From 7af9f960d1e14a4b8bd2a1f41e086b42c91ad5b4 Mon Sep 17 00:00:00 2001
From: Riccardo Manfrin <riccardomanfrin@gmail.com>
Date: Wed, 13 May 2026 09:48:53 +0200
Subject: [PATCH] Fixup [::]:port socket trying to send to v4

---
 client/internal/rosenpass/manager.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/client/internal/rosenpass/manager.go b/client/internal/rosenpass/manager.go
index 11cda8dbc..f3718baed 100644
--- a/client/internal/rosenpass/manager.go
+++ b/client/internal/rosenpass/manager.go
@@ -79,6 +79,15 @@ func (m *Manager) addPeer(rosenpassPubKey []byte, rosenpassAddr string, wireGuar
 		if pcfg.Endpoint, err = net.ResolveUDPAddr("udp", peerAddr); err != nil {
 			return fmt.Errorf("failed to resolve peer endpoint address: %w", err)
 		}
+		// Our local Rosenpass UDP server binds on the IPv6 wildcard ([::]) — see
+		// GetAddress(). The remote peer's endpoint (pcfg.Endpoint) is the destination
+		// our server will sendto when initiating handshakes. ResolveUDPAddr returns a
+		// 4-byte IPv4 for IPv4 hosts, which the kernel rejects (EDESTADDRREQ) when
+		// sent from an AF_INET6 socket. Normalize the remote endpoint to IPv4-mapped
+		// IPv6 so its address family matches our listening socket.
+		if v4 := pcfg.Endpoint.IP.To4(); v4 != nil {
+			pcfg.Endpoint.IP = v4.To16()
+		}
 	}
 	peerID, err := m.server.AddPeer(pcfg)
 	if err != nil {