WireGuard VPN Watchdog?

[HarryMuscle]

Just wondering what peoples comments are about whether a WireGuard VPN watchdog is needed or useful? I know the firmware checks if data is being received over the WireGuard VPN tunnel and restarts the WireGuard client if it's not receiving any data but from testing I determined that it only cares about this when the tunnel is first established. For example if some data is received but then the tunnel stops receiving data it will not restart the client. However, since WireGuard is quite different from OpenVPN, I'm wondering if a better watchdog that keep monitoring the tunnerl is even needed or useful or if restarting the client makes zero difference.

So I'm wondering if people encounter situations where a WireGuard tunnel stops working and they have to reboot their router to get it working again? If so, then I think a better watchdog might prove useful.

Thanks,
Harry

 

[L&LD]

Watchdog not needed, not useful. (I don't think it is possible).

 

[ZebMcKayhan]

So I'm wondering if people encounter situations where a WireGuard tunnel stops working and they have to reboot their router to get it working again? If so, then I think a better watchdog might prove useful.

If it stops working, reconnect won't do you any good. Wireguard is connection-less so nothing changes when reconnecting.

 

[ZebMcKayhan]

Just wondering what peoples comments are about whether a WireGuard VPN watchdog is needed or useful? I know the firmware checks if data is being received over the WireGuard VPN tunnel and restarts the WireGuard client if it's not receiving any data but from testing I determined that it only cares about this when the tunnel is first established. For example if some data is received but then the tunnel stops receiving data it will not restart the client. However, since WireGuard is quite different from OpenVPN, I'm wondering if a better watchdog that keep monitoring the tunnerl is even needed or useful or if restarting the client makes zero difference.

So I'm wondering if people encounter situations where a WireGuard tunnel stops working and they have to reboot their router to get it working again? If so, then I think a better watchdog might prove useful.

Thanks,
Harry

The only thing I've found occasionally needed was to re-resolv the Endpoint if it is in the form of a domain name.

#!/bin/sh

ClientNr=1
wg set wgc"$ClientNr" peer $(nvram get wgc"$ClientNr"_ppub) endpoint $(nvram get wgc"$ClientNr"_ep_addr):$(nvram get wgc"$ClientNr"_ep_port)

Does just that. I have it executing each night to keep Endpoint ip up to date.

 

[Jeffrey Young]

Just to weigh in..... I have a 24/7 WG tunnel to a Oracle VM WG Server. For what ever reason, I do occasionally loose communications. I use a ping test to the wg server every 15 minutes via a cron job. If the ping test fails (15 tries, 1 second apart), simply turning down the client (my router), then turning up again resolves the issue.

 

[ZebMcKayhan]

I have a 24/7 WG tunnel to a Oracle VM WG Server. For what ever reason, I do occasionally loose communications.

Just FYI, I also have this tunnel to an Oracle instance and I don't have this problem. It just works day after day, month after month. Not sure that it adds any value for you though.

Long time ago I made something similar, back in the S50Wireguard days: https://www.snbforums.com/threads/e...-hnd-platform-4-1-x-kernels.46164/post-668890
I know I've found the issue and abandoned it a couple of month later but now I can't remember what the issue was.

Guess there is a point of checking and restarting to get around these issues atleast until the real cause is found and fixed.

 

[Jeffrey Young]

Just FYI, I also have this tunnel to an Oracle instance and I don't have this problem. It just works day after day, month after month. Not sure that it adds any value for you though.

Long time ago I made something similar, back in the S50Wireguard days: https://www.snbforums.com/threads/e...-hnd-platform-4-1-x-kernels.46164/post-668890
I know I've found the issue and abandoned it a couple of month later but now I can't remember what the issue was.

Guess there is a point of checking and restarting to get around these issues atleast until the real cause is found and fixed.

LOL. I only get a loss of comms every blue moon - so to speak. My script also emails me when a restart was required. Has not happened now for a few months.

If you manage to shake the cobwebs free upstairs and remember your specific issue and resolution, I would appreciate it. Might be useful.