search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 69 forks source link

Force endpoint address update when reenabling an interface #27

Open evil-dog opened 4 years ago

evil-dog commented 4 years ago

This is a feature request.

By design wireguard only resolves the IP of the endpoint once when an interface is first configured. When you disable and reenable the interface the address is not re-resolved since the wireguard config is not used to disable and enable the interface, that is done at the OS level.

It would be helpful for dynamic ip address endpoints for the endpoint address to be resolved again when an interface is enabled after being disabled.

Lochnair commented 4 years ago

There was a suggestion back on the old repo to add a reresolve-interval node to the peers, that would - on a certain interval resolve the endpoint again.

As a workaround you could always add a task-scheduler task to update the peer.

whiskerz007 commented 3 years ago

@evil-dog As of 1.0.20210219-2, disabling and enabling the peer will give you the desired results.

miathedev commented 2 years ago

Ok, thats a solution - but to be honest - its not really satisfying. I have the issue too. Sth like a reresolve-interval would be really useful.

I dont think disableing/enabling the peer is a good idea.

miathedev commented 2 years ago

I need some help:

I created the following script to re-add the peer if a ping was not possible:

#!/bin/vbash

http_code=$(curl --max-time 2 -LI 192.168.33.1:443 -o /dev/null -w '%{http_code}\n' -s)
if [ ${http_code} -eq 400 ]; then
    echo "Everything running like it should"
    exit 0
fi
echo "Service are not online, going for a restart of wg0"     
source /opt/vyatta/etc/functions/script-template

configure
delete interfaces wireguard wg0 peer PUBKEY endpoint mysubdomain.myfritz.net:51820
delete interfaces wireguard wg0 peer PUBKEY allowed-ips 192.168.33.1/32
commit

configure
set interfaces wireguard wg0 peer PUBKEY endpoint mysubdomain.myfritz.net:51820
set interfaces wireguard wg0 peer PUBKEY allowed-ips 192.168.33.1/32
commit
save
exit

And i added a task:

configure
set system task-scheduler task REBOOT crontab-spec '*/1 * * * *'
set system task-scheduler task REBOOT executable path /config/scripts/recreatewg.sh
commit
save
exit

But however, the script is not executed because it cant find "configure". How do i fix that?

With kind regards, Mia

Lochnair commented 2 years ago

@miathedev I don't remember the other way to do this that looks more like typical CLI commands, but this works as well:

#!/bin/bash
cw=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper
$cw begin
$cw set system name-server 9.9.9.9
$cw commit
$cw end