Dear all,
I came across an issue that might also happen to you. My LTE procider is only giving me a 10.0.0.0/8 private IP address with int mobile network. That means I can not reach my router throughout the internet. IPv6 is also not given.
That is why I do need a VPN Solution. I played around a lot with wireguard and established a connection between my home Server and my router.
Unfortunatly my provider changes my IP address once a day. That said, it leads to an issue on my VPN. Cause the dynDNS entry to my home server is updated. But even having the persistance flag set the Wireguard on the RUT keeps the connection to the old IP up and running and I lose the connection.
To overcome that issue I wrote a simple script that checks the IP of my dyndns entry with the IP configured within the wireguard configuration.
When a change is detected the config is written into a tmp file, the IP adress is replaced and a config sync triggered.
That leads to a time of almost 20 minutes of no connection, but for my private use that is tottaly acceptable.
#!/bin/ash
# GET INTERFACE INFORMATION
INT_NAME="otto"
VPN_SRV="homeserver3345.dyndns.org"
# initial waiting timer
sleep 180
# loop
while true
do
# GET VPN SERVER IP ADDRESS
EXT_IP=$(nslookup $VPN_SRV | grep "Address 1:" | awk '{ print $3 }')
# GET CONFIGURED ENDPOINT ADDRESS
ENDPOINT=$(wg showconf $INT_NAME | grep Endpoint | awk '{ print substr($3, 1, length($3)-6) }')
LISTENPORT=$(wg showconf $INT_NAME | grep Endpoint | awk -F":" '{ print $2}')
# COMPARE AND DECIDE WHAT TO DO
# 1. IPs differ - write the config on /tmp alter the endpoint to the new on and sync
# 2. do nothing
if [ $EXT_IP != $ENDPOINT ]; then
# write config to tempfile
wg showconf $INT_NAME > /tmp/$INT_NAME.cfg
# replace endpoint with IP with new IP
sed -i "s/Endpoint =.*/Endpoint = $EXT_IP:$LISTENPORT/g" /tmp/$INT_NAME.cfg
# sync config and restart tunnel
wg syncconf $INT_NAME /tmp/$INT_NAME.cfg
# delete config file
rm /tmp/$INT_NAME.cfg
fi
sleep 300
done
Feel free if you have a better suggestion on the configuration to keep a tunnel persistant with both sides on dynamic IPs.
Greetings,
Phi