/config"
 echo "${interface_name}" > "${WIREGUARD_STATE_DIR}/interface"
--- a/qbittorrent/rootfs/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run
+++ b/qbittorrent/rootfs/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run
@@ -39,17 +39,48 @@ else
        bashio::log.info "Starting WireGuard interface ${wireguard_interface} using ${wireguard_config##*/}."

        if ! output=$(wg-quick up "${wireguard_config}" 2>&1); then
-            bashio::log.error 'WireGuard failed to establish a connection.'
-            bashio::log.error "wg-quick output:"
-            bashio::log.error "${output}"
-            bashio::log.error 'Troubleshooting steps:'
-            bashio::log.error "  1. Confirm that the WireGuard configuration file '${wireguard_config}' exists inside the container and contains valid private/public keys, endpoint and AllowedIPs."
-            bashio::log.error '  2. Ensure UDP port 51820 (or the port defined in your config) is forwarded on your router to this host and not blocked by your firewall or ISP.'
-            bashio::log.error '  3. Verify that the configured endpoint (IP/hostname and port) is reachable from this container (e.g. ping or nc from a debug shell).'
-            bashio::log.error '  4. Check that the system time is correct (NTP); large time drift can break key handshakes.'
-            bashio::log.error '  5. Confirm that WireGuard kernel support / module is available in the host system.'
-            bashio::log.error '  6. If DNS names are used for the endpoint, verify DNS resolution from inside the container (e.g. nslookup or dig).'
-            bashio::exit.nok 'WireGuard start failed. See the log above for details.'
+            bashio::log.warning 'Initial WireGuard connection attempt failed. Trying again with IPv4-only endpoints.'
+            bashio::log.warning "First attempt output:${bashio::constants.LF}${output}"
+
+            ipv4_config="${WIREGUARD_STATE_DIR}/${wireguard_interface}-ipv4.conf"
+            echo -n > "${ipv4_config}"
+            chmod 600 "${ipv4_config}" 2>/dev/null || true
+
+            while IFS= read -r line; do
+                if [[ "${line}" =~ ^Endpoint ]]; then
+                    endpoint="${line#Endpoint = }"
+                    endpoint_host="${endpoint%:*}"
+                    endpoint_port="${endpoint##*:}"
+
+                    mapfile -t ipv4_candidates < <(getent ahostsv4 "${endpoint_host}" | awk '{print $1}' | uniq)
+
+                    if [ ${#ipv4_candidates[@]} -gt 0 ]; then
+                        bashio::log.debug "Resolved ${endpoint_host} to IPv4 address ${ipv4_candidates[0]} for WireGuard fallback."
+                        echo "Endpoint = ${ipv4_candidates[0]}:${endpoint_port}" >> "${ipv4_config}"
+                    else
+                        bashio::log.warning "No IPv4 address found for ${endpoint_host}. Keeping original endpoint for fallback."
+                        echo "${line}" >> "${ipv4_config}"
+                    fi
+                else
+                    echo "${line}" >> "${ipv4_config}"
+                fi
+            done < "${wireguard_config}"
+
+            wg-quick down "${wireguard_config}" >/dev/null 2>&1 || true
+
+            if ! output=$(wg-quick up "${ipv4_config}" 2>&1); then
+                bashio::log.error 'WireGuard failed to establish a connection after IPv4-only retry.'
+                bashio::log.error "wg-quick output:"
+                bashio::log.error "${output}"
+                bashio::log.error 'Troubleshooting steps:'
+                bashio::log.error "  1. Confirm that the WireGuard configuration file '${wireguard_config}' exists inside the container and contains valid private/public keys, endpoint and AllowedIPs."
+                bashio::log.error '  2. Ensure UDP port 51820 (or the port defined in your config) is forwarded on your router to this host and not blocked by your firewall or ISP.'
+                bashio::log.error '  3. Verify that the configured endpoint (IP/hostname and port) is reachable from this container (e.g. ping or nc from a debug shell).'
+                bashio::log.error '  4. Check that the system time is correct (NTP); large time drift can break key handshakes.'
+                bashio::log.error '  5. Confirm that WireGuard kernel support / module is available in the host system.'
+                bashio::log.error '  6. If DNS names are used for the endpoint, verify DNS resolution from inside the container (e.g. nslookup or dig).'
+                bashio::exit.nok 'WireGuard start failed. See the log above for details.'
+            fi
        fi

        bashio::log.info "WireGuard interface ${wireguard_interface} is up."