On 2024/12/18 19:51, Lloyd wrote: > A potential workaround to this is to have a cron job which monitors the > latest handshake time and restarts the interface if it ages beyond a > reasonable value (say 5 minutes). I believe keepalives are required to > be enabled for this to work properly.
Restarting the whole interface is disruptive to other endpoints. Removing and readding a single peer would work, I think, though it would be nicer for scripting if there was a way to explicitly unset the endpoint for a peer (e.g. ifconfig wg0 wgpeer XX -wgendpoint) without touching the rest of configuration. > My hope is that as the wg protocol matures, this be considered a feature > enhancement whereby you can place a maximum aged handshake into the .conf > file, after which it will give up shouting into the void, rather then > resorting to ugly hacks such as the script mentioned above. I think this could probably be done in an implementation without changes to the protocol.
