wireguard-vyatta-ubnt icon indicating copy to clipboard operation
wireguard-vyatta-ubnt copied to clipboard

Published 20 hours ago verified publisher icon WireGuard

Force endpoint address update when reenabling an interface

Open evil-dog opened this issue 4 years ago • 5 comments

This is a feature request.

By design wireguard only resolves the IP of the endpoint once when an interface is first configured. When you disable and reenable the interface the address is not re-resolved since the wireguard config is not used to disable and enable the interface, that is done at the OS level.

It would be helpful for dynamic ip address endpoints for the endpoint address to be resolved again when an interface is enabled after being disabled.

evil-dog avatar Jun 02 '20 14:06 evil-dog

There was a suggestion back on the old repo to add a reresolve-interval node to the peers, that would - on a certain interval resolve the endpoint again.

As a workaround you could always add a task-scheduler task to update the peer.

Lochnair avatar Jun 14 '20 11:06 Lochnair

@evil-dog As of 1.0.20210219-2, disabling and enabling the peer will give you the desired results.

whiskerz007 avatar Mar 05 '21 15:03 whiskerz007

Ok, thats a solution - but to be honest - its not really satisfying. I have the issue too. Sth like a reresolve-interval would be really useful.

I dont think disableing/enabling the peer is a good idea.

miathedev avatar Oct 02 '21 15:10 miathedev

I need some help:

I created the following script to re-add the peer if a ping was not possible:

#!/bin/vbash

http_code=$(curl --max-time 2 -LI 192.168.33.1:443 -o /dev/null -w '%{http_code}\n' -s)
if [ ${http_code} -eq 400 ]; then
    echo "Everything running like it should"
    exit 0
fi
echo "Service are not online, going for a restart of wg0"     
source /opt/vyatta/etc/functions/script-template
     
configure
delete interfaces wireguard wg0 peer PUBKEY endpoint mysubdomain.myfritz.net:51820
delete interfaces wireguard wg0 peer PUBKEY allowed-ips 192.168.33.1/32
commit


configure
set interfaces wireguard wg0 peer PUBKEY endpoint mysubdomain.myfritz.net:51820
set interfaces wireguard wg0 peer PUBKEY allowed-ips 192.168.33.1/32
commit
save
exit

And i added a task:

configure
set system task-scheduler task REBOOT crontab-spec '*/1 * * * *'
set system task-scheduler task REBOOT executable path /config/scripts/recreatewg.sh
commit
save
exit

But however, the script is not executed because it cant find "configure". How do i fix that?

With kind regards, Mia

miathedev avatar Oct 03 '21 10:10 miathedev

@miathedev I don't remember the other way to do this that looks more like typical CLI commands, but this works as well:

#!/bin/bash
cw=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper
$cw begin
$cw set system name-server 9.9.9.9
$cw commit
$cw end

Lochnair avatar Oct 03 '21 11:10 Lochnair