FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

13244 questions

15731 answers

25394 comments

49875 members

0 votes
86 views 2 comments
by

Hello,

In client mode Wireguard has excellent performance and works very well. Until it doesn't that is ... If the public IP address of the server at the other end changes the tunnel stays completely stuck the DNS name is never re-resolved after the configuration phase.

Using a ping reboot is dubious one risks a reboot loop each time the network fails or the server undergoes a maintenance operation ...

A much better solution is to check via cron the "latest handshake" field and just restart the network if the value goes above a threshold.

If someone is interested the script is here and the crontab entry is below:

*/10 * * * * wg | awk -f /etc/awg.awk

The script uses kdig, install it via opkg update;opkg install knot-dig. Tested with IPv4 only.

Regards,

1 Answer

0 votes
by
Hello,

Thank you for another valuable suggestion.

The development team is informed about it for further consideration.

Best regards,
by
Of course a similar logic applies to IPSEC and others VPN protocols.