opnsense
Please add option to support automatic reconnect when using wireguard with dynamic IP/DNS
Helly everybody,
at the moment, wireguard does not support automatic reconnect when a peer is configured with a fqdn which points to a dynamic ip.
So, the problem is, that with every IP-change, one must restart the wg-connection manually. Minimum once per month when updating to a new opnsense-version because of reboot and new WAN-IP. If you are cursed with a unstable connection, bad power grid or your provider performs ip-address changes regularly, you will go crazy.
I know, that there are some workarounds (scripts) out there, but it would be nice to see this as a native feature in opnsense, even if its not a native feature of wg itself. Could you please add a watchdog which will restart a wg-connection if a ip change is detected automaticaly?
To prevent periodic DNS-requests, i think it would make sense to periodically check the availability of the tunnels remote-gateway and if this is not available for a speicific period of time, a DNS-request should be performed.
Thanks.
Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
IMHO this is a classical job for monit, nothing that needs to be fixed upstream.
Thanks for reply. Yes, you are right, this could be a possible solution and i will try this.
IMHO a professional site2site VPN-solution should be able to restore tunnels by itself, without the need of workarounds. It would be nice if this could be implemented in the wireguard-plugin itself.
Thanks for reply. Yes, you are right, this could be a possible solution and i will try this.
IMHO a professional site2site VPN-solution should be able to restore tunnels by itself, without the need of workarounds. It would be nice if this could be implemented in the wireguard-plugin itself.
No, it should be supported by the VPN application itself, like it is within OpenVPN or IPsec. Only cause everyone hypes WireGuard doesn't mean it's better than the others. It's only faster on low-cost cpu's
I dont hype wireguard. Anyway, i just use it for some kind of reasons.
I aggree that such a feature should be handled by the VPN application itself. However its not implemented in the application yet.
I dont want to force my request, but i am sure my request is not some kind of special usecase. There are some threads in the opnsense forum about this topic so i think a lot of people strugle with this behaviour.
I think it would make sense to think about a extention of os-wireguard with a small scripted watchdog.
This can be done by a cronjob once this is release: https://github.com/opnsense/plugins/pull/2956
Monit can also be used to execute the script in /usr/local/opnsense/scripts/OPNsense/Wireguard/resolve-dns.bash.
This can be done by a cronjob once this is release: https://github.com/opnsense/plugins/pull/2956 Monit can also be used to execute the script in
/usr/local/opnsense/scripts/OPNsense/Wireguard/resolve-dns.bash.
@budimanjojo can you explain how?
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.