search

louislam / uptime-kuma

A fancy self-hosted monitoring tool
https://uptime.kuma.pet
MIT License
56.83k stars 5.12k forks source link

Wireguard endpoint availability testing #4350

Open flowli opened 9 months ago

flowli commented 9 months ago

⚠️ Please verify that this feature request has NOT been suggested before.

🏷️ Feature Request Type

New Monitor

🔖 Feature description

Since https://www.wireguard.com is part of the linux kernel it is widely adopted and will probably grow in the future.

This feature would allow to add a monitor for a Wireguard endpoint, determining if Uptime Kuma is able to receive a UDP package from a publicly reachable Wireguard endpoint.

✔️ Solution

I am no UDP or Wireguard expert, but I assume one could send a UDP package to an endpoint to provoke a reaction which could be tested.

❓ Alternatives

No response

📝 Additional Context

No response

RedPine404 commented 8 months ago

@flowli The wireguard protocol is designed to be silent and invisible unless proper authentication has been performed during the client handshake. Refer to https://www.wireguard.com/protocol/ for more technical details. UDP is also a connectionless protocol designed for time sensitive communications meaning it does not perform handshakes like TCP does and thus would not reply to the UDP traffic that initiated communication. If you'd like to monitor a wireguard endpoint I recommend establishing a wireguard connection on the host machine and setting the VPN peer's wireguard interface (often wg0) IP address in the hostname field on a ping monitor. This will send ICMP traffic within the tunnel and solicit a response from the endpoint that can be monitored in Uptime Kuma. Do note that if running Uptime Kuma in a container, you may need to make modifications to your firewall rules to allow the traffic to pass from the container through the wireguard interface.

flowli commented 8 months ago

@RedPine404 Thank you for the clear and exhaustive response :)