Fix OpenVPN broken by unconditional firewall rules; guard _firewall_add/del behind vpn_upnp_enabled; bump version to 5.1.4-19

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com> Agent-Logs-Url: https://github.com/alexbelgium/hassio-addons/sessions/cd0a7e2e-8b4d-4fe1-9ddc-64a8127f64cf
2026-04-10 00:20:00 +02:00 · 2026-03-24 10:28:49 +00:00
parent 8788fb2601
commit cdbf511aca
2 changed files with 19 additions and 9 deletions
--- a/qbittorrent/config.yaml
+++ b/qbittorrent/config.yaml
@@ -143,4 +143,4 @@ schema:
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.1.4-18"
+version: "5.1.4-19"
--- a/qbittorrent/rootfs/usr/local/sbin/vpn
+++ b/qbittorrent/rootfs/usr/local/sbin/vpn
@@ -347,8 +347,10 @@ _wireguard_up() {
    # Add routing rules for VPN interface and DNS servers
    _routing_add || return 1
-    # Add firewall rules for VPN interface
+    # Add firewall rules for VPN interface (only when UPnP port mapping is enabled)
-    _firewall_add || return 1
+    if bashio::config.true 'vpn_upnp_enabled'; then
        _firewall_add || bashio::log.warning "Firewall rules could not be applied (non-fatal)."
    fi
    # Update resolv.conf with VPN DNS servers
    _resolvconf "update" || return 1
    # Wait for handshake to be established before returning success
@@ -360,8 +362,10 @@ _wireguard_down() {
    _resolvconf "reset" || true
    # Remove routing rules for VPN interface and DNS servers
    _routing_del || true
-    # Remove firewall rules for VPN interface
+    # Remove firewall rules for VPN interface (only when UPnP port mapping is enabled)
-    _firewall_del || true
+    if bashio::config.true 'vpn_upnp_enabled'; then
        _firewall_del || true
    fi
    _cmd "ip link set ${config["Interface"]} down" 2>/dev/null || true
    _cmd "ip link del ${config["Interface"]}" 2>/dev/null || true
@@ -521,13 +525,17 @@ _openvpn_up() {
 _openvpn_down() {
    # Terminate OpenVPN process
    pkill -f "openvpn --config ${config["ConfigFile"]}" || true
    # Safety-net cleanup in case the --down callback was never invoked
    _routing_del || true
 }
 _openpvn_postup() {
    # Add routing rules for VPN interface and DNS servers
    _routing_add || return 1
-    # Add firewall rules for VPN interface
+    # Add firewall rules for VPN interface (only when UPnP port mapping is enabled)
-    _firewall_add || return 1
+    if bashio::config.true 'vpn_upnp_enabled'; then
        _firewall_add || bashio::log.warning "Firewall rules could not be applied (non-fatal)."
    fi
    # Update resolv.conf with VPN DNS servers
    _resolvconf "update" || return 1
 }
@@ -537,8 +545,10 @@ _openpvn_postdown() {
    _resolvconf "reset" || true
    # Remove routing rules for VPN interface and DNS servers
    _routing_del || true
-    # Remove firewall rules for VPN interface
+    # Remove firewall rules for VPN interface (only when UPnP port mapping is enabled)
-    _firewall_del || true
+    if bashio::config.true 'vpn_upnp_enabled'; then
        _firewall_del || true
    fi
 }
 openvpn() {