avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-06-21 23:09:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(qbittorrent): simplify vpn endpoint route to single-IP helpers

Browse Source 
Agent-Logs-Url: https://github.com/alexbelgium/hassio-addons/sessions/c4801bc4-9748-4959-986c-8459fd6d52cd

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-05-13 08:52:26 +00:00
committed by GitHub
parent eb7b1dc102
commit c7a116e968
3 changed files with 33 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
qbittorrent/CHANGELOG.md
View File

@@ -1,3 +1,6 @@
## 5.2.0-18 (13-05-2026)
- Simplify VPN endpoint route pinning to minimal helpers (single endpoint, no tracking list).
## 5.2.0-17 (13-05-2026) ## 5.2.0-17 (13-05-2026)
- Fix VPN endpoint routing by pinning OpenVPN/WireGuard server IPs to the pre-VPN main route, preventing recursive tunnel routing drops. - Fix VPN endpoint routing by pinning OpenVPN/WireGuard server IPs to the pre-VPN main route, preventing recursive tunnel routing drops.

2
qbittorrent/config.yaml
View File

@@ -143,4 +143,4 @@ schema:
slug: qbittorrent slug: qbittorrent
udev: true udev: true
url: https://github.com/alexbelgium/hassio-addons url: https://github.com/alexbelgium/hassio-addons
version: "5.2.0-17" version: "5.2.0-18"

133
qbittorrent/rootfs/usr/local/sbin/vpn
View File

@@ -150,98 +150,25 @@ _resolve_hostname() {
} }
_endpoint_route_add() { _endpoint_route_add() {
local endpoint_ip="$1" local ip="$1"
local route_line="" local rt via dev
local route_via="" rt="$(ip route get "${ip}" 2>/dev/null | head -n1)"
local route_dev="" via="$(awk '{for(i=1;i<=NF;i++) if($i=="via"){print $(i+1);exit}}' <<< "${rt}")"
local route_prefix="" dev="$(awk '{for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1);exit}}' <<< "${rt}")"
local route_family="" [ -z "${dev}" ] && { bashio::log.error "No route to VPN endpoint ${ip}."; return 1; }
local -a route_cmd=() if [ -n "${via}" ]; then
local result=0 ip route replace "${ip}" via "${via}" dev "${dev}" || return 1
_check_host "${endpoint_ip}" || result=$?
if [ "${result}" -eq 1 ]; then
route_family="-4"
route_prefix="${endpoint_ip}/32"
route_line="$(ip -4 route get "${endpoint_ip}" table main 2>/dev/null | head -n1)"
elif [ "${result}" -eq 2 ]; then
route_family="-6"
route_prefix="${endpoint_ip}/128"
route_line="$(ip -6 route get "${endpoint_ip}" table main 2>/dev/null | head -n1)"
else else
bashio::log.error "Cannot add endpoint route. '${endpoint_ip}' is not a valid IP address." ip route replace "${ip}" dev "${dev}" || return 1
return 1
fi fi
bashio::log.info "Pinned VPN endpoint ${ip} to pre-VPN route (dev ${dev})."
route_via="$(awk '{for (i=1; i<=NF; i++) if ($i=="via") {print $(i+1); exit}}' <<< "${route_line}")"
route_dev="$(awk '{for (i=1; i<=NF; i++) if ($i=="dev") {print $(i+1); exit}}' <<< "${route_line}")"
if [ -z "${route_dev}" ]; then
bashio::log.error "Unable to determine a main-table route for VPN endpoint ${endpoint_ip}."
return 1
fi
route_cmd=(ip "${route_family}" route replace "${route_prefix}" table main)
if [ -n "${route_via}" ]; then
route_cmd+=(via "${route_via}")
fi
route_cmd+=(dev "${route_dev}")
"${route_cmd[@]}" || return 1
if [ -n "${config["EndpointRoutesFile"]:-}" ]; then
touch "${config["EndpointRoutesFile"]}" || true
if ! grep -Fxq "${endpoint_ip}" "${config["EndpointRoutesFile"]}" 2>/dev/null; then
echo "${endpoint_ip}" >> "${config["EndpointRoutesFile"]}"
fi
fi
bashio::log.info "Pinned VPN endpoint ${endpoint_ip} to pre-VPN route via ${route_dev}."
} }
_endpoint_routes_del() { _endpoint_route_del() {
local endpoint_ip="" local ip
local result=0 ip="$(cat "${config["EndpointIPFile"]}" 2>/dev/null)"
[ -n "${ip}" ] && ip route del "${ip}" 2>/dev/null || true
if [ -z "${config["EndpointRoutesFile"]:-}" ] || [ ! -f "${config["EndpointRoutesFile"]}" ]; then rm -f "${config["EndpointIPFile"]}" || true
return 0
fi
while IFS= read -r endpoint_ip || [ -n "${endpoint_ip}" ]; do
[ -z "${endpoint_ip}" ] && continue
result=0
_check_host "${endpoint_ip}" || result=$?
if [ "${result}" -eq 1 ]; then
_cmd "ip -4 route del ${endpoint_ip}/32 table main 2>/dev/null" || true
elif [ "${result}" -eq 2 ]; then
_cmd "ip -6 route del ${endpoint_ip}/128 table main 2>/dev/null" || true
fi
done < "${config["EndpointRoutesFile"]}"
rm -f "${config["EndpointRoutesFile"]}" || true
}
_openvpn_collect_endpoint_ips() {
local remote_host=""
local result=0
local endpoint_ip=""
local -a remote_hosts=()
local -a resolved_ips=()
mapfile -t remote_hosts < <(awk '/^[[:space:]]*remote[[:space:]]+/ {print $2}' "${config["ConfigFile"]}" | sort -u)
for remote_host in "${remote_hosts[@]}"; do
[ -z "${remote_host}" ] && continue
result=0
_check_host "${remote_host}" || result=$?
if [ "${result}" -eq 1 ] || [ "${result}" -eq 2 ]; then
resolved_ips+=("${remote_host}")
elif [ "${result}" -eq 3 ]; then
for endpoint_ip in $(_resolve_hostname "${remote_host}"); do
resolved_ips+=("${endpoint_ip}")
done
fi
done
if [ ${#resolved_ips[@]} -gt 0 ]; then
printf '%s\n' "${resolved_ips[@]}" | awk 'NF {print}' | sort -u
fi
} }
_routing_add() { _routing_add() {
@@ -439,9 +366,8 @@ _wireguard_up() {
fi fi
_cmd "ip link set ${config["Interface"]} up" || return 1 _cmd "ip link set ${config["Interface"]} up" || return 1
touch "${config["EndpointRoutesFile"]}" || return 1
> "${config["EndpointRoutesFile"]}" || return 1
_endpoint_route_add "${config["EndpointIP"]}" || return 1 _endpoint_route_add "${config["EndpointIP"]}" || return 1
echo "${config["EndpointIP"]}" > "${config["EndpointIPFile"]}"
# Add routing rules for VPN interface and DNS servers # Add routing rules for VPN interface and DNS servers
_routing_add || return 1 _routing_add || return 1
@@ -456,7 +382,7 @@ _wireguard_up() {
} }
_wireguard_down() { _wireguard_down() {
_endpoint_routes_del || true _endpoint_route_del || true
# Update resolv.conf to remove VPN DNS servers # Update resolv.conf to remove VPN DNS servers
_resolvconf "reset" || true _resolvconf "reset" || true
# Remove routing rules for VPN interface and DNS servers # Remove routing rules for VPN interface and DNS servers
@@ -498,7 +424,7 @@ wireguard() {
config["Interface"]="${interface}" config["Interface"]="${interface}"
config["ConfigFile"]="${config_file}" config["ConfigFile"]="${config_file}"
config["Table"]="${config["Table"]:-1000}" config["Table"]="${config["Table"]:-1000}"
config["EndpointRoutesFile"]="${WIREGUARD_STATE_DIR}/endpoint-routes" config["EndpointIPFile"]="${WIREGUARD_STATE_DIR}/endpoint-ip"
config["ListenPort"]="${config["ListenPort"]:-51820}" config["ListenPort"]="${config["ListenPort"]:-51820}"
config["EndpointHost"]="${config["Endpoint"]%:*}" config["EndpointHost"]="${config["Endpoint"]%:*}"
config["EndpointPort"]="${config["Endpoint"]##*:}" config["EndpointPort"]="${config["Endpoint"]##*:}"
@@ -585,7 +511,7 @@ _openvpn_check() {
} }
_openvpn_up() { _openvpn_up() {
local endpoint_ip local endpoint_ip result=0
bashio::log.warning "This script force OpenvPN to ignore any routes and DNS settings pushed by the server." bashio::log.warning "This script force OpenvPN to ignore any routes and DNS settings pushed by the server."
bashio::log.warning "Default route will be inserted into custom routing table: ${config["Table"]}" bashio::log.warning "Default route will be inserted into custom routing table: ${config["Table"]}"
@@ -600,14 +526,13 @@ _openvpn_up() {
echo "${config["MySelf"]} openvpn postdown" >> ${config["PostDownScript"]} echo "${config["MySelf"]} openvpn postdown" >> ${config["PostDownScript"]}
chmod 755 ${config["PostDownScript"]} chmod 755 ${config["PostDownScript"]}
touch "${config["EndpointRoutesFile"]}" || return 1 endpoint_ip="$(awk '/^[[:space:]]*remote[[:space:]]/ {print $2; exit}' "${config["ConfigFile"]}")"
> "${config["EndpointRoutesFile"]}" || return 1 if [ -n "${endpoint_ip}" ]; then
while IFS= read -r endpoint_ip || [ -n "${endpoint_ip}" ]; do _check_host "${endpoint_ip}" || result=$?
[ -z "${endpoint_ip}" ] && continue [ "${result}" -eq 3 ] && endpoint_ip="$(_resolve_hostname "${endpoint_ip}" | awk '{print $1}')"
_endpoint_route_add "${endpoint_ip}" || return 1 if [ -n "${endpoint_ip}" ]; then
done < <(_openvpn_collect_endpoint_ips) _endpoint_route_add "${endpoint_ip}" && echo "${endpoint_ip}" > "${config["EndpointIPFile"]}"
if [ ! -s "${config["EndpointRoutesFile"]}" ]; then fi
bashio::log.warning "No OpenVPN endpoint host route could be prepared from ${config["ConfigFile"]}."
fi fi
# Define logging # Define logging
@@ -645,7 +570,7 @@ _openvpn_up() {
_openvpn_down() { _openvpn_down() {
# Terminate OpenVPN process # Terminate OpenVPN process
pkill -f "openvpn --config ${config["ConfigFile"]}" || true pkill -f "openvpn --config ${config["ConfigFile"]}" || true
_endpoint_routes_del || true _endpoint_route_del || true
# Safety-net cleanup in case the --down callback was never invoked # Safety-net cleanup in case the --down callback was never invoked
_routing_del || true _routing_del || true
} }
@@ -670,7 +595,7 @@ _openpvn_postdown() {
if bashio::config.true 'vpn_upnp_enabled'; then if bashio::config.true 'vpn_upnp_enabled'; then
_firewall_del || true _firewall_del || true
fi fi
_endpoint_routes_del || true _endpoint_route_del || true
} }
openvpn() { openvpn() {
@@ -700,7 +625,7 @@ openvpn() {
config["Interface"]="${interface}" config["Interface"]="${interface}"
config["ConfigFile"]="${config_file}" config["ConfigFile"]="${config_file}"
config["Table"]="${config["Table"]:-1000}" config["Table"]="${config["Table"]:-1000}"
config["EndpointRoutesFile"]="${OPENVPN_STATE_DIR}/endpoint-routes" config["EndpointIPFile"]="${OPENVPN_STATE_DIR}/endpoint-ip"
config["PostUpScript"]="${OPENVPN_STATE_DIR}/up.sh" config["PostUpScript"]="${OPENVPN_STATE_DIR}/up.sh"
config["PostDownScript"]="${OPENVPN_STATE_DIR}/down.sh" config["PostDownScript"]="${OPENVPN_STATE_DIR}/down.sh"