> On Nov 15, 2024, at 16:22, obs...@loopw.com wrote: > > there are situations where stateful firewalls can forget about the wireguard > session, but one or more of the peers remember it. Even wireguard’s > keepalive wont fix that situation.
From a technical perspective, wouldn’t it make sense for the wg interface to refresh the connection if the tunnel goes stale? From the “ifconfig” man page: wgpka interval:... Set the interval of persistent keepalive packets in seconds. ... They can be used to maintain connectivity to a peer otherwise blocked to unsolicited traffic by an intermediate firewall or NAT device. I guess the problem with such a solution would be coming up with a health check since each tunnel has a unique configuration? If memory serves, I think I ran into similar issues long ago in the past and had a script to refresh ssh tunnels (even with keepalives were set). > (I’d share my script but its in a form that pulls in libraries from a common > library at work - which I definitely cant share. I can rewrite the functions > it uses and publish a public variant of the script, maybe I will someday. > Back to your world, I also suspect that this functionality might already > exist in some form, e.g. scripted in via ifstated) I think ifstated will be my next step. I have a known vpn server IP that could be used for a health check. Thanks for the suggestions everyone! Will
